Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: nickha on June 17, 2022, 10:16:02 PM
-
Hello,
Today while I was using Google.com, I got a pop-up from avast that said "We've safely aborted connection on google.com because it was infected with URL:CardStealer.
I had simply typed in the name of a philosopher in the URL bar and pressed Enter, like I do with all searches, when this appeared. The infection was not in the first result of the search (which sometimes happens), because then Avast would have said "aborted connection with xxxxx.com."
I ran a Malwarebytes scan, and it found no malware on my laptop. Later searches were ok.
The only extensions I have on Chrome are Avast and Google Docs. Any idea what happened? Should I be worried? Is this some new kind of trojan that can infect actual google.com pages?
-
I guess that you didn't do a screen capture (in your haste to exit), as using google.com presumably wasn't the cause of the alert. I have just connected to google.com without an alert.
What were you doing on google.com at the time ?
Unfortunately there is insufficient information to say why you got the alert.
-
Unfortunately, I didn't do a screenshot, but I know exactly what I was doing previously. I was on quora.com, reading the answers to https://www.quora.com/Is-homophobia-prevalent-in-Nordic-countries, when I typed "gianni vattimo" in the upper bar and pressed Enter, and then the rest happened at 20:38 (8:38 PM).
Before that, I had been doing other searches on google, and I'd clicked on the following legit sites within the previous five hours, along with some Twitter and Facebook:
https://www.fininfo.hr/Poduzece/Pregled/rubic/Detaljno/37958
https://www.vecernji.hr/kultura/novi-gordogan-posvecen-je-hrvatskim-grbovima-a-kao-jedan-od-autora-istice-se-i-ivo-sanader-1223327
https://www.hrw.org/news/2022/01/26/afghanistan-taliban-target-lgbt-afghans
https://issuu.com/kunsthogeschool/docs/faf21_brochure_ma_v07_issuu_2/s/13594616
https://www.srednja.hr/faks/donosimo-place-sveucilisnih-asistenata-docenata-profesora-evo-koliko-mjesecno-zaraduju/
There had been a previous attempt at infection with URL:Botnet five hours earlier, from a google pictures search, which Avast successfully aborted. I didn't click on any links, just clicked on a couple of pictures to enlarge them on the right of the screen. The source of the attempted infection was "img.movienco.co.uk" but, as I said, it had been safely aborted at 15:22 (3:22 PM) and it was five hours earlier.
It looks like the later, 20:38 infection was stopped twice within the same minute, as Avast gives me two identical notifications in History: "We've safely aborted connection on www.google.com because it was infected with URL:CardStealer. 17 Jun 2022 20:38" (both at that time; however, I only got one pop-up warning from Avast at the time it happened).
Sadly, i don't have that screenshot from the immediate Avast pop-up with the detailed info.
-
Unfortunately I'm unable to replicate it, no alert on google or on the quora link when searching for gianni vattimo.
The problem with image links, you don't know the URL it might be going to, if it is going to img.movienco.co.uk then Avast Alerts. So it may have been the images loading (or attempting to load the image) from an unrelated site that triggers the alert (image3)
Just a point of note when posting links don't use the http or www prefixes as it make the link active to avoid accidental exposure to a suspect site.
-
I had the same pop up last night.
I booted my computer up normally as any other time, first thing I did was open Google Chrome to go on YouTube and Avast popped up with "We've safely aborted connection on www. google. com because it was infected with URL:CardStealer". This was the first time this has ever happened (on google of all places as well??). After looking around on the internet I didn't find any other reported cases of this (apart from OP's post now), the only thing that came up was a new variant of Emotet but I don't think I could've possibly been infected as I don't open any emails on this pc or visit any out of the ordinary websites. Ran a full scan on the pc, nothing came up, no weird processes or anything like that.
-
Again a screenshot gives crucial information, without detailed information (as in the above replies) answers would be speculation.
-
This happened to me last night. I've been trying to contact AVAST with no luck as the scan says I'm OK, but I'´m getting these messages time to time on different pages, one of them, Google
Thanks for your help!
-
This happened to me last night. I've been trying to contact AVAST with no luck as the scan says I'm OK, but I'´m getting these messages time to time on different pages, one of them, Google
Thanks for your help!
I have replied in your own topic - https://forum.avast.com/index.php?topic=320382.0
It is best (easiest) to keep everything together in one topic, including these screenshot attachments..
-
Thank you DavidR
Will use my own thread then
-
Hello,
Today while I was using Google.com, I got a pop-up from avast that said "We've safely aborted connection on google.com because it was infected with URL:CardStealer.
I had simply typed in the name of a philosopher in the URL bar and pressed Enter, like I do with all searches, when this appeared. The infection was not in the first result of the search (which sometimes happens), because then Avast would have said "aborted connection with xxxxx.com."
I ran a Malwarebytes scan, and it found no malware on my laptop. Later searches were ok.
The only extensions I have on Chrome are Avast and Google Docs. Any idea what happened? Should I be worried? Is this some new kind of trojan that can infect actual google.com pages?
Hi,
Have you simply tried cleaning your browser?
If a page in the cache is infected, it may be called every time and the web shield alerts you without a full avast or malwarebytes scan detecting anything.