hourly popups of Threat Secured

[C J]

I'm trying out Avast Free on win7 home  64bits, Avast ver. 24.1.6099, Virus defs. ver. 240221-8.

I'm getting a Threat Secured popup at 16 minutes after every hour.  The popups say a connection was aborted by svchost.exe to http://190.2.139.23/wpad.dat and that a Trojan Horse threat was involved.

The system log always shows (WinHttpAutoProxySvc) having been started at that time.

Also, the Task Scheduler shows ...\AvastBrowserUpdate.exe scheduled to run at that time, and if I run it manually from the Task Scheduler, I also get the popup.  I get another similar popup after each boot, no others.

Scans of my system by both Avast and Malwarebytes do not find any infections.  What to do?

[mchain]

Did you uninstall the old antivirus, if any, first?

[EDIT:]  Website is old and has been reported here before:

• https://quttera.com/detailed_report/190.2.139.23
• https://www.virustotal.com/gui/url/18a3b61b33ae507886a1efd6e63f1db62534e10bb5db1e18893d9d2e249c71aa?nocache=1
• https://sitecheck.sucuri.net/results/190.2.139.23/wpad.dat]
• https://www.ipqualityscore.com/threat-feeds/malicious-url-scanner/http%3A%2F%2F190.2.139.23%2Fwpad.dat
• https://scan.safetoopen.com/?id=18a3b61b33ae507886a1efd6e63f1db62534e10bb5db1e18893d9d2e249c71aa

[JGram]

Is nuking it and doing a fresh OS install an option?

Are you sure your install is fully patched? Are you running deep/full scans or quick scans?Running anything misc. legacy on that system? Asking because win7 is pretty dated, not throwing stones.

Also, see if you can disable Avast Browser in the Avast app, and check your startup lists to make sure Avast Browser isn't on it.

[C J]

Thanks much to JGram and mchain for your guidance.

I agree that Win7 is dated and I will have to dispense with it someday, but for now ...

The ipqualityscore site did find 2 checkers that rated the IP as Malicious, but also lots that didn't?  To the best of my awareness, the Web Proxy Auto-Discovery (WPAD) service hasn't been used on this system till installing Avast, and even then its use appears to be limited to only the Avast Browser updating itself.  I doubted the Avast Browser was looking somewhere bad to do its update, and expected that the Avast antivirus product was doing what it should.  Time to learn more of what WPAD does and why it thought the mentioned IP should be looked at.

I haven't come across any UI method of shutting down the Avast Browser.  I am almost always a Firefox user.

[mchain]

Not aware of any issues with Avast Secure Browser using WPAD to update itself here.

If you disable add-ons for  ASB do the alerts go away?  (Back up bookmarks first)  Re-enable add-ons one at a time, are all clean?  Uninstall ASB do alerts cease?

(Reason for backing up bookmarks is so as to be able to restore later if needed.)