URL:Mal & Other Popups

[REDACTED]

https://www.virustotal.com/#/url/6e461f141c0eb57c86c60a66d599ea759d26e580c0173dbe32d5c12b9d809a38/detection

I'm not sure what this site is that you're showing me.

hic.6125878[.]com
This is CoinHive In-Browser Miner Malware.Keep in mind this is a JS infection (malware is on this webpage that's why avast is blocking it) not a binary one.I and some other researchers on twitter have been seeing a steady uptick in miner malware.

Might have come from one those crap extension/infected webpage things that user's often install into their browsers by accident.Be wary of what you install and click on.There is a js:redirector somewhere in your system which is causing these connections to such sites (probably in your browser from what i can see in the logs)..Try flushing chrome cache and completely resetting it from the settings in chrome.

While you may have uninstalled it from the browser it may still have messed with chrome's pref file causing redirections to these places.

What's a "JS Infection"? These sites are popping up for me even when I'm not touching my browser at ALL. I haven't even had my browser open before and my antivirus ( be it Avast, AVG, or MWB ) has detected it. I can have my browser open and not browsing anything, only some tabs open, and one of these random popups show up saying that a connection was blocked.

I've uninstalled a few Chrome extensions as of right now. Should I still clear the cache? I've had the cache cleared before ( I think ) and Chrome 100% removed from my computer, but I re-installed my extensions and it still happened. I also formatted my computer a few months ago and the first two things I did were install AVG and Chrome; Chrome came with several defeault extensions in it ( Google-related products ) and AVG STILL gave me these warnings, when I was using AVG.

Before I typed this up, I have received four popups in the past 30 minutes, without browsing whatsoever, just having Chrome open. Three of them were one after the other, which I will include in this post. I've never even been to or heard of any of these websites.

[Pondus]

I'm not sure what this site is that you're showing me.

https://support.virustotal.com/hc/en-us/sections/115000720829-About-us

What's a "JS Infection"?

Malicious Java Script
URL:Mal = Blacklisted URL or IP

[Pondus]

If you want help, see post #5 from Asyn

Since it is comming from chrome, it may be related to > see post #6 from me

[REDACTED]

I did already attach my diagnostics and I have just been waiting. I also am wondering exactly what your post #6 would do; it seems like something I've already done since I have cleared out Chrome completely and still got all of the popups from website connections.

[Pondus]

I did already attach my diagnostics and I have just been waiting

OK i will notify somone

[Sass Drake]

Here are the requested text files. The scan with MWB was not with the trial version of the program, only the free, basic version.

What do you mean when you're asking "do I use other devices with Chrome"? Like a phone, laptop, or tablet? I use Chrome on my mobile phones but I do not have a data plan, I only use WiFi.

I have not tried this link's help yet ( https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ ) that you provided because the same one was posted to me on the MWB forums. I'm waiting for them to open the thread back up so I can ask more questions about it.

I'm not sure if that second link provided for me ( https://blog.malwarebytes.com/malwarebytes-news/2013/05/oh-the-sites-you-will-never-see/ ) can help or not, because I do not have the premium version of MWB anymore, and it is not an active protection program, it is only a scanner. It's not detecting anything anymore, but Avast still is, despite being a free version of it and not the paid service.

Try with disabling New XKit extension in CHrome. If it doesn't solve problem, then disable other extensions one by one until you found culprit.

[REDACTED]

I'll disable it, but... I really do need it. Would it be alright for me to try to look for a different version of xKit? As I did say, I had these notifications from other sites even with the default version of Chrome without any added extensions, except the Google ones already installed on it ( Drive, Documents, ect. ). I do not know how long it will take, too, for another blocked site notification to pop up; it's taken weeks sometimes without me seeing anything and then suddenly I do. I'm also wondering, how would this fix the problem? Or is this just isolating a possible place the problem is coming from?

[Sass Drake]

This is just isolating a possible place from where the problem is coming from.

[REDACTED]

Alright. I'll give it a few days, and check back in on how everything is doing then.

[REDACTED]

Had another message popup. I wasn't browsing as before.

[REDACTED]

Out of curiosity, too, how would any of my extensions be the problem? I did say a few times that I still got these notifications even with a fresh install of Chrome and only the default Chrome extensions on my browser, and nothing else downloaded but AVG and Chrome, from a clean installation of Windows 10.

[Sass Drake]

Then are ads on websites you visit are problem.

[REDACTED]

I've said this several times now; I've had this popup happen to me after downloading AVG, and then Google Chrome, only visiting the AVG and Chrome websites themselves, directly after a fresh install of Windows 10 and not visiting any other sites but the two, and still getting a notification. This was happening before and after I formatted my computer with that fresh install.

I have had this pop up when I am not internet browsing, but still have tabs open. I am not changing any of my pages. I still get these notifications that are attempting to do connections to other websites. I have only been to maybe one or two of the websites that these notifications have popped up for.

I do have an adblocker on, yes - uBlock Origin since AdBlock Plus sells your data and is known to allow ads through their program - but is this not blocking all ads then? How can it be ads when I haven't had Chrome open sometimes ( which is very rare for me ) but it STILL pops up? I've gone through several fresh installs of Chrome and it still happens, too. Some of them have even said it's coming from SKYPE, but I managed to block IP addresses and those stopped.

[REDACTED]

Just got another notification, but this time I WAS browsing; the official Blizzard forums, which I doubt is causing this. This issue has been happening for months now, is my computer just screwed?

[Sass Drake]

Do you have any other PC/laptop connected to same router and if you do does they have same problem?