avast traps Deloton hijacking attempt but how to stop attacks completely?

[REDACTED]

Hi there.  My copy of Avast successfully interrupts repeated attempts to take over my browser etc in Chrome on Win 10  - seems to be every time I open Chrome. 

But my question is, why does the attempt keep being tried?  Is it something that is resident on my PC or does Deloton just have my ip address and somehow externally detects when I run Chrome or what?

Obviously I am pleased and relieved that Avast detects it, but concerned that the attempted attacks keep on happening.

I have run a few malware removal tools like adwcleaner and malwarebytes itself but none detect the presence of Deloton on my machine.

Any help appreciated.

[Asyn]

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

[REDACTED]

Apologies - the malwarebytes scan was negative,  so I did not attach the log. Now appreciate that there might be info you still wanted to see - so now attached.  I also ran a Farbar  scan and both files now attached.

[Asyn]

OK, now you've to wait for one of the malware experts...

[REDACTED]

Sure - appreciate that

[REDACTED]

** Bump**

Sorry - not sure how long it takes to get a reply. Perhaps I'll should just keep waiting?

[Michael (alan1998)]

Hi,

I'm surprised Sass hasn't visited you yet. I'll send them a reminder immediately.

I'm so sorry

[Sass Drake]

Sorry for late response.

Can you make screenshot of Avast message/popup?

[REDACTED]

I would if I could, but I think Avast only pops up for 20 seconds as the default.  I might well have missed recent examples.  I have changed the alert to 120 seconds to increase the chances of my seeing it (I have a three monitor setup so not always working on the relevant screen).

It there an activity log that might help

Richard

[Sass Drake]

I don't see anything in FRST logs.



Please attach following file to your post.

C:\ProgramData\AVAST Software\Avast\report\WebShield.txt

[REDACTED]

OK here is the webshield.txt report.  You can see the relevant deloton attempts on 15 and 20 march.

Appreciate your continued support.

Richard

[Sass Drake]

Which websites you keep always opened in your browser?

[REDACTED]

I use Chrome and I normally have Gmail, Calendar, Contacts permanently pinned open. Otherwise I might pin a site or two because I am awaiting answers - like this site, maybe Amazon or a couple of forums like Lotus Cars or whatever.  I will close these as and when I have got what I was expecting.

[Sass Drake]

Report your findings please because Avast probably blocks some ad domain used by websites you use.

[REDACTED]

Er.. sorry report what findings?