constantly message of connection aborted ... 21656496f07761af42.js

[Daniel F.]

Hi,
Using Chome, I found that every page I load, this file is trying to be loaded:

s3.amazonaws.com/jsfile/21656496f07761af42.js

even an empty html page, from my loaclhost.

It happen on both machines i have, with Chrome and the same user account, so all the extensions are loaded in both.

Is it loaded from an extension... ?
or something native from Chrome...?

is it a real virus...?

Thanks in advance.
Daniel.

[Asyn]

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

[Daniel F.]

...the logs...

[Michael (alan1998)]

Can you find and attach Addition.txt please? (Should be located in this folder: C:\Users\lenovo\Downloads)

Are you a developer by chance? I'm seeing a lot of webpage application software (Github, MySQL, HeidiSQL, HTTPD, etc).

Also, in an elevated command prompt (Right click -> "Run as Admin"), type the following command? netstat -a -n -b > output.txt

The file will be located in C:\Windows\System32\output.txt. Please attach that file as well.

[Daniel F.]

Yes, I'm a developer.

Attached are the required files.

Thanks.

[Michael (alan1998)]

Yes, I'm a developer.

Attached are the required files.

Thanks.

Sass Drake will be around likely before the end of the day.

I had a look at the JS code sitting on the AWS server. It's appeared heavily obfuscated.

[Pondus]

I had a look at the JS code sitting on the AWS server. It's appeared heavily obfuscated.

JS code scan 
https://www.virustotal.com/gui/file/79eee5ce26bf9b7f2114609846f2554cef7968e0ace2bdedaf5b0337092105a8/detection

Adware:JS/InjectorAd.A 
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Adware:JS/InjectorAd.A&ThreatID=258409

[Sass Drake]

Looks clean to me. Can you try to disable  Chrome extensions one by one until Avast detections stops?

[Daniel F.]

Well @Sass...
It looks like it is the extension "Best Draw.io Diagram Tool"
(https://chrome.google.com/webstore/detail/best-drawio-diagram-tool/cchkdgeljiellkglonkiciahfdhnpcen)

I'm thinking it's a wrapper (and fake) for draw.io...

Extension Details:

Description
draw.io is free online software for creating flowcharts and various diagrams.
Version
3.3
Size
< 1 MB
ID
cchkdgeljiellkglonkiciahfdhnpcen
Inspect views
No active views
Permissions
Read your browsing history
Site access
Allow this extension to read and change all your data on websites you visit:
On click
On specific sites
On all sites  << It is ON

Allow in incognito  [Off]
Warning: Google Chrome cannot prevent extensions from recording your browsing history. To disable this extension in incognito mode, unselect this option.
Allow access to file URLs  [Off]
Collect errors  [Off]

[Sass Drake]

Please report status when that extension is disabled.