Author Topic: I've been getting Multiple threats a day & have no idea how to stop it, help pls  (Read 10466 times)

0 Members and 1 Guest are viewing this topic.

Offline skeee

  • Newbie
  • *
  • Posts: 12
Hi,

I have Avast Anti Virus Free, have had it for years and since a few days I've been getting a multiple threats secured screen a few times a day. I've been trying to get more details about it, to know how to deal with it but I can't find any... maybe you guys can help me.

I'd like to know if it's a web attack because it seems to happen when safari is open, though there is no pop-up window, add, etc... It sometimes happens when youtube only is open, as I'm watching a documentary I get a pop up from avast saying that they've blocked a threat, most of the time it's URL:Mal.

Is this coming from the web, from Safari ? Is it coming from my computer, is it infected ? An app, email, one of my downloads ? I'm not really sure and don't know where to look to get rid of this.
I'm gonna post a screenshot of what I've been getting for 3 days now multiple times a day.

I hope someone can help me figure this out so that I can get rid of it.  Thanks in advance

Offline skeee

  • Newbie
  • *
  • Posts: 12
More threats secured today, even with no browser turned on, which makes me think that something has been installed in my computer that tries to communicate with a website and download stuff.

Does anybody have any idea or can help ? I am lost here
When I get an Avast Web shield Pop up it lists Website and Process, what are these ?

I suppose website is the site it's trying to communicate with and process lists a file within my computer, I scanned it with Avast and it sees no problem.

What else can I do ? Should I delete this file ? It's called PT.updd

Does anyone know what I should do ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
This is usually an indication of an underlying infection (hidden or undetected) and avast is preventing it from calling home, etc.

-  This needs further analysis by a malware removal specialist:
Go to this topic https://forum.avast.com/index.php?topic=194892.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
From the screen shots it looks as he is using a Mac and safari browser or am i wrong ?


PT.updd may be related to a program called popcorn time





« Last Edit: July 08, 2020, 07:42:31 PM by Pondus »

Offline skeee

  • Newbie
  • *
  • Posts: 12
Yes I am using Safari and a Mac, and I read somewhere else that this file might be related to Popcorn Time but I've had Popcorn Time for years and never had a problem.
Could this have been attached to a movie as it is downloaded through Popcorn Time ?

Offline skeee

  • Newbie
  • *
  • Posts: 12
DavidR sorry don't know how to respond under your message or if even possible.

But I did read the link before you sent it earlier today, and I downloaded Malwarebytes free for Mac, installed it, and went to settings but there is no Security tab, no Scan options so I could not enable "Scan for rootkits". Maybe the Mac version doesn't have that option.

I did run the scan anyways, and it found nothing, no infection. Yet I just got 2 more threats blocked by Avast Web Shield.

Thanks for helping out, what else can I do ?

« Last Edit: July 08, 2020, 09:28:33 PM by skeee »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
DavidR sorry don't know how to respond under your message or if even possible.

Unfortunately the link that I gave is really geared up for Windows users and the volunteer malware removal specialists are for the most part windows users as are the tools in that topic.

But I did read the link before you sent it earlier today, and I downloaded Malwarebytes free for Mac, installed it, and went to settings but there is no Security tab, no Scan options so I could not enable "Scan for rootkits". Maybe the Mac version doesn't have that option.

I did run the scan anyways, and it found nothing, no infection. Yet I just got 2 more threats blocked by Avast Web Shield.

Thanks for helping out, what else can I do ?

You're welcome.

Unfortunately there isn't much advice I can give as I have never used a Mac.  For a long time Macs were somewhat immune to malware (protection through obscurity in a way) but not the case now.  But the tools for system analysis mentioned in the link haven't got a Mac variant.

All I can really suggest id disable the Popcorn Time for a period of time and see if that ceases to Avast Popups.

You could also try reporting these URLs avaxhome.ws and updpct.info as possible false positives.
Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.

General information o both sites:
https://sitecheck.sucuri.net/results/avaxhome.ws is considered a medium security risk.
https://sitecheck.sucuri.net/results/updpct.info considered a medium security risk.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline skeee

  • Newbie
  • *
  • Posts: 12
Unfortunately the link that I gave is really geared up for Windows users and the volunteer malware removal specialists are for the most part windows users as are the tools in that topic.

I was afraid you'd say that... :(

I'm gonna try deleting Popcorn time, I haven't used it in about a week, it's been off so it's not when I turn it on that I get these pop-ups... let's see if that helps


You could also try reporting these URLs avaxhome.ws and updpct.info as possible false positives.
Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.

What is a false positive if you don't mind ?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
<snip quotes>
What is a false positive if you don't mind ?


Any detection is a positive detection, but in some cases this detection could be wrong, this is known as a false positive.

There is also a term called a false negative, something that wasn't detected when in fact it should have been.

So these can occur for many different different things:
https://www.mathsisfun.com/data/probability-false-negatives-positives.html
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline skeee

  • Newbie
  • *
  • Posts: 12
Any detection is a positive detection, but in some cases this detection could be wrong, this is known as a false positive.

So you're saying that the sites that my malware is trying to contact could be False Positives because they are considered a medium-security risk?

It's a bit confusing... What would be the point of reporting them? To tell Avast not to block them because they are not a threat?

Does that mean that there is no risk with this thing trying to contact various websites from my computer?

Sorry for the questions, I'm a bit confused... Once again thanks for your help I really appreciate it

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
1.  I'm not saying that, I can't be sure there is malware on your system trying to get out, given your mention of Popcorn Time as a possible source of the connection attempts.  They aren't being detected because of their medium security risk, that is all that I (an avast user) found when checking out the site/s in the images you posted.  Avast would have their own criteria for the alert, but the fact that a site is a medium security risk, could leave it vulnerable to attack.

2.  The point of reporting it to avast is for the Virus Labs to investigate the detection.  If it were determined that it was a false positive detection, the virus definitions can be corrected (and others wouldn't get a false positive alert), if not it would remain.  So it isn't just about you in isolation.

3.  I can't determine risk and as I have mentioned, I don't know what is on your system trying to connect to these sites. I only have your comment about this happening whilst using Popcorn Time,  which is why I suggested disabling it to see if these connection alerts stopped.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline skeee

  • Newbie
  • *
  • Posts: 12
Ok, I see.

The thing is that Popcorn Time is not even on, I haven't used it in a week...

I have an app called AppDelete that deletes all files associated with an app when you wanna delete it and I ran Popcorn Time through it to check if PT.updd was associated and it's not, so I'm not sure now that it has anything to do with Popcorn Time... It's like shooting in the dark at this point...

I'm thinking about reformatting and re-installing everything... what a b*tch...

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
If it isn't on and you have deleted it and you are still getting the alerts, then it has to be something else.  What is going to be the real issue how to find that, I haven't any idea how to even start looking on a Mac.

As for reformat and reinstall, that at this point in time would be a sledgehammer to crack a nut and perhaps a little early.  If you have reported these two domains as a possible false positive, I would give that a little time before taking drastic measures.

I don't know if there are any Mac security based forums that would be another option.  I don't know if this might fit the bill, https://malwaretips.com/forums/other-security-for-macos-and-linux.60/ but it is certainly showing that the Mac isn't invulnerable to malware.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
google search  what is PT.updd

https://www.reddit.com/r/mac/comments/5hhup5/found_suspicious_selfdeleting_file_ptupdd/


==========================================================
It's Popcorn Time. My little snitch network monitor shows under PT.updd: upd-pct.info updpct.info updpopcorntime.xyz popcorntime-update.xyz
===============================================================


Quote
I'm thinking about reformatting and re-installing everything... what a b*tch...
And then it is back when you reinstall popcorn time. Why not try removing popcorn time and see what happens







Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Quote
I don't know if there are any Mac security based forums that would be another option.

Mac Malware Removal Help & Support
https://forums.malwarebytes.com/forum/165-mac-malware-removal-help-support/

also Geeks to Go  http://www.geekstogo.com/

« Last Edit: July 09, 2020, 04:01:39 PM by Pondus »