Frequent Virus Alert - How to remove these URLs?

[Georgi27]

Hello,

Since the beginning of the year in certain periods of the day like the morning I constantly get bombarded that a "Threat has been neutralized"

Attaching photo of a recent threat: https://prnt.sc/wha3oc

The neutralized URLs are the same everytime - 4 or 5 at total.

Can you help to stop them totally?

[rocksteady]

@Georgi27
FYI. Best if you attach screenshots direct to your post using the "Attachments and other options link" you will see below the text box.
Some people on here are reluctant to visit 3rd party image sites to view them.

[Georgi27]

Thanks for the input but the thread is not targeted at the average Joe.
http://prnt.sc/ is a world renowned service

[DavidR]

Thanks for the input but the thread is not targeted at the average Joe.
http://prnt.sc/ is a world renowned service

Whilst that may be the case, attaching the images in the actual topic means no one has to visit an off site/forum link.

Also clicking the More Information in the Avast alert window gives more information on the source responsible for making the connection.  So a screenshot of that could help

[Georgi27]

Thanks for the input but the thread is not targeted at the average Joe.
http://prnt.sc/ is a world renowned service

Whilst that may be the case, attaching the images in the actual topic means no one has to visit an off site/forum link.

Also clicking the More Information in the Avast alert window gives more information on the source responsible for making the connection.  So a screenshot of that could help

Valid point. Excuse me.

Here is an expanded view. I tried to delete Skype but Windows didn't allow me.

[img=https://prnt.sc/wi0vjl][/img]

[DavidR]

You can't attach an external image in this way, use the Attachments and other options.

[Georgi27]

Second attempt.

[DavidR]

That's fine, now we can see the image within the forum.

Did you install Skype on your system and is/was it running when these alerts occur  ?

The reason I ask is I didn't think skype would need to be running if you weren't actually using it.
Second point, I actually connected to zunsoach.com directly and didn't get an Avast alert, effectively an empty page (Empty OK - see attached image).

So it must have something to do with the afu.php? string/parameters.

I personally don't have/use skype so I don't know why it would need to connect to this site zunsoach.com

Some issues reported on this check https://sitecheck.sucuri.net/results/zunsoach.com, which considered a Medium Security Risk. This may possibly be taken advantage of (hacking, etc.), but I don't know if this would be why avast alerts.

[Georgi27]

Yes, I installed Skype several months ago and ran it only once.
It's disabled from Startup so I don't think its running.
Yes, the sites that I get alerts for seem harmless but I seem to be 'infected' with something that tries to open them in certain time periods like shortly  after startup or late at night.   

[Michael (alan1998)]

zunsoach belongs to a series of new(er) domains that appear to be tied to advertisements. Given Avast's description, I would say false positive.

Threat Info: https://otx.alienvault.com/pulse/5fbe3146fb50e6267db3bd13

[DavidR]

@  Georgi27
Well your avast alert window indicates that it is running (for whatever reason), as the process responsible for the connection attempt is that in your attached image.

I don't know if this is some update attempt/check, but the destination URL is somewhat obscure if it were an update check, etc.

You could check if there isn't some scheduled task for skype.

You could also try uninstalling skype as a check to see if the Avast alerts cease.

Note: Given Michael's post, yes it could be malvertising (malicious 3rd party ads) and could be a false positive.  How to report this as a false positive isn't going to easy, as I mentioned I didn't get an alert on a direct connection to the domain, nor is there an avast alert on skype.exe

But my point is still this, why would skype be responsible for the connection, when as you say it isn't meant to be running (on startup).   Yes many free programs have in app/process ads, but the key here is in the app/process if it isn't meant to be running.

[Georgi27]

I opened Scheduled tasks and sorted by 'active' but Skype wasn't there.
Also, I tried uninstalling it by right clicking it and clicking on "Deinstall" - it takes me to the Applications but Skype for business isn't there.
Dunno what to do.

[Georgi27]

.

[DavidR]

What windows version are you using ?

Is skype in the windows programs list to try an uninstall from there. 
The reason I mention this is that I generally don't try right click uninstall from a program executable file.

Given its location in c\users\your-name\AppData\local\packages\Microsoft.Windows.Skype........... I just wonder this originated from the windows app store.

Unfortunately I can't be of much practical help, having never installed or used it.
I'm making an assumption this is a windows 10 OS - if so check this https://www.google.co.uk/search?q=uninstall+skype+for+business+windows+10

[rocksteady]

@Georgi27
Additional to David's post. Does Skype appear in Task Manager or icon in Task Bar?
David raises a valid question. Did you download Skype from a reliable source i.e. Microsoft Store?