Aborted connection to prefound.org

Viruses and worms
1

Hello. As of the last couple of days (possibly after a Chrome update), I’m getting a Threat Secured notification (see attached) when sometimes opening a new blank or google tab in Chrome. The only thing I’ve been able to find is one site that says the domain name is about a month old. I haven’t noticed any other ill effects, but I can’t figure out what this is for the life of me.

2

What is shown if you click on the See details option ?

I take it that you aren’t trying to connect to this site ?
If not, it could be something trying to connect, new add-on/extensions etc. that needs further investigation.

Whilst not blacklisted this site is considered a medium security risk https://sitecheck.sucuri.net/results/prefound.org

3

Attached is the notification with more details visible. I am not trying to connect to the site. I got this one on a google search for something unrelated.

4

It may well be something hidden, a new browser add-on or changed settings.

This needs further analysis by a malware removal specialist:
Go to this topic https://forum.avast.com/index.php?topic=194892.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

5

No problems: http://ssl-checker.online-domain-tools.com/
But still no connection because of a 403 forbidden.

polonus

6

Alrighty. Here are the logs.

7

I have tried to draw attention to this topic.

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

8

Open this URL in Chrome:
chrome://serviceworker-internals/

and clikc on Unregister button for all listed entries.

9

I think I’ve narrowed it down to a Chrome extension. Hasn’t occurred since I disabled it. Don’t know what changed in the extension. Thanks for helping, everyone, much appreciated.

10

You’re welcome.

But did you also do as suggested by Sass Drake ?

11

Hi Xanex Caligula,

Would be interesting to know what particular extension may have caused that.
By the way can you fill in with the name of that specific extension?

polonus