2-3 days ago I started getting an Avast pop-up warning of an aborted connection to:
clients2.googleusercontent.com because it was infected with Other:Malware-gen [Trj]
It states it was found in chrome.exe process. Snapshot of message attached.

I uninstalled Chrome and reinstalled and pop-ups continued.

I download malwarebytes yesterday before finding this forum and ran 2 scans which found some items but did not appear to be related - 29 items were sent to quarantine. Afterwards, the pop-up occurred shortly after.

Today, before finding this forum, I searched the registry and found 2 values under Chrome Extensions pointing to the url noted. I backed up the registry and deleted the 2 extension values, performed a reset of chrome and searched for harmful files. Confirmed the extensions were also deleted in the WIN 10 folder for Chrome. Rebooted and the pop-up occurred again.

I also searched all files\folders under WIN C and I cannot find any reference to URL>
Found this forum and attaching the suggested documents:
MBAM Search Results 3.tx
First.txt
Addition.txt

I cannot seem to find where such redirects are occurring.

Any suggestions or ideas beyond a full wipe of the partition and reinstalling windows and all required applications?

• Open Notepad (click Start button → type notepad.exe → press Enter)
• Copy text from code block below and paste it into Notepad

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

• Go to File → Save As
• Make sure that UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Fixlog.txt is attached

Hi Mwyarn,

Before a qualified remover is to dive into your log txt, just read this in the mean time:

https://webcookies.org/ssl/report/clients2.googleusercontent.com/191677

We were there before: https://forum.avast.com/index.php?topic=210556.0

Success,

polonus

What is system status now?

Status is the same. I tried uninstalling Chrome, restarting PC, reinstalled Chrome and I have the same results. It does not happen on Firefox, just Chrome as it referenced in the picture I posted where Avast was able to circumvent the redirect and points to the path of Chrome.exe.

I have tried previously disabling all extensions, include a second pass at removing them completely. That did not work.

I am at a loss of what to try next.

It might be Avast false positive. Can you contact their support nad asj them to analyze it?

I am sorry but what is nad and asj?

I think they are just simple typo’s
nad = and
asj = ask

So maybe should read as this:
Can you contact their support and ask them to analyze it?

rocksteady is right, it was typo.

I could not find a help number with Avast so I downloaded and installed ZoneAlarm. Although I was planning to use their tool for access monitoring, they also have a virus shield. I ran it and it found 2 extensions where it detected malware. It automatically went into an advanced repair including rebooting the PC. I then did a second scan to complete a full scan and it found 2 other viruses which it also quarantined. After using my pc yesterday evening and off and on today I have not had any additional occurrences. I don’t believe one day is a true test so I will post again in 3-4 days.

That said, each time Avast aborted the connection it would prompt for an upgrade but it never attempted to do a repair - it always asked to click for a paid upgrade. I cannot fault them for wanting a paid subscription as they are not in the business to give everything away for free. I suppose ZoneAlarm will do the same over time. However, since ZoneAlarm found the additional viruses I have decided to trust them more, at least for now. I know everyone speaks highly of Avast Free but it has not served me well. After almost a week of installing and uninstalling many different things, researching the web for how others have solved, I have lost confidence in Avast.

Will post back in 2 days with another update.