I have been infected by some sort of virus or malware that seems to originate from a website fres-news.com. It causes a Windows-like notification "removing useless files is advised’ to pop up every soften, and when I close it, it opens one of a series a websites. Is Avast aware of this?
Hi Lawrence2,
Indeed the website you mentioned is flagged by quite some engines:
https://www.virustotal.com/gui/url/d3d2d222b840b7141ea3b9aabc8c253a03b80c9323d8d785d51a4930858289ca/detection
Also consider: https://www.virustotal.com/gui/ip-address/178.128.142.109/details
Re: https://www.shodan.io/host/178.128.142.109
Still this PUP-adware site has a good score here: https://www.immuniweb.com/websec/?id=GaqPq6s0
Misconfiguration or weakness:
-
However Privacy Policy was not found on the website or is not easily accessible.
-
No WAF was detected on the website. Implement a WAF to protect the website against common web attacks.
CSP - Some directives have values that are too permissive, like wildcards. Information
The creators of this website are pro’s and configuration and settings could have been well planned for this specific adware-purpose
After adware-installation this could lead to bogus-information. This suspicious product is not categorized as malware itself as it does not damage any system parts or software. However, indirect harm can be done if redirects that come from this PUP take the user to a malware-laden source
In the browser
Open the web browser that is showing ads.
Find the three dots on your upper right and go to Settings.
Afterward, continue with Advanced → Notifications.
Find the -Fres-news.com domain name and remove it from the list.
Avast should be set to PUP-mode when scanning for this PUP-adware.
MBAM is a program of choice to remove this adware.
In windows go to uninstall programs, look for -Fres-news.com or any other recently installed suspicious programs, and uninstall.
Whenever you prefer the cleansing be done under guidance of a qualified removal expert here,
In that case wait for one to appear here and kick-up the logs,
required for guided malcode removal here: https://forum.avast.com/index.php?topic=194892.0
Hope this PUP in this way may soon leave your OS or your device.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)