Thank you for the tips, we will look into both CrossPilot and Proxy SwitchySharp if there is any hidden malicious code!
Thanks again Jan953…
Problem has apparently disappeared.
Yesterday, I disabled all add-ons (not restart with add-ons disabled) and turned them back on one at a time and checking for the issue each time. Even when all were back on, problem did not surface. I waited to post today to see if issue came back after reboot. It did not.
Cannot explain this.
Tried your troubleshooting and did not notice any add-ons loaded.
Hi,
I have answer from Avast French support ;D
They said that it was from a bad add-on…
They advise me to disable add-on one by one and enable it one by one to see which one was bad.
I did it, but as a forumer said before, they did it without possibility to know which one wasn’t good :o :o
Gerald
Seems this idiocy is back again. 6 days of freedom and now it is starting again. Nothing has changed in my system.
Hi,
Welcome back >:( >:( >:(
I have the issue back.
To see if something wrong with add-on, which add-on do you have on your firefox or other navigator which occur the problem?
Gerald
Hi everyone,
I’ll be copying this other reply of mine on the AVG forum:
I know it might not be what you’re exactly looking for (since it’s more probable you’re being closely monitored as I am and this is only going to prevent you from viewing the window - check the address loaded on the pop-up, because it’ll match a ton of your latest searches on Google), but, at least for now, you could edit the hosts file present at the path “C:\Windows\System32\drivers\etc” and block the address from being sucessfully opened. Remember you’ll have to run the text editor (notepad, why not?) as an administrator and open the file through the own notepad prompt (ctrl + o). After this, go to the last line and create a new one with “127.0.0.1” (which is the localhost used for loopbacks; learn more at https://en.wikipedia.org/wiki/Localhost) plus the address targeted. You also should preferably press the “tab” key to separate a parameter from each other.
It seems this threat actually comes from some kind of action triggered by Crosspilot. Discussions are being proposed across other forums too, I see.
Hope this helps.
(I attached a sample of what it also looks when running on AVG. Same deal, same issue.)
I got this from Avast:
If the detection pops up randomly it is possible that you have hijacker in your browser. To get rid of it please follow steps described bellow:
- Make sure that Avast is up-to-date: https://support.avast.com/en-ww/article/Update-Antivirus
- Reset the affected web browser to its default/factory settings: https://support.avast.com/en-ww/article/Reset-browser
Did not do it yet, did anyone else?
You could start by attaching a screenshot (to your reply) of the avast alert, that could help us investigate.
See my attached image on how to attach it in the post.
Ok, this is the screenshot
This pretty much confirms the detection, that an Avast Team member posted about.
And also what actions others in this topic have taken to try and pin down what add-on is triggering this alert.
But what you got from avast in your Reply #27
- Avast being up to date (virus definitions) wouldn’t have an impact unless this were a false positive.
- Resetting the browser back to defaults, would presumably remove all add-ons and probably resolve the problem until you put the add-ons back again.
So it doesn’t seem to follow what ‘Jan593’ suggested, to track down the add-on responsible. Or what other contributors to this topic have done to try and find the add-on. All I as an Avast user can suggest is read through some of the other replies on what they have done to find the add-on and then remove that add-on.
I only removed CrossPilot (which I never asked for by the way) and now peace has returned - no more alerts. What IS CrossPilot???
I updated the ‘hosts’ file as per an earlier post and have not had this since. Perhaps that’s the ‘real’ solution. For me, before, this issue would come and go for no apparent reason I could discern. It’s peace for now.