Hello,

like thread https://forum.avast.com/index.php?topic=198920.0 I am getting the same popup. It was originally once every now and then (like once a week) now it is happening every 5 or so minutes today. Scanning within Avast! does not find an issue.

I have run MBAM and FRST, but it does not appear I can post the logs here (or at least not in the first post) so I will try and post them in a reply.

Thank you,

~ Kyle

You attach logs, how to do it is in the instructions guide. https://forum.avast.com/index.php?topic=194892.0

Here are the logs.

@Sass Drake is notified, it may take hours before he is online

Thank you

• Open Notepad (click Start button → type notepad.exe → press Enter)
• Copy text from code block below and paste it into Notepad

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

• Go to File → Save As
• Make sure that UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Hello,

Here is the Fixlog file.

What is status now?

So far I have have not had any pop-ups today (even before performing the steps you had me do), whereas yesterday it was every 5 - 10 minutes. I will continue to monitor and let you know!

Thank you for your assistance so far.

Alright, so interesting update - while at work in the office I have not been getting the popup the last couple of days (today included), but tonight at home (this is a laptop) the pop ups started again. I was working from home the day I was getting the constant popups as well. I have a separate WiFi SSID and network for my laptop that VPN’s to work, so it is separate from my primary network on its own isolated VLAN. Otherwise it is no different than any other network. Just a different brand router.

Do you have router model listed in this article?

https://www.guru3d.com/news-story/ghostdns-70-different-types-of-home-routers-(100000)-are-being-hijacked.html

I do not appear to no, I have a Ubiquiti USG (or USG-3 depending on the site) https://www.ubnt.com/unifi-routing/usg/ - I have verified that the DNS servers are still set to Google’s DNS at 8.8.8.8 and 8.8.4.4 within it’s WAN configuration.

Please post new FRST.txt and Addition.txt logs.

Would you like me to post them while in my actual office (no popups) or from home (with popups) or both?

Here is a scan while in the office, I will get one from home unless I hear otherwise.

Sorry for the late reply, I was at work much longer than anticipated. Here is the scan at home connected to my isolated WiFi for work, oddly enough I’m not getting the popups tonight. Cannot explain that since nothing has changed.

I can’t find anything in FRST logs. I can only pressumed that one of routers is hijacked. If possible factory reset them or at least inform technician to fix it.