I keep getting Avast pop-up warnings that it has stopped programdiag.com from infecting the computer. I’ve run several Avast virus scans including a boot scan and also have run Malwarebytes several times. I do not have in Chrome. Is this hiding somewhere? I’ve tried everything to clean the computer, but clearly it must have infected something. Can anyone help?
Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892
6 engines detect: https://www.virustotal.com/gui/url/00271f1efe5fa01ec0df7bf2080075962941a31e082e5351bebe703f0eed5ab5/detection
A moment ago: 403
Status
text/html
Content Type
2019-12-19 12:03:56 UTC
a moment ago
They may be cleansing the site. See: https://www.virustotal.com/gui/ip-address/172.241.69.4/details
Content that was returned by your request for the URL: -http://programdiag.com/
1: < html> 2: < head> < title> 403 Forbidden< /title> < /head> 3: < body bgcolor="white"> 4: < center> < h1> 403 Forbidden< /h1> < /center> 5: < hr> < center> nginx< /center> 6: < /body> 7: < /html> Content after the < /html> tag should be considered suspicious.8: < !-- a padding to disable MSIE and Chrome friendly error page →
9: < !-- a padding to disable MSIE and Chrome friendly error page →
10: < !-- a padding to disable MSIE and Chrome friendly error page →
11: < !-- a padding to disable MSIE and Chrome friendly error page →
12: < !-- a padding to disable MSIE and Chrome friendly error page →
13: < !-- a padding to disable MSIE and Chrome friendly error page →
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Thanks. I ran an Avast boot scan last night and it showed nothing. As soon as I opened Chrome and clicked to go to a page, I got another Avast virus alert that it had stopped a programdiag infection. I ran Malwarebytes just now and here’s the diagnostics log:
-Log Details-
Scan Date: 12/19/19
Scan Time: 6:39 AM
Log File: 953cd854-225c-11ea-be1b-7845c435923f.json
-Software Information-
Version: 4.0.4.49
Components Version: 1.0.781
Update Package Version: 1.0.16434
License: Free
-System Information-
OS: Windows 10 (Build 18362.535)
CPU: x64
File System: NTFS
User: CHICAGO\Figaro14
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 398782
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 22 min, 42 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
Attached are the First scans.
First scan addition scan
Actually, I MAY have solved the problem. I think the bad program was in Chrome itself, even though it did not show up in any of my extensions when I did a check. Here’s what I did: After running muliple malware and anti-virus programs and getting no hits, I decided to delete Chrome entirely from the computer. When I went into Windows 10 settings, I discovered three different Chromes listed. I individually deleted all three, ran CCleaner and registry cleaner. Rebooted and uploaded a fresh version of Chrome. When it fully uploaded, it tried to reinstall a spurious extension that I think may have been malware. I then deleted that extension and now it appears Chrome is running fine. So far, no Avast virus warnings.
I should add the info that before I deleted Chrome, I also ran Chrome’s malware cleaner, and it found nothing wrong! Grrr! It took awhile to get all the settings and proper extensions back into the new Chrome, but it was worth it. I’m going on five days of no signs of malware trying to invade computer and the pop up warnings from Avast every time I click on any Google link.