system
1
Been getting this Avast popup (see screenshot) for about a week now whenever I’m online. Usually appears within seconds of opening Chrome. I can be surfing anywhere, any site, NO particular place & it appears on average every 20 minutes or so. I’ve done this so far: made sure Windows 10 all updated (it was), originally had AVG Free installed when this started happening & updated it, then today UNinstalled AVG and installed Avast - problem still happens… ha! The warning JUST popped up right now AGAIN…anyway…I’ve run virus scans - finds nothing. Nothing gets put in Quarantine either from this popup. MalwareBytes finds nothing. Driving me bonkers… Help!
Attached is the threat popup AND diagnostics I just ran using Farbar Recovery Scan tool as per moderator on a different section of the Avast forum…
Pondus
2
From the screenshot it seem you may have a chrome extension that try to connect to that url, that containe the exploit avast is blocking
Malware experts are notified, it may take some hours before anyone is online
system
3
Thanks… no rush, as it seems this is unlikely anything major (I hope).
Pondus
4
system
5
Yep, already cleared cache & cookies… also use CCleaner (updated version) and run the Windows Disk Cleanup tool. 
- Open Notepad (click Start button → type notepad.exe → press Enter)
- Copy text from code block below and paste it into Notepad
CHR HKU\S-1-5-21-3719281007-1545348927-2765418579-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
- Go to File → Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
Then,
Follow instructions from to open Chrome extension manager:
https://support.google.com/chrome_webstore/answer/2664769?hl=en
and remove following extensions:
hxxps://keep.google.com/u/0/
hxxps://news.google.com/nwshp?hl=en&tab=wn&ei
KDSPY
system
7
OK… just followed your instructions except I paused before removing the 3 extensions you mentioned… as you said to post the fixlog.txt before I continued. It’s attached…
system
8
Well, the Avast threat popup was STILL popping up every 20 minutes or so… and so I decided instead of waiting to hear back from you as to whether I should go ahead and remove those extensions you suggested (which you said to post the Fixlog.txt FIRST & basically wait to hear back from you before moving forward…) So, just about a minute ago, I went ahead and did the second part of your suggestion before I got your last post… to remove Keep, remove News from extensions/apps. That’s now done. But I only disabled KDSPY instead of removing as you suggested (I’m an author and use that frequently on Amazon). So, we’ll see in the next half hour or so if it pops up again…
system
9
Nope, this did NOT fix it. I was off the net for about an hour (meal time!) and just got back on the computer. About 3 seconds after opening Chrome, the same Avast pop-up appeared. And I DID remove the Keep and the News as you said. And the KDspy is not enabled. Soooo… not sure what to do now :-\
Try now to disable extensions one by one until you reach point where Avast doesn’t show messages. WHen you find it tell which one was that so we can report it to Google or Avast (if it is false positive).
Also, please attach following file to your post.
C:\ProgramData\AVAST Software\Avast\report\WebShield.txt
system
11
I will give it a try… Also, the only extensions I have ENabled at chrome://extensions are: Avast Online Security, Google Docs and Google Offline Docs. That’s it. There are several other extensions listed (which all seem to be ones that are OK) that are NOT enabled right now.
At chrome://apps, I show Asana, Google Calendar, Google Web Store, Google Docs, Google Drive.
You requested the attached:
Now this is really strange. Do you have or had extension named Blasty? I don’t see it in FRST logs.
system
13
Yes!! I had Blasty!! But it isn’t listed in the extensions or apps anymore. I can’t recall if I removed it in the last several months or not… of if it just disappeared. I know I had gotten an email from them in the last week or so saying the Beta period I had participated in during the last year was ending towards the end of this month (I think) and then if I wanted to continue their service I would need to pay (they don’t have any credit card info).
So what do you think?
system
14
Here’s the copy of the email from Blasty - received it yesterday…
Hi Gina,
Blasty is now out of Beta.
For this occasion, we launched a new version of the product with new features:
- Each Blast now triggers a DMCA takedown notice to Google, Bing, Yahoo AND the site hosting the infringement ;
- Blasty Full Power users can now override the algorithm’s rating ;
- The scanning speed has been significantly improved.
NB: expect continuous improvements.
As a former Beta-tester, you’ll be able to enjoy Blasty Basic for free until November 21st 2017.
Please keep sharing your feedback with us, good or bad. We’re taking every comment into consideration.
Happy Blasting,
photo
Olivier Zetlers - CEO & cofounder
Blasty, 41E 11th Street New York, NY 10011
system
16
Just did what you told me to… now I wait to see if it works. I will say that during the last hour and half I’ve been online I have not had the Avast threat popup issue… which is amazing and nice. So, we’ll see if the additional thing you just suggested also helps the situation out. I am good about deleting stuff out of the Chrome “Clear browsing data” from beginning of time thing… EXCEPT I DON’T ever select the “Hosted app data”, though!! So, that at least is something “new” I just did
system
17
Well, that did NOT work. The Avast threat popup still pops up… I even performed the last step you suggested once again when it popped up 20 min ago. And just about 1 min ago it popped up again. ARGH! OK… so I wonder if I should go back to your step about disabling those few extensions & apps I mentioned and see if it’s any of them giving a false positive or something?? (chrome://extensions are: Avast Online Security, Google Docs and Google Offline Docs. At chrome://apps, I show Asana, Google Calendar, Google Web Store, Google Docs, Google Drive.)
system
19
I went through one by one disabling what few extensions I have enabled anymore… Google Docs Offline - nope still had popup; Google Docs -nope still popup; didn’t disable the Avast Online Security extension because (duh!) that better not be setting off its own threat!! That was all the extensions I had enabled. So then I went to the chrome apps – I removed Asana - nope still had popup. And I did NOT remove the Google Calendar, Google Web Store, Google Docs or Google Drive that appear on my chrome://apps page because it doesn’t make sense those would be setting off the Avast popup… right?! If you think I should remove them from chrome://apps, then I will try… Anyway, within seconds of opening Chrome a bit ago, that’s when the latest Avast popup occurred. Driving me bonkers every 20 minutes or so popping up… that’s fairly common, although there were times this afternoon it went 1 1/2 hours with no popups.
I’m lost. Do you think I should/could put into the Avast EXCLUSIONS area to NOT mark whatever this problem is as a threat & do a popup? Like if I copy/pasted in that long clients2.googleusercontent.com…blah…blah URL that it would stop doing this?
I don’t recommend to add it to exclusion just because of Avast popup. Now try with complete Chrome reinstall.
Follow this article: https://support.google.com/chrome/answer/95319?co=GENIE.Platform%3DDesktop&hl=en
Make sure you backup your bookmarks and other stuff before that make sure you check “Also delete your browsing data.” during unistall.
