I keep getting the following pop-up from Avast, when searching with Google. I’ve run Avast, MalwareBytes and CCleaner but none of them are finding any problems. Any help would be appreciated.

Thanks in advance.

Threat secured
We’ve safely aborted connection on prodfliying.com because it was infected with Script:SNH-gen [TrJ]

Threat name Script:SNH-gen [TrJ]
Threat Type: Trojan - This threat pretends to be something else (eg, picture, document, or other file) to trick you into running it and infecting your computer

URL hxtps://prodfliying.com/238234c2a4c4b5d393.js

Process C:\Program Files\Google\Chrome\Application\chrome.exe

Detected by WebShield
Status Connection aborted

6ad7a88805eb/2022-07-29T16:45:20.898Z

https://www.virustotal.com/gui/url/464212909163104397eb07e96d96cf0f972d92a02c99a913a0fffb80d6756ea8?nocache=1

Try clear Your browser (scroll down and find Your browser)

https://www.avast.com/c-how-to-clear-browser-history

https://support.avast.com/en-eu/article/reset-browser/#mac

Thanks, but unfortunately it didn’t help. I cleared my browser history, but it’s still popping up.

Try running Chrome without browser extensions/add-ons.

If that stops it then it would point to one of the extensions/add-ons. From there look particularly at recently added or modified ones and disable one at a time to try and pinpoint the one responsible.

Other detections on that domain reported here - https://www.virustotal.com/gui/url/c54b7e526bd86e1006630997d5311ee630e64e6a641a754afae52f83bf3a3aed
And Medium risk here - https://sitecheck.sucuri.net/results/prodfliying.com
Website Security Rating of F - https://snyk.io/test/website-scanner/?test=220729_AiDc6E_DXE&utm_medium=referral&utm_source=webpagetest&utm_campaign=website-scanner

So it is most certainly a good detection.

Thanks, David! I haven’t had a notification since I disabled everything. Not sure which was the bad extension yet – I had quite a few that were no longer necessary so I am slowly adding them back when/if needed. I’m sure many will be deleted soon.

You’re welcome.

Did you figure out which extension it is? I’ve been having the same issue. Here are the extensions I have on. If you could identify any extensions you also have, maybe we can identify the culprit:

“Adobe Acrobat: PDF edit, convert, sign tools”, “BetterTTV”, “DownAlbum”, “FrankerFaceZ”, “GoFullPage - Full Page Screen Capture”, “Google Docs Offline”, “IG Downloader”, “Image downloader - Imageye”, “LastPass: Free Password Manager”, “RightToCopy”, “Story Saver”, “Tab Session Manager”, “Tampermonkey”, “Twitch Downloader”

@ Heisanevilgenius

You really need to be brutal with extensions, many could simply be downloaded and work done with an off line resource.

For example (there are others) ‘image downloader/s’, many browsers have that function built in.

Your post looks more like an advert for extensions
Look at how frequently you use them and cull those that aren’t used that frequently.

Thanks, I’m aware I can download images already but certain websites use scripting and other methods to prevent images from being downloaded with a simple right-click. These extensions are often much easier than trying to inspect elements, sort through code, etc, to find the specific images.

How to check on browser extensions:
https://www.wired.com/story/how-to-audit-browser-extensions-security-chrome-firefox-edge-safari/
(info credits/source David Nield).

Also check on the site of the developer of such an extension or check at VT.
Always install from a reliable source.

Remember cybercriminals also are into this and may also spread mal-extensions.

polonus

Just to update, I haven’t had the issue since, so I’m thinking it wasn’t one of these extensions. I disabled and deleted some old extensions when I posted this and it still had a lingering effect but after I closed and reopened Chrome the issue went away.

Thanks for the update.

I don’t know if it needed a restart of the browser for the changes to take effect.

L.S.

In the case of unwanted adware pop-ups from prodfliying dot com etc., it is advisable to set your browser back to it’s original settings, and do so without 3rd party applications, this will reset the start-up page, newtab page, search engine and pinnend tabs (in Google chrome for instance).

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)