URL:Mal Alert 8.29.128.136/casino/CA?

I keep getting an alert when browsing with Chrome browser. See attached photo. That Alert came up and the only tabs in Chrome that I had open was a Google Search results, Live.ca webmail and Chrome settings tab! I have run scans with Avast, Malwarebytes, Spybot S&D and most of the other software mentioned in other posts and find no infection. This is the entry in nshield.log:
12.05.2016 15:55:46 Network Shield: blocked access to malicious site http://8.29.128.136/casino/CA?subid=190595595433&zoneid=505317&sxid=v3li2098a515 ([8.29.128.136]:80) [ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ( 5184 ) ]
I don’t know what else to scan with. I went through Task Manger’s Details tab and running services and can’t find anything unusual running. The only background programs running are Avast Premium, Malwarebytes Premium and CCleaner Professional. Earlier today I shutdown CCleaner background monitor and surfed Facebook (I have gotten the alert on FB a number of times. Heck I have gotten the alert where the only tab I had open was Google.ca and Chrome settings tab.) for over an hour without receiving the alert so I can only conclude that Ccleaner Pro is injection Url:Mal into Chrome.exe.
I will keep Ccleaner disabled for a few days and see if I receive the Url:Mal alert when it isn’t running just in case earlier today was a fluke.
I do not use Internet Explorer or Edge browsers so can’t say if the alert happens with them also or if it just Chrome.
Anyways any advice would be much appreciated as I really want to solve this without resorting to a clean install of Windows 10.
Oh since the url:mal mention Casino let it be known that I do not have any kind of casino software installed on my computer.
Thanks and Regards,

Trevor
Edit: Changed Subject.

See instructions here >> https://forum.avast.com/index.php?topic=53253.0
Scroll down to second picture > Farbar Recovery Scan Tool < Run as instructed and attach the two diagnostic logs

See below the box you write in … Attachments and other options

When done, Essexboy will have a look

Here you g…

I still think it is CCleaner Pro because I shut it down and surfed for over an hour and the alert did not come up. I than uninstalled it and downloaded a clean copy from Piriform site and reinstalled it and kept the background monitor running and it did not take lake when I was browsing Facebook for the alert to pop up. I email Piriform about this but they say the have had no complaints from others and can’t duplicate what I am experiencing on their computers. Than again if their program is the culprit they would never admit it.

Regards,

Trevor

Did you install this programme :

C:\Program Files\pia_manager

And are the alerts in Chrome only

Yes pia_manager is Private Internet Access VPN service’s VPN connection tool.
I real don’t use any other browser other than Chrome so I will have run IE and see if I get the alert. I will do that now at post back.

I ran Internet Explorer for awhile and did not get the alert. I went through my system and removed a virtual driver from Apowersoft which was left over from an app I tried and unistalled so maybe it was that? I will keep CCleaner Pro running again and do some more surfing to see if that driver was maybe the cause. If I get the Alert again I will be back. I also cleaned some crap from the registry from another program that I had to manually uninstall because its uninstaller kept crashing.

OK will wait, the rest of the system appeared clean

Yah I think I got it as I have been surfing sites for awhile and haven’t gotten the alert so it was either that apowersoft virtual drive or something that was being loaded in the registry that I managed to clean manually. The program that I had to manual uninstall was Windows Search Index Analyzer by edbsearch.com. Their was a ton of entries left in the registry from that program that the 2 registry cleaners I use didn’t remove.

I guess I didn’t get it because I was browsing Ebay.ca and the alert popped up again! So I will disable CCleaner Pro monitor again. I mean it may not be CCleaner Pro but I can’t find any other background process running that isn’t either Microsoft related, Intel display or sound card (Realtek) related besides of course Malwarebytes and Avast. I also have sandboxie service running.

I should also mention that the alert is always the same and the timing of when it pops up seems to be random. I can be surfing sites for only a few minutes and it pops up or several minutes.

I went to Chrome’s help forum and asked if their is a program or way to find out what is sending the malware url to chrome.exe because so far anytime I have CCleaner Pro not monitoring in the background I do not get the alert. I also checked my system with SFC /scannow and found no issues.

So I ran a program called Open Files View to see what files CCleaner64.exe has open and the only file coming up for it is Staticcache.dat in Windows/Fonts but I can get at the actual file to copy it so I can run it through some online scans.
Also I kept Chrome open with various sites opened for over an 1 1/2 hours without getting the alert with CCleaner not running so it has to be ccleaner! The question is whether it is actually ccleaner or another file that ccleaner uses like a .dll that is infected? It would have to be a file that isn’t being uninstalled by ccleaner’s uninstaller or overwritten when ccleaner is re-installed.

Well it is DEFINITELY CCleaner Pro! I decided to do an quick online scan with Bitdefender and decided to load ccleaner and turn on the monitoring feature and shortly after going to Bitdefender’s site I got the same alert.
Now for some reason I can’t do the scan unless it doesn’t work in Chrome.

Your analysis does sound good. Unfortunately Chrome extensions are liable to misuse and appear to be targeted quite regularly

May be worth informing CC so that they can check the extension they have uploaded to the chrome store for tampering

Problem is CC doesn’t install any extensions into the browser! Well it turns out it isn’t CCleaner Pro anyway because I just got the Alert when I was typing a reply! I guess I will have to take the time to do a clean install of Windows 10.

OK before things go that far

First try other browsers… Do they have the same problem ?

If not then try Chrome in incognito mode https://support.google.com/chrome/answer/7005900?hl=en-GB&rd=1

If that stops it then let me know

If not we will need to reset Chrome

I did do a reinstall of Chrome for the 2nd time but still got the alert. I ran the URL through virustotal and it finds nothing malicious at the actual site so I ran Chrome in Sandboxie and went to the line (had to temporarily disable Avast sheilds) and there is no real content on the site so why something would be trying to get chrome to go to that site is beyond me. I think I will install a Windows 10 virtual machine and just install Chrome and Avast and use it to do any browsing for awhile and see what happens. However, before I do that I really need to get a) a good nights sleep and b) be in the mood.
I really am starting to suspect it is Chrome itself! I did run Internet Explorer twice for a long surf session and did not get the alert.
I should also mention in case I didn’t already the only Chrome extensions installed are the ones that chrome comes with, Avast Online Security and Popup Blocker Pro.

OK Chrome is in all probability synching the bad stuff back

Re-install Chrome

  1. If you have bookmarks, let’s save them by exporting them - Export Bookmarks
  2. Go into the dashboard. Log in. https://www.google.com/settings/dashboard?hl=en
  3. Scroll down to “Chrome Sync” and click Stop sync and delete data from Google link“
  4. Click Stop sync and delete data from Google button
  5. Now we need to uninstall chrome.
    Note: When asked about user data or settings you must remove this also so please check the box.
  6. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
  7. Import your bookmarks back into Chrome
  8. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

OK I went and did all that. I hope that clears things up because boy it sure took a long time logging into all my sites.

Update
Looks like that did the trick! I have been surfing sites for over 2 hours now and didn’t get a single alert! I am not sure what was being synced that was causing me the grief but suspect possibly the Open Tabs section since their was 41 Opened tabs. It would have been nice to see a list of those tabs before wiping the data from Google sync.
Thank you so much for your time!
Regards,
Trevor

There was no open tabs extension showing on Chrome did you install it ?