For the past few months ( since around September ), I have been getting antivirus popups from AVG, Malwarebytes and now Avast from different outbound connections onto my machine, one of the most frequent one being from URL:Mal. I do not have AVG anymore, and I have MWB installed, and am currently primarily using Avast as my antivirus software, but every one that I have tried has always had many outbound connection alerts.
I have gone through AVG tech support. This did not work. I am currently still going through MWB tech support and so far nothing is working. The link I am providing below is so far every single step I have tried, but nothing is solving these outbound connections that my antivirus programs keep detecting. I no longer have any free trial of AVG, MWB or Avast, so this is worrysome that something more dangerous is getting through.
These have been happening since I formatted my computer back in September. As I stated before, the link below helps explain more in detail, and is extremely text-heavy in things that I have already tried. Listing a few here, I have tried: ADW Cleaner, Sophos Virus Removal Tool, CCleaner, FRST64, RogueKiller, and Zemana AntiMalware. None of these have stopped these popups or have detected anything at all as far as I have seen. About twenty minutes before posting this I did get another alert from Avast stating it had an outbound connection from URL:Mal. I can provide screenshots if need be, more than the one I am also providing in this topic.
Can someone please help me fix whatever is wrong with my computer?
I’m also not exactly sure how to attach images, so I am providing a link for the popup Avast gave me recently. I have not attempted the latest fix yet on my MWB forum topic because I am waiting for it to be opened again.
Didn’t even see that option, thanks. Here’s the most recent popup that I’ve gotten from Avast. AVG and MWB have had similar ones, both from Chrome and Skype sometimes.
Since this appears to be coming from chrome.exe, which presumably is your default browser ?
There may well be an add-on that is trying to connect to that URL. Presumably you aren’t intentionally connecting to that site and there isn’t a default home page set to ling to there. Sorry I don’t use chrome so I don’t know what it gets up to.
If I’m remembering this correctly, I wiped my computer clean and the first two things I reinstalled on it were AVG and Google Chrome. As soon as I had both, and only the default Chrome extensions, AVG popped up with a URL:Mal notification. I had nothing else but base Windows programs then installed.
And yes, Chrome is my default browser. This happens no matter what I’m doing on my computer, as explained in the MWB link.
Here are the requested text files. The scan with MWB was not with the trial version of the program, only the free, basic version.
What do you mean when you’re asking “do I use other devices with Chrome”? Like a phone, laptop, or tablet? I use Chrome on my mobile phones but I do not have a data plan, I only use WiFi.
I’m not sure if that second link provided for me ( https://blog.malwarebytes.com/malwarebytes-news/2013/05/oh-the-sites-you-will-never-see/ ) can help or not, because I do not have the premium version of MWB anymore, and it is not an active protection program, it is only a scanner. It’s not detecting anything anymore, but Avast still is, despite being a free version of it and not the paid service.
Had another popup about two hours ago. I wasn’t even browsing, just watching YouTube in one window while playing a game. I do have a lot of other windows open, however, and I haven’t gotten any alerts in a very long time, probably about a week or two.
hic.6125878[.]com
This is CoinHive In-Browser Miner Malware.Keep in mind this is a JS infection (malware is on this webpage that’s why avast is blocking it) not a binary one.I and some other researchers on twitter have been seeing a steady uptick in miner malware.
Might have come from one those crap extension/infected webpage things that user’s often install into their browsers by accident.Be wary of what you install and click on.There is a js:redirector somewhere in your system which is causing these connections to such sites (probably in your browser from what i can see in the logs)…Try flushing chrome cache and completely resetting it from the settings in chrome.
While you may have uninstalled it from the browser it may still have messed with chrome’s pref file causing redirections to these places.
I’m not sure what this site is that you’re showing me.
What’s a “JS Infection”? These sites are popping up for me even when I’m not touching my browser at ALL. I haven’t even had my browser open before and my antivirus ( be it Avast, AVG, or MWB ) has detected it. I can have my browser open and not browsing anything, only some tabs open, and one of these random popups show up saying that a connection was blocked.
I’ve uninstalled a few Chrome extensions as of right now. Should I still clear the cache? I’ve had the cache cleared before ( I think ) and Chrome 100% removed from my computer, but I re-installed my extensions and it still happened. I also formatted my computer a few months ago and the first two things I did were install AVG and Chrome; Chrome came with several defeault extensions in it ( Google-related products ) and AVG STILL gave me these warnings, when I was using AVG.
Before I typed this up, I have received four popups in the past 30 minutes, without browsing whatsoever, just having Chrome open. Three of them were one after the other, which I will include in this post. I’ve never even been to or heard of any of these websites.
I did already attach my diagnostics and I have just been waiting. I also am wondering exactly what your post #6 would do; it seems like something I’ve already done since I have cleared out Chrome completely and still got all of the popups from website connections.