Alright, so Avast keeps blocking weird websites, like this one:
It also blocks other websites ending in .pw, like: cncode.pw, sokoinfo.pw. What is this virus? I can’t seem to get it off my PC.
I visited just on of the domains and it is a strange one as:
- I don’t get an avast alert, as such.
- However the page only has one line, that of a domain/url text. See attached image.
What it appears that you are looking at are historic information from the Notifications Area of the User Interface.
Unfortunately because of the language I really don’t know if/what the Avast Alert was about.
Comodo Valkyrie Verdict media sharing
Dr.Web known infection source
https://www.virustotal.com/gui/url/bc989cc08ce62c340eb9f5be11b8ecda47887d5d5b5c62e016079507469b9229/detection
https://www.urlvoid.com/scan/sokoinfo.pw/
Dr.Web known infection source
sophos malware repository, spyware and malware
https://www.virustotal.com/gui/url/e66f1eba0fb3d0264dfb3d83ba5833b5ab6352aeb8a2beb82aa54081bef2056c/detection
https://www.urlvoid.com/scan/cncode.pw/
It’s not notification history, i get millions of notifications of those websites, and even Malwarebytes blocks them. I have no idea what is happening. I tried reinstalling Chrome 2 times, nothing happened.
Try run a scan with Malwarebytes Adwcleaner (not same as Malwarebytes Antimalware) https://www.malwarebytes.com/adwcleaner/
Unfortunately in not showing a screenshot of the actual Avast Alert window, I can’t really say anything other than I have in my last post.
What you showed in your attached image is from the AvastUI Notification area irrespective of language, your image and mine are essentially the same and from the AvastUI Notification area, this is just showing historic information on alerts that you have had previously.
I couldn’t reproduce an alert by visiting one of the locations you gave ‘sokoinfo.pw’ so I don’t know how you could get it but not I.
Read here: https://www.domainregistration.com.au/news/2013/1305-pw-domain-spam.php
As the domain extension dot pw became available known spammers and scammers jumped unto it,
given it it’s bad name.
The network extension also has network security implications, read here:
https://community.cisco.com/t5/network-security/firesight-classifying-pw-dns-requests-as-trojan-detected/td-p/2897097
So since the domain extension dot pw became available since 2013, using any .pw dns query triggers the 'INDICATOR-COMPROMISE,
so suspicious DNS requests and one has to make sure, that the particular request for that particular domain is a false positive,
and “above board” so-t-say.
Suspicious .pw DNS Query’ or one should disable it in the avast intrusion detection policy.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)