This forum thread needs a solution.
Kudos0

Intrusion attempt when I open Google Chrome browser

Posted: 17-Jun-2022 | 8:43PM · 16 Replies ·

I have a question.  Most every time I open my Google Chrome browser on my desktop computer I get an intrusion attempt.  Does this mean that my Google chrome browser is compromised?   I have stopped using that browser and I wondered if I should just delete it from my PC?  If I did would that get rid of what ever is making this intrusion come up or the intrusion doesn't have anything to do with the browser?   I have Norton 360 Premium.  My pc is a Dell desktop with windows 10.

File Attachment: 
Image icon The intrusion warning when opening Chrome browser
Labels: Intrusion Prevention

Replies

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 17-Jun-2022 | 8:58PM · Edited: 17-Jun-2022 | 9:15PM · Permalink

Remove Offclaydolon.com pop-up ads (Virus Removal Guide)

If your browser is constantly being redirected to the Offclaydolon.com site, then you most likely have an unwanted browser extension or malicious program installed on your computer.

Offclaydolon.com is part of an advertising service that website publishers can use to generate revenue on their sites. Unfortunately, there are malicious programs that are redirecting users to these Offclaydolon.com ads without the permission of the publisher in order to generate revenue.

When Offclaydolon.com redirects a browser to an advertisement, the ads are typically for unwanted chrome extensions, surveys, adult sites, online web games, fake software updates, and unwanted programs.

You are seeing the Offclaydolon.com pop-up ads because your computer is infected with a malicious program, or a site that you have visited has redirected you to this page.

Less than reputable sites can display malicious ads that redirect your browser to the Offclaydolon.com pop-up ads to generate advertising revenue. If this happens, you can close the page and install an adblocker to block the malicious ads. However, if you continuously see pop-ups like the Offclaydolon.com pop-up ads, then your computer might be infected with a malicious program, and you need to scan your device for adware and remove it.

This malware removal guide may appear overwhelming due to the number of steps and numerous programs that are being used. We have only written it this way to provide clear, detailed, and easy-to-understand instructions that anyone can use to remove malware for free.
Please perform all the steps in the correct order. If you have any questions or doubts at any point, stop and ask for our assistance.

https://malwaretips.com/blogs/remove-offclaydolon-com/

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 17-Jun-2022 | 9:01PM · Edited: 17-Jun-2022 | 9:17PM · Permalink

Malicious Site: Malicious Domain Request 22
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=31350

https://safeweb.norton.com/report/show?url=https://offclaydolon.com  = Caution -> Potentially Unwanted Software

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 17-Jun-2022 | 9:06PM · Permalink

How to install and run a scan with Malwarebytes (Guide)
https://malwaretips.com/blogs/scan-malwarebytes-anti-malware-2-0/

Malwarebytes Malware Removal Help
https://forums.malwarebytes.com/forum/108-malware-removal-help/

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 17-Jun-2022 | 9:11PM · Permalink

Resetting Google Chrome to clear unexpected issues
https://forums.malwarebytes.com/topic/258938-resetting-google-chrome-to-clear-unexpected-issues/

Chrome Secure Preferences detection always returns
https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 17-Jun-2022 | 9:31PM · Permalink

I do not get redirected to Offclaydolon.com.  After I open google chrome browser, Norton gives the intrusion warning, but the browser opens to the expected home page.  Since it only happens with Chrome, and not my other two browsers, I just wondered if there is something compromised in the Chrome browser?  If there's no redirecting, is there something wrong with the browser?  

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 17-Jun-2022 | 9:34PM · Edited: 17-Jun-2022 | 10:21PM · Permalink

How to install and run a scan with Malwarebytes (Guide)
https://malwaretips.com/blogs/scan-malwarebytes-anti-malware-2-0/

Malwarebytes Malware Removal Help
https://forums.malwarebytes.com/forum/108-malware-removal-help/

Resetting Google Chrome to clear unexpected issues
https://forums.malwarebytes.com/topic/258938-resetting-google-chrome-to-clear-unexpected-issues/

Chrome Secure Preferences detection always returns
https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 17-Jun-2022 | 10:07PM · Edited: 17-Jun-2022 | 10:23PM · Permalink

ErP:

I do not get redirected to Offclaydolon.com.  After I open google chrome browser, Norton gives the intrusion warning, but the browser opens to the expected home page.  

Sounds like Chrome is getting redirected on launch.  Norton detects something causing IPS Alert.
Curious, care to share your home page domain/name? 

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 18-Jun-2022 | 8:58AM · Permalink

Yes, my homepage on Chrome is https://www.google.com/ So it does not appear to be a redirect, evidently just an attempted intrusion.  Once I'm onto the homepage and it does not change I get the intrusion warning.  The warning from Norton says the intrusion was blocked and no action is required.  Whatever is going on is happening at launch of the chrome browser.  

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 18-Jun-2022 | 9:08AM · Edited: 18-Jun-2022 | 9:13AM · Permalink

ErP:

Yes, my homepage on Chrome is https://www.google.com/ So it does not appear to be a redirect, evidently just an attempted intrusion.  Once I'm onto the homepage and it does not change I get the intrusion warning.  The warning from Norton says the intrusion was blocked and no action is required.  Whatever is going on is happening at launch of the chrome browser.  

Curious, what Chrome extensions?  
Did you recently install a program or Chrome extension?
Did you recently change website permissions?
Did you run Chrome Reset and clean up?
Maybe, you allowed push notifications? 

Did you follow MalwareTips Guide? [here]
Did you run Malwarebytes scan? [here]

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 18-Jun-2022 | 9:10AM · Edited: 18-Jun-2022 | 9:13AM · Permalink

Maybe, you allowed push notifications? 

Browser push notifications: a feature asking to be abused
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Adware and PUPs families add push notifications as an attack vector
https://blog.malwarebytes.com/adware/2019/06/adware-and-pups-families-add-push-notifications-as-an-attack-vector/

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 20-Jun-2022 | 8:38AM · Edited: 20-Jun-2022 | 8:39AM · Permalink

@ErP
Curious, what are your Chrome extensions?  
Did you recently install a program or Chrome extension?

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 20-Jun-2022 | 8:50AM · Permalink

~ if you think it'll help

Please post related: Security History -> Intrusion Prevention 

change file type from (*.mcf) to text (*.txt)

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 21-Jun-2022 | 9:56AM · Permalink

The only chrome extensions I have are Norton safe web and Honey.  I've had them for a very long time.  

I have not added any extensions.  

I have not changed any website permissions. 

I ran the Chrome clean up.

I have not allowed push notifications.  

Malware found nothing. 

I stopped using Chrome, since as I said pretty much every time I got the Norton intrusion warning saying the attempt by offclaydolon com was blocked.  Norton does say there is no action required. I have gone into Chrome today and I did not get the warning.  I just quit using Chrome once I was getting the intrusion warning most every time when I opened Chrome.  

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 21-Jun-2022 | 10:36AM · Edited: 21-Jun-2022 | 10:40AM · Permalink

Okay.  I sense that you're satisfied Norton did its job.  
Okay.  I'll stop trying to reproduce.
If you're able to reproduce.  I'd urge investigating. 

Note:  my understanding is that -
Norton has confirmed offclaydolon.com detection is accurate.  
offclaydolon.com has been used for malicious purposes. 

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 25-Jun-2022 | 4:22PM · Edited: 25-Jun-2022 | 4:30PM · Permalink

I just went into Chrome and I got the above Norton intrusion warning once again.  It must be something in the Chrome browser.  Can someone please tell me if I delete the Chrome browser, would whatever is trying to intrude stop?  I have Edge and Brave browsers and I don't see any intrusion warnings when I open them.  As I said there is no redirection, but why is there an intrusion attempt when I open the browser?  I do notice Chrome takes a good little bit to load when I open it.  Is there a way for Norton to check the browser?  

Here's the text from the intrusion attempt today: Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description,Category
6/25/2022 7:04:59 PM,Medium,An intrusion attempt by 139.45.195.6 was blocked.,Blocked,No Action Required,Malicious Site: Malicious Domain Request 22,No Action Required,No Action Required,"139.45.195.6, 443",https://offclaydolon.com

Kudos0

Re: Intrusion attempt when I open Google Chrome browser

Posted: 25-Jun-2022 | 4:44PM · Edited: 25-Jun-2022 | 4:55PM · Permalink

Malwarebytes Malware Removal Help
https://forums.malwarebytes.com/forum/108-malware-removal-help/

OR (not both)

Virus Protection Promise is a virus removal service provided by Norton experts. 
https://us.norton.com/virus-protection-promise
Note: Automatic Renewal Service must be enabled in order to redeem VPP

~ were my machine - I'd request Malwarebytes Malware Removal Help

~ here's an example of Malwarebytes Malware Removal Help helping Norton user - "An intrusion attempt"
https://forums.malwarebytes.com/topic/287715-norton-system-infected-coinminer-activity-2-7-9-25/

This thread is closed from further comment. Please visit the forum to start a new thread.