The reason for me writing this is the following attack (An intrusion attempt by survey-smiles.com was blocked) from survey-smiles.com blocked by Norton:
From the above it looks like survey-smiles.com is trying to access a host.docker.internal at port 5986. This is assuming that I am running docker and that may be I am running a vulnerable version, which it can take advantage of. Norton has thankfully detected it.
At first I thought that the attack was coming from online but after checking the error in detail I noticed that it was coming from Google Chrome.exe.
Turns out that survey smiles is a browser hijacker. It gets installed in your system and that causes the program to run in background but I think through an extension as we will see below.
I tried to:
- Do a full scan (failed my patience)
- Do a system restore (failed)
- Uninstall Chrome (also failed)
Then I realised that with both a system restore and uninstalling chrome I had kept my browsing data and that it was most likely related to something in chrome.
I then reviewed all the extensions that I had installed (even those that were installed from over a year ago). Turns out that the issue was originating from the “SetupVPN – Lifetime Free VPN” extension for me. Be careful, it will redirect you to an unsafe website when you remove it.
There might be other affected extensions based on feedback that I have seen online. So my recommended approach is going to be to clean up all the Chrome extensions and install them one by one to check.
Best of luck, this was an annoying one to remove!