0

So every here and there, a webpage with the url "http://windowsdefender.club/warning/download.php?mn=5623" will open on my computer.
This happens maybe once a day (I haven't really been recording it, but that's my estimate).
(I recently reinstalled Windows, and it's been there since the beginning)

So I'm trying to figure out the cause.

Things I've considerred:

  • Of course, I've gone through all autoruns.exe entries and couldn't find anything suspicious. I'm familiar with all processes, services, tasks, etc.
  • I'm using Google Chrome as my default browser. Since Chrome manages it's own processes for each new tab, I can't get any meaningful information from the tab process parent PID.
    (I think this is what most or all modern browsers do)
  • Using procexp.exe, I've searched for parts of the URL in the memory strings of anything that might have something to do with it, but to no avail.
  • I have found some similar questions online, but nothing that has gotten me closer.

The only thing I can think of is, that it might have something to do with KMSpico, which I have installed.
Although, I've has this installed before and currently have it on other computers, but never came across this issue.

Any other ideas?

Eli Finkel
  • 121
  • 4

1 Answers1

0

It might be a good ideal to download a malware scanner such as Malwarebytes Antimalware (MBAM). The link you've provided attempted to infect my computer, but MBAM blocked it. I had to close Firefox and re-open it in order to stop the attack. The free trial of MBAM will provided limited duration real-time monitoring (and blocking) but when it expires, it becomes an on-demand or by-request protection, making it less effective.

fred_dot_u
  • 2,902
  • 1
  • 15
  • 10