Stef5 0 Posted July 7, 2016 Share Posted July 7, 2016 (edited) Today when I was doing something on the web, Google Chrome connected by itself to api.wipmania.com. This was totally unrelated to the sites I was using (at least I believe so). I wouldn't even have know about it, except that NOD32 showed a warning that Chrome is attempting a secure connection to that site, but with an untrusted certificate. I googled that domain and most results were about viruses. So I figured I'd gotten a virus. Also, this site says the virus (which they say accesses that domain) can control the traffic of chrome.exe. My question is, what do I do now? How do I remove this virus, if there is one? For now I'm planning to: run a full (not "smart check") NOD32 scan over the following night (maybe I should do it in safe mode?) run a check with several of the leading free scanners like Kaspersky in case NOD32 misses it get my PC to a repair shop Thanks in advance! Edited July 8, 2016 by Stef5 Link to comment Share on other sites More sharing options...
Administrators Marcos 4,915 Posted July 7, 2016 Administrators Share Posted July 7, 2016 It's a legitimate API: A simple yet powerful API allowing you to query the WorldIP database with a single link in Text, JSON and XML format. They have a problem with the certificate that expired yesterdat, hence the warning. Link to comment Share on other sites More sharing options...
Stef5 0 Posted July 8, 2016 Author Share Posted July 8, 2016 Thanks for the prompt reply, Marcos.But why would my Chrome attempt to connect to this domain by itself (without me requesting it)?Is it possible that a site I visited used this API unbeknownst to me, hence the access by Chrome? Also, various sites associate this API with a virus called Dorkbot (and also with some other viruses). Just do a google search for api.wipmania.com. If this domain was all that safe, why would most results be about viruses? Link to comment Share on other sites More sharing options...
Stef5 0 Posted July 10, 2016 Author Share Posted July 10, 2016 Just to let you know: It happened again! But this time with another server: maxcdn.cedexis-test.com. Chrome tried to connect to that server (again with a certificate problem) without me requesting it. However, googling for that server shows no virus-related results. So it seems Chrome does indeed access servers without my knowledge, without that being indicative of a virus. So I'm starting to think that the wipmania thing was safe as well. Link to comment Share on other sites More sharing options...
Recommended Posts