Jump to content

Chrome connects by itself to suspicious site api.wipmania.com


Recommended Posts

Today when I was doing something on the web, Google Chrome connected by itself to api.wipmania.com. This was totally unrelated to the sites I was using (at least I believe so). I wouldn't even have know about it, except that NOD32 showed a warning that Chrome is attempting a secure connection to that site, but with an untrusted certificate.
 
I googled that domain and most results were about viruses. So I figured I'd gotten a virus.

Also, this site says the virus (which they say accesses that domain) can control the traffic of chrome.exe.

 
My question is, what do I do now? How do I remove this virus, if there is one?
 
For now I'm planning to:

  • run a full (not "smart check") NOD32 scan over the following night (maybe I should do it in safe mode?)
  • run a check with several of the leading free scanners like Kaspersky in case NOD32 misses it
  • get my PC to a repair shop

Thanks in advance! :)

Edited by Stef5
Link to comment
Share on other sites

  • Administrators

It's a legitimate API: A simple yet powerful API allowing you to query the WorldIP database with a single link in Text, JSON and XML format. They have a problem with the certificate that expired yesterdat, hence the warning.

Link to comment
Share on other sites

Thanks for the prompt reply, Marcos.
But why would my Chrome attempt to connect to this domain by itself (without me requesting it)?
Is it possible that a site I visited used this API unbeknownst to me, hence the access by Chrome?
 
Also, various sites associate this API with a virus called Dorkbot (and also with some other viruses). Just do a google search for api.wipmania.com. If this domain was all that safe, why would most results be about viruses?

Link to comment
Share on other sites

Just to let you know: It happened again! But this time with another server:

maxcdn.cedexis-test.com.

Chrome tried to connect to that server (again with a certificate problem) without me requesting it.

However, googling for that server shows no virus-related results. So it seems Chrome does indeed access servers without my knowledge, without that being indicative of a virus. So I'm starting to think that the wipmania thing was safe as well.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...