windivert.dll
Posted: Mon Sep 24, 2018 2:17 pm
Hi,
Sorry if this comes in a bit lengthy. I am trying to provide as much information as briefly as possible.
So, new laptop, hardly 2 months old, running fresh install of Win10 1803, updated to the latest updates.
This happened a couple days ago. I was watching some videos on YouTube and was doing other stuff too, and suddenly the laptop froze. I tried Alt+Ctrl+Del, etc. but nothing worked. So finally I had to hard reboot it.
After restart, everything is working fine, but I noticed thru my security software, that a program called windivert.exe made an entry in the registry. I did not recognize this program, so I checked the event viewer and it seems a few minutes before the freeze, it was installed. I googled wtf windivert.exe is and it seems it is a hacking tool or some sort that intercepts and redirects data packets. It is usually installed with KMS cracks for activating Windows / Office, etc.
But I don't have any cracked software on my laptop so I was more perplexed. I either pay for it or install free/open source ones. So I searched for windivert in windows explorer under C: drive, and found no instances of windivert.exe, but I found a windivert.dll, windivert32.sys and windivert64.sys under :
C:\Program Files\FreeDownloadManager.ORG\Free Download Manager
That is a download manager I use, and have been using since my previous laptop for many years, and never had this kinda of an incident before. Also, the date of creation for these is the same date I set up my laptop, about a couple months ago, and is not current date. Couldn't really find anything of use on FDM's website or on google.
I searched the registry for windivert to find (and possibly delete, or at least use that info to google further) the key that was added as per my security suite, but zero results came back, which is perplexing.
Everything is working fine as of now, but I have questions about how do I investigate this further and how to remove this from my machine. I don't want my new laptop ruined or my data compromised by some malicious element on my machine. Any resources will be helpful, including an alternate download manager like FDM that is free and easy to use. For now, I have blocked access to FDM in my firewall.
Thanks for bearing with me.
Sorry if this comes in a bit lengthy. I am trying to provide as much information as briefly as possible.
So, new laptop, hardly 2 months old, running fresh install of Win10 1803, updated to the latest updates.
This happened a couple days ago. I was watching some videos on YouTube and was doing other stuff too, and suddenly the laptop froze. I tried Alt+Ctrl+Del, etc. but nothing worked. So finally I had to hard reboot it.
After restart, everything is working fine, but I noticed thru my security software, that a program called windivert.exe made an entry in the registry. I did not recognize this program, so I checked the event viewer and it seems a few minutes before the freeze, it was installed. I googled wtf windivert.exe is and it seems it is a hacking tool or some sort that intercepts and redirects data packets. It is usually installed with KMS cracks for activating Windows / Office, etc.
But I don't have any cracked software on my laptop so I was more perplexed. I either pay for it or install free/open source ones. So I searched for windivert in windows explorer under C: drive, and found no instances of windivert.exe, but I found a windivert.dll, windivert32.sys and windivert64.sys under :
C:\Program Files\FreeDownloadManager.ORG\Free Download Manager
That is a download manager I use, and have been using since my previous laptop for many years, and never had this kinda of an incident before. Also, the date of creation for these is the same date I set up my laptop, about a couple months ago, and is not current date. Couldn't really find anything of use on FDM's website or on google.
I searched the registry for windivert to find (and possibly delete, or at least use that info to google further) the key that was added as per my security suite, but zero results came back, which is perplexing.
Everything is working fine as of now, but I have questions about how do I investigate this further and how to remove this from my machine. I don't want my new laptop ruined or my data compromised by some malicious element on my machine. Any resources will be helpful, including an alternate download manager like FDM that is free and easy to use. For now, I have blocked access to FDM in my firewall.
Thanks for bearing with me.