windivert.dll

Hardware and software discussion.
Locked
ReyKenobi
Forum Junkie
Forum Junkie
Posts: 141
Joined: Fri Apr 08, 2016 12:27 pm

windivert.dll

Post by ReyKenobi »

Hi,

Sorry if this comes in a bit lengthy. I am trying to provide as much information as briefly as possible.

So, new laptop, hardly 2 months old, running fresh install of Win10 1803, updated to the latest updates.

This happened a couple days ago. I was watching some videos on YouTube and was doing other stuff too, and suddenly the laptop froze. I tried Alt+Ctrl+Del, etc. but nothing worked. So finally I had to hard reboot it.

After restart, everything is working fine, but I noticed thru my security software, that a program called windivert.exe made an entry in the registry. I did not recognize this program, so I checked the event viewer and it seems a few minutes before the freeze, it was installed. I googled wtf windivert.exe is and it seems it is a hacking tool or some sort that intercepts and redirects data packets. It is usually installed with KMS cracks for activating Windows / Office, etc.

But I don't have any cracked software on my laptop so I was more perplexed. I either pay for it or install free/open source ones. So I searched for windivert in windows explorer under C: drive, and found no instances of windivert.exe, but I found a windivert.dll, windivert32.sys and windivert64.sys under :

C:\Program Files\FreeDownloadManager.ORG\Free Download Manager

That is a download manager I use, and have been using since my previous laptop for many years, and never had this kinda of an incident before. Also, the date of creation for these is the same date I set up my laptop, about a couple months ago, and is not current date. Couldn't really find anything of use on FDM's website or on google.

I searched the registry for windivert to find (and possibly delete, or at least use that info to google further) the key that was added as per my security suite, but zero results came back, which is perplexing.

Everything is working fine as of now, but I have questions about how do I investigate this further and how to remove this from my machine. I don't want my new laptop ruined or my data compromised by some malicious element on my machine. Any resources will be helpful, including an alternate download manager like FDM that is free and easy to use. For now, I have blocked access to FDM in my firewall.

Thanks for bearing with me.
User avatar
LanikSJ
Site Owner
Site Owner
Posts: 1806
Joined: Thu Feb 15, 2007 7:44 am
Location: /dev/null

Post by LanikSJ »

Have you looked at this: https://www.solvusoft.com/en/malware/po ... windivert/ or https://www.bleepingcomputer.com/virus- ... zer-adware

Follow all the applicable directions and see where things stand.
"If it ain't broke don't fix it."
User avatar
smed79
Liste AR/FR Author
Liste AR/FR Author
Posts: 15839
Joined: Sun Jan 17, 2010 4:00 am
Location: EasyList Forum

Post by smed79 »

Run automated checks for Malware with Malwarebytes and AdwCleaner

https://malwarebytes.com/trial/ (free version)
https://malwarebytes.com/adwcleaner/

If still unsolved seek assistance on specialized forums
- https://ccm.net/forum/viruses-security-7 (no registration required)
- https://malwaretips.com/forums/malware- ... indows.10/
- https://forums.malwarebytes.com/forum/7 ... p-support/

Read also https://adblockplus.org/adware
•► Read RULES / Use forum Search
••► Don't post clickable links
•••►Upload screenshots at imgbb.com
Locked