Tons of "A malicious url was blocked on COMPUTERNAME"

Hello everybody,

I would be grateful if you could help me to sort this out.


█ BACKGROUND (if you're curious) █

I purchased BitDefender and installed it on 2 PCs. The 2nd one is not the PC I use personally. The user is not very tech savvy but is very prudent.

It got a virus a while ago (deceiving email showing a fake sender with the name of a real friend of the user, who fall for it and opened the Excel attachment).

I cleaned the PC, run both the pre-Windows full scan with Bit Defender and a full scan with all options ON under Windows after that. Also run other scans with other products.


█ THE PROBLEM █

Every few hours (sometimes minutes), BitDefender keeps showing me notifications saying:

A malicious url was blocked on COMPUTERNAME

The device is safe.

Mar 19, 2022, 17:22

Malware

Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

Blocked URL

https://wjecpujpanmwm.tk/

TONS AND TONS of such notifications. The problem is, nobody is attempting to visit this damn tk website! I open Chrome's history and I see entries that match the exact time of BitDefender alerts. Well, it's not that website! Sometimes the user simply opened Linkedin, other times his email provider (email.it, a very popular and safe free email provider in Italy), sometimes even just Google for Google researches!

No other websites were opened at those times. No add-ons installed in Chrome (except for the 2 installed by BitDefender). I even completely reset Chrome, uninstalled, and re-installed it. As soon as I re-opened it, BitDefender recorded another event like that.


█ CONCLUSION (and question) █

Evidently, SOMETHING is trying to access that bloody https://wjecpujpanmwm.tk/ every few minutes/hours from the PC, but it is not the browser.

Why won't BitDefender also tell me WHAT actually tried to access that Malicious URL? Is there a way I can know?

Thank you!!!


Comments

  • Hello everybody,

    I would be grateful if you could help me to sort this out.


    █ BACKGROUND (if you're curious) █

    I purchased BitDefender and installed it on 2 PCs. The 2nd one is not the PC I use personally. The user is not very tech savvy but is very prudent.

    It got a virus a while ago (deceiving email showing a fake sender with the name of a real friend of the user, who fall for it and opened the Excel attachment).

    I cleaned the PC, run both the pre-Windows full scan with Bit Defender and a full scan with all options ON under Windows after that. Also run other scans with other products.


    █ THE PROBLEM █

    Every few hours (sometimes minutes), BitDefender keeps showing me notifications saying:

    A malicious url was blocked on COMPUTERNAME

    The device is safe.

    Mar 19, 2022, 17:22

    Malware

    Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

    Blocked URL

    https://wjecpujpanmwm.tk/

    TONS AND TONS of such notifications. The problem is, nobody is attempting to visit this damn tk website! I open Chrome's history and I see entries that match the exact time of BitDefender alerts. Well, it's not that website! Sometimes the user simply opened Linkedin, other times his email provider (email.it, a very popular and safe free email provider in Italy), sometimes even just Google for Google researches!

    No other websites were opened at those times. No add-ons installed in Chrome (except for the 2 installed by BitDefender). I even completely reset Chrome, uninstalled, and re-installed it. As soon as I re-opened it, BitDefender recorded another event like that.


    █ CONCLUSION (and question) █

    Evidently, SOMETHING is trying to access that bloody https://wjecpujpanmwm.tk/ every few minutes/hours from the PC, but it is not the browser.

    Why won't BitDefender also tell me WHAT actually tried to access that Malicious URL? Is there a way I can know?

    Thank you!!!


  • nobody?

  • Hello @thealgorithm,

    If you do not visit the website and you still receive these notifications, then your browser connects to it either through allowed notifications or toolbars/extensions. I suggest that you clear the cache & cookies, remove any unused/unknown extensions and if the issues persist, reset your browser.

    If you are still receiving such a large number of notifications, I would recommend contacting the Technical Support Teams, as more information might be required to troubleshoot this. The engineers can take a closer look this way and even request logs, if necessary. You can get in touch with our engineers by choosing one of the contact methods available here:

    https://www.bitdefender.com/consumer/support/

    Stay safe.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Thanks a lot @Alexandru_BD !

    Yes, I had already addressed the browser issue. No extensions, cleared completely. Full browser reset, uninstalled, and reinstalled. Still getting the alerts regularly. To the point that I'm starting to think that using the browser is a mere coincidence and maybe some background process is trying to contact that website!

    Thanks for the link suggestion, I didn't know there was that support.

    Stay safe

  • same issue, well, different URLs (iclickcdn.com, tickmatureparties.com, perfunctoryfrugal.com, etc.).

    Happens often upon booting up the machine before I even open a browser.

    I only use Chrome, but I have five separate Chrome profiles currently. Where can I find a good step-by-step on resetting all the profiles? Perfectly willing to do that, as clearing data and cookies on the main two profiles hasn't stopped these URLs from showing up in either the "Online Threat Prevention" warnings, or my pi-hole's request logs, or my previously running trial versions of other anti-malware software.