7.2.201 - Malware alert wwradar.exe

Ever since updating to 7.2.201, Malwarebytes is sounding off alerts from wwradar.exe attempting to make an outbound connection to a crypto mining site… This occurs approximately every 30 minutes or so…

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: PUP
Domain: googlecm.hit.gemius.pl
IP Address: 217.182.200.29
Port: [40703]
Type: Outbound
File: C:\Program Files (x86)\Weather Watcher Live\wwradar.exe

Same here - both Malwarebytes and HitmanPro are finding this and blocking and deleting them.

I don’t normally use Malwarebytes, but I installed it to attempt to reproduce this issue. It has been running for about 30 minutes and I haven’t seen any blocking/deleting yet. I’ll follow up if anything changes.

You need to activate the free trial of Malwarebytes Premium. The issue is not that wwradar.exe is necessarily infected - but that the process is attempting to contact the address I posted above - which is a known crypto mining server.

Also, Malwarebytes isn’t deleting it - it’s just blocking the connection to that one site.

Since the file is signed by you, I’m assuming you would be aware of why the process would be trying to reach that address?

Yep – I did that.

Right. That’s why I installed Malwarebytes.

I’m starting to wonder if this may have been a false positive in MWB… The last block I got for this was yesterday at 3:53 PM and there are a few posts over in the MWB forum mentioning the googlecm.hit.gemius.pl domain popping up block notices over the past few days – with the originator being chrome.exe

It happened this morning (July 10) to me in HitmanPro - but nothing in Malwarebytes since yesterday.

I haven’t seen anything in Malwarebytes yet.

No Malwarebytes flags for 2 days now - maybe they figured out it was a false positive?