different urls each time I don’t use VMware so I think it must be bluestacks or LDplayer emulators. The urls look sketchy so I’m not sure what to do I think the vm will stop working if I delete vmwarenat.exe. I checked the digital signatures of the file and it looked okay to me. Is it possible my VM is infected and I will have to delete it or deal with this popup spam from avast?
That was an old scan so I refreshed it, but it still came out the same.
vmnat.exe is an executable file that is part of the VMware Workstation software. It stands for VMware Network Address Translation (NAT) service.
First I don’t use VMware so I’m not familiar with it.
Looking at some of your screenshots, the URLs that vmnat.exe is connecting seem strange.
Though given that it is the VMware Network Address Translation (NAT) service and you were running a VM that would handle the connections (yes). However it wouldn’t just be accessing random sites, are the sites avast is alerting on ones you were trying to connect to (or would they be related to the VM, which I think unlikely) ?
No I’ve never seen or tried to connect to those sites before. I had some browser tabs open so maybe it could be ads from another website I’m viewing or had in a background tab that is trying to infect my pc? The only thing I use the bluestacks or LD player emulators for is to play games I think they somehow use VMs to work. I will try closing some tabs or the browser and see if it still makes the popups.
The first step when getting stuff like this, alerts on connections to sites you aren’t actually trying to connect to, is to clear the browser cache and cookies and restart your browser.
I deleted cookies and it came back still. Today I noticed the usual popups changed and was pointing to the Softether vpn I use on rare occasions, so I uninstalled and deleted the remaining folder. I thought the program was trustworthy. I downloaded it from the creators website and used cnet.com only for the vpngate plugins for it. I think one or the other must have been infected with something.
It can be difficult to pin these things down as you have found.
But the question I always ask in these instances why would the process responsible for the connection be going there.
I mean when you are using a VPN ordinarily you are still trying to connect to the site.
I tried to connect to An error occurred during a connection to wersusmolor.site and got this error 'The site could be temporarily unavailable or too busy. Try again in a few moments.
The other nn.line.pm resulted in an Avast alert, attached.