"Worker Process" accessing unknown websites in ALT+TAB menu

[e.r.georgiev]

Hello!

This is super weird, but this morning I found out that whenever I open Alt+Tab to shuffle through programs I will find 1-3 applications named "Worked Process".
One of them I found accesses the website "japancar.club", and I could also see ads on it so it bypasses my Chrome's AdBlock.
The second one accesses the same website's XLM file.
The third one shows a google result from a web search seemingly including the keywords "Japan Car Club Virus". I tried reproducing the search in google and I get different results, it seems like its done with a different search engine that also shows images under every result.

I visited the website and it hasn't been active since last year.
I had never visited the website before.

Malwarebytes returned 4 false positive pups related to google chrome and cheat engine. Logfile:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/29/18
Scan Time: 9:59 AM
Log File: 08c4ac9e-04db-11e8-a1d2-f0761cc43120.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3810
License: Premium

-System Information-
OS: Windows 10 (Build 16299.125)
CPU: x64
File System: NTFS
User: PCELLIS\Eduard

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 492260
Threats Detected: 4
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 10 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.7\STANDALONEPHASE1.DAT, No Action By User, [644], [393793],1.0.3810
PUP.Optional.Linkury.Generic, C:\USERS\EDUARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [1866], [454805],1.0.3810
PUP.Optional.Linkury.Generic, C:\USERS\EDUARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [1866], [454805],1.0.3810
PUP.Optional.Linkury.Generic, C:\USERS\EDUARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [1866], [454805],1.0.3810

Physical Sector: 0
(No malicious items detected)


(end)

Windows defender finds nothing.

I took this as high res as I could:

Has anyone seen something like this before? Where is it coming from?

 

[e.r.georgiev]

Solution:
It would seem like this is caused by "Flexera Software Manager". I've had this software installed for i don't know how long, but I've always kept an eye on its weird CPU usage. I always assumed that it's some licensing software for a product I've installed without knowing it's also installing Flexera. Anyway, I'm removing it.

I had to download their uninstall software to uninstall it. Malware at its finest.