did i got malware clicking on a Sponsored Link?

[luv2liv]

i needed to scan IPs on the network so i searched for "Advanced IP Scanner" using Chrome. clicked on the first result. it took me to a site similar to the real thing here "https://www.advanced-ip-scanner.com/"
download auto begin with an EXE of 6 Mb. i doubled clicked to install and it auto disappeared, even the EXE file! so i tried dl again n the same thing happened.

it dawned on me that i got to the wrong site. went back to google result and clicked on the real link https://www.advanced-ip-scanner.com/ and this time the file size is 20 Mb and install went through as usual.
any idea what did i install first? strange it does not show up anywhere in Win Uninstaller in Control Panel. or maybe it auto delete thanks to McAfee on the new laptop? brother took it home so i dont have the laptop in front of me. i cant find that fake link from any of my own browsers on desktop. on any of my browsers, no Sponsor links ever show up. how do i even try to find that 6mb exe file?

 

[mindless1]

McAfee should have logged the event if it did anything, as should windows defender (or was it disabled because McAfee was installed?). This is where I would start, looking at the logs, with the system not connected to the internet until all of this is resolved.

If it was malware, what is your chrome browser set to use as the default search engine? That host may have removed the malware site from their listings or the site itself might have been taken down. If you can't now find it with a browser search, then it should be in the history of the system that downloaded it, unless the browser is set to auto-delete history or it was deleted manually.

Otherwise, you could try file recovery scanning to see if that 6MB file can be found and then if so (doubtful after further use of the system but you never know) you could upload it to virustotal for a scan. Otherwise I'd be scanning the system for malware ASAP, not letting it connect to the internet until that happens. Put the malware scanner onto a flash drive to transfer to the system in isolation, not giving it internet access to download that, or anything else that hidden malware might like to do with a network connection.

What I would have done through being prepared, is restore the most recent partition backup to nuke it from orbit. It could be that you didn't catch anything but it is pretty suspicious and suggests that the goal was to infect the system with something.

 

[balloonshark]

Not sure about Chrome, but I have Firefox set up to ask where a file is saved. Theoretically it should prompt me before auto downloading or execution of an app/malware. Firefox is also sandboxed with Sandboxie, and so is my download folder, so if something runs, it doesn't permanently touch my system. I also upload all downloads under 650MB to virustotal for scanning, and I also scan with malwarebytes before running anything on my PC.

Firefox is also setup to save download history so perhaps your chrome browser does the same. Look in chrome settings for the word download and you may be able to set it up so this doesn't happen again.