I am running into some malware and I'm trying to understand whether it's one of the following types:
1) the malware is located on my PC, and therefore I need to take action to remove it.
2) the malware is not located on my PC and was encountered by merely visiting a web site at the time.
I have Windows 10, Chrome, and do a lot of web surfing, and I have downloaded some free Windows utilities from sites like CNET, which I understand can also download PUPs (potentially unwanted programs) like malware.
About once a week, I will encounter a phishing web site, in all cases after clicking on a link on a web site that I trust. When the phishing web site comes up, I manage to close it, and then click on the exact same link again, and the phishing web site does NOT appear. Each week that it appears, the phishing web site looks different and has a different URL displayed on the browser.
In one case, I was visiting the "carvana.com" web site, clicked on a link there (not an external link), and the phishing web site came up. Tried the same carvana link a second time and the phishing web site did NOT appear. I had multiple chrome tabs open at the time, but all to web sites that I trust. Perhaps there could be some malware advertisement on those other chrome tabs?
I have run multiple McAfee full scans, and the Malware bytes free scanner multiple times, and some free Microsoft scanners from their web sites, and they have all found nothing. I have run the Farbar scan recovery tool, and it has flagged nothing suspicious that I can tell.
I think I have removed all of the free utiltiies that I had downloaded from places like CNET.
I have reset Chrome, removed all chrome extensions, checked Windows scheduled tasks and have not found anything suspicious, and the problem still persists. I am going to try re-installing Chrome, and if that does not work, then I may try re-installing Windows.
My question is: does this sound like my PC is infected and I need to take some action to remove the malware, or am I chasing something different like a malware advertisement on some trusted web site and therefore I can ignore it or change my web surfing habits?
Is there any debug method I can use to make this determination the next time it happens, like open the Chrome debugger or something? I made a chrome DMP (dump) file of the offending chrome process running the phishing web site, but I am not sure what I can do with it. In the dump file, I can see thousands of variations of the URL for the phishing web site.
I found this excellent presentation which describes some malware hunting tools for more knowledgeable users: