Share via

Can someone explain to me what https://memory-scanner.cc is? It's always bothering me, suddenly appearing on my windows. How to fix it?

Muhammad Shakil 15 Reputation points
2026-01-09T00:34:07.64+00:00

Screenshot 2026-01-09 072840

Windows for home | Windows 11 | Apps

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Imran Hussain 10 Reputation points
    2026-01-12T15:44:10.5633333+00:00

    Based on the domain memory-scanner.cc, this is almost certainly adware or a potentially unwanted program (PUP) installed on your computer.

    Here is the breakdown of what is happening and how to fix it.

    What is this?

    The term "memory scanner" is commonly associated with game trainers, cheats, or "mod menus" for video games (like WeMod, Cheat Engine, or specific hacks for games like Roblox or GTA).

    1. The Cause: You likely recently installed a game cheat, a "cracked" program, or a free utility that bundled this adware.
    2. The Behavior: This adware uses the Microsoft Edge WebView2 runtime (which is installed on every Windows 11 PC) to display ads. It forces Edge to open a window to that specific domain to generate revenue for the software creator.
    3. The White Screen: The screen appears blank/white because the ad server is failing to load correctly or is being blocked by a firewall/antivirus, but the command to open the window is still running.

    How to Fix It

    Since this is likely being triggered by a program you installed, you need to find that program and remove it.

    Step 1: Find the Culprit using Task Manager

    This is the most effective way to stop it permanently.

    1. When the blank white popup appears, do not close it immediately.
    2. Press Ctrl + Shift + Esc to open Task Manager.
    3. Click on the Processes tab.
    4. Look for Microsoft Edge in the list. (You will likely see multiple instances of it).
    5. Hover your mouse over each Microsoft Edge process one by one.
    6. As you hover, the popup window on your desktop will become highlighted/bordered. This tells you which specific process is opening the popup.
    7. Right-click that specific process and select Open File Location.

    Most likely it will take you to mshta.exe in system32 folder - don't delete this mshta.exe

    This is a very important clue. Finding mshta.exe confirms exactly how this malware is operating.

    mshta.exe is a legitimate Windows component ("Microsoft HTML Application") that allows Windows to run .hta files (HTML Applications). It is not the virus itself—the virus is simply abusing this tool to force open the popup.

    Since the file path leads to a protected Windows folder, we cannot delete it. Instead, we need to find what is telling mshta.exe to open that website. This is almost always caused by a Scheduled Task created by the adware.

    Here is the specific fix for this scenario:

    Method 1: Check Task Scheduler (Most Likely Fix)

    This is the #1 way these "memory scanner" popups persist. The adware creates a hidden task that wakes up, runs mshta.exe, and points it to that website.

    1. Press the Windows Key, type Task Scheduler, and open it.
    2. In the left pane, click on Task Scheduler Library.
    3. Look through the list of tasks in the center pane.
      • Tip: Click the "Date" column header to sort by when they were last run. The task triggering the popup will likely have a "Last Run Time" that matches exactly when the popup appeared.
      1. Look for tasks with weird names, gibberish names, or names that try to look official but are signed by "Unknown" (e.g., "SystemUpdate," "DriverCheck," "ChromeUpdate").
      2. Double-click a suspicious task to open its properties.
      3. Click the Actions tab.
      4. This is the smoking gun: Look in the "Details" box. You are looking for a command that looks something like this: mshta.exe http://memory-scanner.cc/popup or mshta.exe vbscript:execute(...)
      5. If you see memory-scanner.cc listed there, you have found the culprit.
    4. Click OK to close the properties, then Right-click the task in the list and select Disable (or delete).

    Instead of disabling the tasks, best to delete all the pervious and running tasks. (as I have deleted the tasks and all is working great at my end - no more memory-scanner.cc popups)

    Method 2: Find the Trigger via Command Line

    If you can't find it in Task Scheduler, let's see exactly what command is launching it.

    1. Open Task Manager (Ctrl + Shift + Esc).
    2. Click on the Processes tab.
    3. Find the mshta.exe process that is running when the popup is active.
    4. Right-click it and select Go to Details.
    5. In the Details tab, right-click the highlighted mshta.exe and select Properties.
    6. This is tricky in Windows 11, so alternatively:
      • In the Details tab, right-click the column header (where it says Name, PID, etc.) and select Select Columns.
        • Check the box for Command Line and click OK.
          • Now look at the text in the "Command Line" column for mshta.exe.
            • Does it show a long string of text or a URL?
              • Sometimes this reveals a path to a .bat or .vbs file located in C:\ProgramData or AppData. If you see a file path there (e.g., C:\Users\Name\AppData\Local\Temp\launch.bat), go to that location and delete that file.

    Method 3: Check Windows "Startup" Folder

    Sometimes the malware places a script in the startup folder.

    1. Press Ctrl + R to open the Run box.
    2. Type shell:startup and hit Enter.
    3. A folder will open. If you see any files here (especially .bat, .vbs, or .url files) that you don't recognize, delete them.

    Summary

    Since you found mshta.exe, Method 1 (Task Scheduler- note this method worked well for me) is the strongest solution. The adware is essentially setting an alarm clock in Windows to wake up and annoy you with that popup. Disabling that specific task will stop it permanently.

    Was this answer helpful?

    3 people found this answer helpful.
  2. Ramesh Srinivasan 82,050 Reputation points Independent Advisor
    2026-01-09T06:02:25.77+00:00

    Hi Muhammad,

    The domain name you mentioned is a malicious domain. Your system may be infected.

    Reference: https://www.virustotal.com/gui/domain/memory-scanner.cc/details

    Please download Malwarebytes Antimalware and run a scan. Eliminate every piece of malware it finds. Malwarebytes should also get rid of all adware and PUAs and browser hijackers.

    https://www.malwarebytes.com/mwb-download/thankyou

    Note: the Malwarebytes setup may activate the Premium trial (15-day) version. After 15 days, it switches to the free version automatically.

    Post the detection report here.

    mbam-detection-report

    Standard Disclaimer: There is a link to a non-Microsoft website. The page appears to provide accurate, safe information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.