Jump to content

hanstrakr trojan

Recommended Posts


i have read over a few post related to this issue . i read its best to start a new thread instead of trying to get help piggy backing someone else's post.

it appears that its pretty common that this trojan , not sure what the name is . but it pops up pretty often even if the same website is in use. i use to think it was only when you opened a new window .

i can save the log files to a text and send them to whomever would like to try and direct me on what i need to do.


thanks . carl

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back

If the problem has not been solved run this program.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites

There is no popup or any malware ad work here, its just Malwarebytes blocking that domain because they have Malware on their site.

MWB is doing its job and protect you from it, that's all. I get the same pop-up from malwarebytes as you in Firefox.

Link to post
Share on other sites

Registry Domain ID: 2103534459_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2018-04-14T12:49:16Z
Creation Date: 2017-03-09T11:20:56Z
Registrar Registration Expiration Date: 2027-03-09T11:20:56Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Hans Peter
Registrant Organization: Hans Peter XYZ Inc.
Registrant Street: Wan Chai Rd 158 
Registrant City: Honkong
Registrant State/Province: Other
Registrant Postal Code: Wan Chai
Registrant Country: HK
Registrant Phone: +852.2528216
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: webmaster@hanstrackr.com
Registry Admin ID: Not Available From Registry
Admin Name: Hans Peter
Admin Organization: Hans Peter XYZ Inc.
Admin Street: Wan Chai Rd 158 
Admin City: Honkong
Admin State/Province: Other
Admin Postal Code: Wan Chai
Admin Country: HK
Admin Phone: +852.2528216
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: webmaster@hanstrackr.com
Registry Tech ID: Not Available From Registry
Tech Name: Hans Peter
Tech Organization: Hans Peter XYZ Inc.
Tech Street: Wan Chai Rd 158 
Tech City: Honkong
Tech State/Province: Other
Tech Postal Code: Wan Chai
Tech Country: HK
Tech Phone: +852.2528216
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: webmaster@hanstrackr.com
Name Server: 1a7ea920.bitcoin-dns.hosting
Name Server: a8332f3a.bitcoin-dns.hosting
Name Server: ad636824.bitcoin-dns.hosting
Name Server: c358ea2d.bitcoin-dns.hosting
DNSSEC: Unsigned
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1.2013775952
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2019-03-03T21:43:55Z <<<

Link to post
Share on other sites


This fix is for nympfisher only.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please post the Fixlog.txt and let me know what problem persists.

If other uses do not have the right to post in this topic.
You most start a your own topic to get help.


Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.