0rginalet Posted October 23, 2019 ID:1341184 Share Posted October 23, 2019 Hi. So I have this problem that i notice when i visit Fancentro.com (NSFW) i get redirected to patriarchia.ru Fancentro.com is the only webpage that I have noticed this redirect. There is no other page that is effected. I have scan my computer with Malwarebytes Premium Trial manytimes with no luck. So I downloaded windows on another computer and made a USB Windows installer. Then i formatted my windows drive and installed a clean copy from the flash drive. When the new windows is installed the problem goes away for a day or so. Then I notice that my computer freeze up or act strange. Then when I go to fancentro.com again the problem is back. So this virus, malware or what it is manage to comeback everytime. On my last reset I did not visit any unknown trusted webpages so could not have gotten it again from the same location. Please help me solve this. Cheers. Addition.txt FRST.txt Malewarebytes.txt Link to post Share on other sites More sharing options...
0rginalet Posted October 23, 2019 Author ID:1341185 Share Posted October 23, 2019 Also good to know is that I have 2 extra HDD in my computer. With just personal files and scaned them as well. I have also backup the files and format the drives to make sure is nothing else there. Link to post Share on other sites More sharing options...
nasdaq Posted October 23, 2019 ID:1341189 Share Posted October 23, 2019 (edited) Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The Computer will restart when the fix is completed. It will create a log (Fixlog.txt) please post it to your reply. === If the problem persists and you are Syncing Firefox it with other Devices reset it. Navigate to this page and Remove it as suggested. https://support.mozilla.org/en-US/kb/remove-synced-device-firefox-accounts When done restart the computer normally. If all is well. Return to your Firefox Account and Click the Connect button. Reset the sync. Restart the computer normally. <<<>>> Please post the Fixlog.txt and let me know if the problem is solved. fixlist.txt Edited October 23, 2019 by nasdaq Link to post Share on other sites More sharing options...
0rginalet Posted October 23, 2019 Author ID:1341191 Share Posted October 23, 2019 Hi Nasdaq, thank you for taking the time to help me. Unfortunately after following ur steps the problem persists. I dont use firefox sync. Attaching my fixlog. Best regards. Fixlog.txt Link to post Share on other sites More sharing options...
0rginalet Posted October 23, 2019 Author ID:1341193 Share Posted October 23, 2019 So I tried to disconnect from my VPN. I use mullvad one of your partners I think. When I am not connected throw the VPN I dont get redirected. When connected i get redirected, no matter what server in the world i connect to. Best regards. Link to post Share on other sites More sharing options...
0rginalet Posted October 23, 2019 Author ID:1341196 Share Posted October 23, 2019 Edit: So I have tested back and forth here now. I noticed that is just one server at mullvad.net that give me this redirect. I tried to install mullvads app on another computer and the same server gets me this redirect. But the servers are in a countery that allow this kind of webiste so there are some infection at mullvad I guess? I have not been able to install mullvad on a computer outside of my network. Cheers. Link to post Share on other sites More sharing options...
nasdaq Posted October 23, 2019 ID:1341204 Share Posted October 23, 2019 Hi, The review of mullvad is good. Try this. Reset your router. It may be infected. How to Reset a Router Back to the Factory Default Settingshttp://www.ehow.com/how_2110924_reset-back-factory-default-settings.html Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it http://www.routerpasswords.com/http://www.phenoelit-us.org/dpl/dpl.html === Reset for Linksys, Netgear, D-Link and Belkin Routershttp://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/ ==== How to tell if my Wireless is secure.http://www.ehow.com/how_6775466_tell-wireless-secure_.html If the problem is not solved would you like a fix to remove all traces of the program? Link to post Share on other sites More sharing options...
0rginalet Posted October 23, 2019 Author ID:1341208 Share Posted October 23, 2019 The issue is solved. The problem is not with in my pc or router. The problem is that Fancentro.com har banned access to there site by redirect some server that mullvads use. Its just a IP Ban redirect. Cheers. Link to post Share on other sites More sharing options...
nasdaq Posted October 24, 2019 ID:1341347 Share Posted October 24, 2019 Good work. Glad we could help. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 4, 2019 Root Admin ID:1342954 Share Posted November 4, 2019 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts