Jump to content

Malware still there after windows reinstall!?


Recommended Posts

Hi.

So I have this problem that i notice when i visit Fancentro.com (NSFW) i get redirected to patriarchia.ru
Fancentro.com is the only webpage that I have noticed this redirect. There is no other page that is effected.

I have scan my computer with Malwarebytes Premium Trial manytimes with no luck.
So I downloaded windows on another computer and made a USB Windows installer.

Then i formatted my windows drive and installed a clean copy from the flash drive.
When the new windows is installed the problem goes away for a day or so. Then I notice that my computer freeze up or act strange. Then when I go to fancentro.com again the problem is back.
So this virus, malware or what it is manage to comeback everytime.

On my last reset I did not visit any unknown trusted webpages so could not have gotten it again from the same location.
Please help me solve this.

Cheers.

Addition.txt FRST.txt Malewarebytes.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists and you are Syncing Firefox it with other Devices reset it.

Navigate to this page and Remove it as suggested.

https://support.mozilla.org/en-US/kb/remove-synced-device-firefox-accounts

When done restart the computer normally.

If all is well.

Return to your Firefox Account and Click the Connect button.

Reset the sync.

Restart the computer normally.
<<<>>>

Please post the Fixlog.txt and let me know if the problem is solved.

fixlist.txt

Edited by nasdaq
Link to post
Share on other sites

Edit:
So I have tested back and forth here now.
I noticed that is just one server at mullvad.net that give me this redirect.

I tried to install mullvads app on another computer and the same server gets me this redirect.
But the servers are in a countery that allow this kind of webiste so there are some infection at mullvad I guess?

I have not been able to install mullvad on a computer outside of my network.

Cheers.

Link to post
Share on other sites

Hi,

The review of mullvad is good.

Try this.

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html


If the problem is not solved would you like a fix to remove all traces of the program?

Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.