Can't go to a website: is "replaced" by another. (virus?)Solved/Closed

Question

Hello, 

I recently tried to go to the website tera-europe.com, but instead of the official website, I end up on a romanian website. Yet the url in the search bar is the good one.

Here is a screenshot of firefox, with the said page: http://image.noelshack.com/fichiers/2013/06/1360427800-sans-titre-2.jpg

After some researches, the other website is onlinemoca. As you can see in the tab, when I try to access to the french homepage of tera-europe, it's like I searched for "Fr Accueil" on onlinemoca, hence the "404 not found" error.

It only happens on this specific website and only my computer, but on every web browser.

I tried many things: multiple antivirus scans with Avast and Malwarebytes, repairing my hard drive errors, I changed my IP adress by resetting my router... I'm running out of ideas.

I suspect it's some kind of virus, but it's really weird.

What could I do to fix it?

Configuration: Windows 7 / Firefox 18.0

Ambucias · Answer

Hi

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a system log. 

1. Open this link and download ZHPDiag2 : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Click on ftp://zebulon.fr/no1

(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message. Once installed, click on the "hardhat" icon, it allows to change the language.)

2. Save the file on your Desktop. 

3. Double click on ZHPDiag.exe and follow the installation instructions. 

the tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix at the next step). 

4. Double click on the short cut ZHPDiag on your Destktop. 

5. Click on the screwdriver icon and ensure all of the items are checked.

6. Click on the Magnifying glass and run the analysys. 

Wait for the tool to finished (maybe a long time) 

7. Close ZHPDiag. 

8. To transmit the report, click on this link : 

https://authentification.site 

9. Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt). 

10. Select the file ZHPDiag.txt. 

11. Click on "upload » 

12. Copy the url and post it here.

Best regards

Ambucias
Moderator /Security Contributor

DeidaraSmash · Answer

Hi,

here's the ZHPDiag.txt file: https://authentification.site/96REh/ZHPDiag.txt

I hope you'll find something in. Thank you already.

Ambucias · Answer

Hi,

Your system is indeed badly infected by adware, spyware and your host file has been redirected. This will require a major clean-up.  

Please stand-by while I concoct a medicinal compound.

Ambucias · Answer

Hi again,

I was just taking another look at your log and notices a cracked application with a key generator. 

As a Kioskea moderator, I must uphold the Charter's principal on legal software licences. In order for me to continue helping you, you must remove the application, which any way is a malware source.  To give you a clue, it has to do with Sims.

Best regards

DeidaraSmash · Answer

Hi,

I forgot I had those, a friend shared me these. I have uninstalled them, with some other software that could be against the chart ("The sims" was my fault, but I'm not the only user on this computer) 

Here is a new ZHPDiag.txt file if needed: https://authentification.site/PrHAn/ZHPDiag.txt

michu5 · Answer

I have the same problem as DeidaraSmash. How to fix it?

Ambucias · Answer

Stand-by for the medicinal compound

Ambucias · Answer

The malware prevented from reaching the desired site by banning it.

1. Open Explorer (not to be confused with Internet Explorer) 

2. Navigate to the following file:

windows/system64/drivers/etc/host

3. Open the host file using notepad.

4. Delete the following entries:

Hosts: 213.239.204.183 tera-europe.com  
Hosts: 213.239.204.183 www.tera-europe.com 
Hosts: 213.239.204.183 account.tera-europe.com  
Hosts: 213.239.204.183 www.account.tera-europe.com 

5. Click on file and click on save

6. Close all windows

7. Follow these instructions to remove Babylon:

   http://ccm.net/faq/14594-how-to-get-rid-of-babylon-search-toolbar

8. Download Adwcleaner from Xplode.  For Win 7 Click right to run as administrator.

9. Run the tool and click on delete. 

10. Post the log in this thread. (You will find it : C:\Adwcleaner[Sx].txt )

Catch you later alligator

DeidaraSmash · Answer

Hi again,

Here is the log of Adwcleaner: https://authentification.site/hNaY6/AdwCleaner-S1.txt

I almost can't believe it's Babylon again causing trouble on my computer. I thought i got rid of it, but it wasn't gone...

Thank you for all the help, and the quick response.

Ambucias · Answer

I was not only Babylon, there was Price Gong, Crossrider, DVDVideosoft, opencandy, smartbar, Tuto4pc, escort, conduit and I am only naming a few.  There were 136.

Babylon is most often tagged on other software you download.  You have Babylon Translator.

The tool made a major clean-up.

If you edited the host file as I suggested, you should not be able to reach the site you wanted without being redirected to the pirate's site.

Bittorent and Peer2Peer Express Files are a major source of contamination and expose your system to intrusions.

Your antivirus is Avast which is far from the best.  I suggest that you uninstall Malwarebyte, just install it again if needed.  To avoid conflicts and false positive alerts, you should only one antivirus.

You may now remove Adwcleaner.

Please report on how your system is running now.  If okay, we will close this case.

Bonne journée

DeidaraSmash · Answer

Hi,

My computer is running perfectly now, I can access to the Tera website!

Really, thank you for all the help provided, I wouldn't have been able to think to delete the entries in the host file.

Bonne journée à vous!

Porkchop · Answer

Hi there,

I could use the same help DeidaraSmash recieved. I followed your instructions and i hope you could help me out aswell.

Heres the ZHPdiag.txt file https://authentification.site/ktcX3/ZHPDiag.txt

Ambucias · Answer

Hello Porkchop,

Your machine is badly infected with adware and also browser hyjacker.  You have a total of 130 malware.

Who or what is Cooler Master ?

The source of all the malware is the peer-to-peer applications called Pando and Utorrent, I strongly suggest you delete Pando and UTorrent as after clean-up, you will again compromise your system's security and stability.

Your system is also vulnerable because you have Avast and McAfee.  Both have scanning engines which may come in conflict, hence malware will go through or produce false positve.  You must remove one of them.

For today, we will do two things:

1. Download and run adware cleaner.
2. Download and run malwarebyte.

Once you have done both steps above, I would like you to produce and upload a new ZHP Diag log which will help me to prescribe a final clean-up of residual malware such as the one in your Host file which redirects your browser.

ADWCleanerDownload the following Adwcleaner created by Xplode

https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/

Launch it (for Windows 7 and 8, click right to run as administrator)
Click on delete
Post the log C:\Adwcleaner[Sx].txt on this thread.

Malwarebyte
Download, install and run Malwarebyte which you can find on this site: 

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware 

Ensure you make an update.

Please request a FULL system scan, which may take from 20 minutes to hours.  Do not interfere no matter how long in takes.  The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.

If Malwarebyte restarts your system, launch it again to finish the Full scan. 

When the scan is completed, delete all items found.

Oink oink oink (Means catch you later)

Porkchop · Answer

Hi again!

As answer to your first question: Cooler master is my computers name.

Pando and Utorrent has been deleted as you suggested.

I also uninstalled Mcafee and let avast stay as it was. Won't Malewarebyte crash with avast as mcafee did? as they both are scanning programs.

Malewarebyte Did not detect any harmfull software of any kind (i did a full scan) so there was nothing to delete.

Here is the new ZHP.diag txt file https://authentification.site/yBcx5/ZHPDiag.txt

Unfortunatly i have no idea how to post the ADWcleaner file as it hasn't a URL but is in Notepad.

I realy appriciate all the time and help you spend on me!

Cheers,

PS. Tenderloin is included!

Porkchop · Answer

Just found out how haha.

Heres the ADWcleaner file https://authentification.site/EMfE9/AdwCleaner-S1.txt

Ambucias · Answer

Hello,

You may now delete Malwarebyte.

There is still some clean-up to do.

ZHP Diag created an Icon on your desktop called ZHP Fix.

1. Launch ZHP Fix

2. Copy the lines below and then click on the clipboard which will paste the lines you have copied.

3. Click on the "Go" button at the bottom left

Here are the lines:

O1 - Hosts: 213.239.204.183 tera-europe.com    => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 159.253.18.161 download.frogster-online.com    => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 213.239.204.183 www.tera-europe.com    => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 159.253.18.161 account.tera-europe.com    => Infection Hosts (Hosts.Redirection)?
O1 - Hosts: 213.239.204.183 www.account.tera-europe.com    => Infection Hosts (Hosts.Redirection)?
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\OptimizerProUpdaterTask{9C7866A7-94DB-4399-B578-D602D7B1E185}.job   [422]    => Infection PUP (PUP.OptimizerPro)*
[MD5.00000000000000000000000000000000] [APT] [OptimizerProUpdaterTask{9C7866A7-94DB-4399-B578-D602D7B1E185}] (...) -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe (.not file.)   [0]    => Infection PUP (PUP.OptimizerPro)*
O42 - Logiciel: Search Assistant MocaFlix 1.66 - (...) [HKLM] -- SP_56ec1d15    => Infection PUP (Adware.Browse2Save)?
[HKCU\Software\SweetIM]    => Infection PUP (PUP.SweetIM)*
[HKCU\Software\WNLT]    => Infection PUP (Adware.IncrediBar)
[HKLM\Software\SweetIM]    => Infection PUP (PUP.SweetIM)*
O43 - CFD: 2012-06-16 - 05:37:19 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\Media Get LLC    => Infection PUP (PUP.MediaGet)
O43 - CFD: 2012-06-16 - 05:37:36 - [28,730] ----D C:\Users\COOLER MASTER\AppData\Local\MediaGet2    => Infection PUP (PUP.MediaGet)
O43 - CFD: 2012-06-16 - 05:37:19 - [0] ----D C:\Users\COOLER MASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGet2    => Infection PUP (PUP.MediaGet)
[MD5.97D252CAE2307E4538524B86326E9100] [SPRF][2012-07-23] (.iMesh Inc. - iMesh.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh_setup.exe   [2436080]    => Infection PUP (PUP.iMesh)*
[MD5.3AE0F11F3D91179443113CAB0F94F944] [SPRF][2013-02-05] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uninst1.exe   [372736]    => Infection PUP (Toolbar.Babylon)*
[MD5.7810AB1CF04E012469C141ABC693D3A7] [SPRF][2013-02-07] (.Somoto Ltd. - FilesFrog Update Checker.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\UpdateCheckerSetup.exe   [295440]    => Infection BT (Adware.MegaSearch)*
[HKCU\Software\SweetIM]    => Infection PUP (PUP.SweetIM)*
[HKLM\Software\SweetIM]    => Infection PUP (PUP.SweetIM)*
[HKCU\Software\WNLT]    => Infection PUP (Adware.IncrediBar)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SP_56ec1d15]    => Infection PUP (PUP.Mocaflix)
C:\Users\COOLER MASTER\AppData\Local\Media Get LLC    => Infection PUP (PUP.MediaGet)
C:\Users\COOLER MASTER\AppData\Local\MediaGet2    => Infection PUP (PUP.MediaGet)
C:\Users\COOLER MASTER\AppData\Local\Temp\uninst1.exe    => Infection BT (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh.ico    => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\iMesh_setup.exe    => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\NAG_iMesh.ini    => Infection PUP (PUP.iMesh)*
C:\Users\COOLER MASTER\AppData\Local\Temp\GoogleToolbarInstaller1.log    => Infection PUP (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\GoogleToolbarInstaller2.log    => Infection PUP (Toolbar.Babylon)
C:\Users\COOLER MASTER\AppData\Local\Temp\UpdateCheckerSetup.exe   
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} Orphean Key    => Orphean Key not necessary
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab    => System Requirements Lab
[MD5.00000000000000000000000000000000] [APT] [{1303D5C1-18F1-4C0E-95C1-F145B8B4F874}] (...) -- C:\Users\COOLER MASTER\Downloads\Gamez Aion Installer.exe (.not file.)   [0]    => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{1624914A-E1C5-45B8-B88D-1E6EA8544855}] (...) -- C:\Users\COOLER MASTER\Downloads\NCR1_install.exe (.not file.)   [0]    => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{D51C996B-4B99-4B88-845A-D1C589886873}] (...) -- C:\Program Files\Perfect World International\ROTFA-PW\uninstall.exe (.not file.)   [0]    => Fichier absent
[HKCU\Software\IncrediMail]    => Messaging.Incredimail
[HKLM\Software\IncrediMail]    => Messaging.Incredimail
O43 - CFD: 2012-09-09 - 22:13:01 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\._Revolution_    => Empty Folder not necessary
O44 - LFC:[MD5.8EAE83A881EC5A9DE023506A90EC7221] - 2013-04-28 - 16:23:43 ---A- . (...) -- C:\Windows\IE10_main.log   [8661]    => Fichiers de rapport (Log)
O44 - LFC:[MD5.C1F113C97032DE2C024FD32054CA2ED6] - 2013-04-28 - 16:50:16 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_21-b11.log   [3903]    => Fichiers de rapport (Log)
O44 - LFC:[MD5.CEDAA1296F909C019792F9C9AAA45D28] - 2013-04-29 - 12:07:17 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat   [130]    => Xplode - AdwCleaner DeleteOnReboot
O45 - LFCP:[MD5.B06D29B9F2D1F730A12DC2C64C8D5468] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.EXE-04FC6BF6.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.1A0ED754A6DEF55AB45B2FEFC2541AB7] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.TMP-2E32627A.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.011D5D85A7307597F2E9D1E6F3259598] - 2013-04-28 - 15:25:48 ---A- - C:\Windows\Prefetch\TERA_DOWNLOADERROR_FIX.TMP-8B3A7487.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.F025CBD7177F129342631EAB9FB3C13D] - 2013-04-28 - 15:40:55 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-5CD66EEB.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.AEFDF6B2104F5EAEC42390DF2FB9CA50] - 2013-04-28 - 15:40:58 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-6EB3AAE8.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.B1F2740EED5157080BD0228EF0ECA5E2] - 2013-04-28 - 15:40:58 ---A- - C:\Windows\Prefetch\TERA_PATCH_19_04_04-19_04_04_-7837665F.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.4894BBA5A60346F2DD8F3D7A5C85E7C9] - 2013-04-28 - 15:45:46 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-BB7FB91C.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.E17A1891487C7C91FC6CEBF4E9803EB9] - 2013-04-28 - 16:14:21 ---A- - C:\Windows\Prefetch\GUSE084.TMP-17239746.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.376D4C7968676DA5A617894D46406473] - 2013-04-28 - 16:23:51 ---A- - C:\Windows\Prefetch\NVUNRM.EXE-3037A2C4.pf    => Fichier du dossier Prefetcher
O45 - LFCP:[MD5.C284A57FDFE46D38756C4EDC3851A975] - 2013-04-29 - 12:10:46 ---A- - C:\Windows\Prefetch\PERSONAL.EXE-AF18CDF2.pf    => Fichier du dossier Prefetcher
[MD5.089966F62006BA94E540A9BBB3E6056A] [SPRF][2012-12-18] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\25829-662329-openoffice.exe   [151801119]    => Temporary file not necessary
[MD5.11D751D299B9ABDC77BFF4156C75C4CF] [SPRF][2013-02-07] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\bitool.dll   [38480]    => Temporary file not necessary
[MD5.067BECAFD5F884CEB2E86F766F965B5D] [SPRF][2013-04-05] (.Web Deals Interactive LLC - Installer.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\DropDownDeals_Setup-C4_2013_03_14.exe   [1418136]    => Temporary file not necessary
[MD5.FD6057B33E15A553DDC5D9873723CE8F] [SPRF][2011-06-27] (.Microsoft Corporation - DirectX 9.0 Web setup.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\dxwebsetup.exe   [288088]    => Temporary file not necessary
[MD5.04D68C71E2FD53556BFDBBA7B1BA9310] [SPRF][2012-05-15] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp
v3DVStreaming.dll   [368448]    => Temporary file not necessary
[MD5.EC49E08005AFBA2E425B2A5FAC9C6D3A] [SPRF][2012-01-07] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\Uninstaller-1164.exe   [314784]    => Temporary file not necessary
[MD5.8185457F9A211FA91CC9962B438DD5B4] [SPRF][2012-06-14] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt1D7A.tmp.bat   [74]    => Temporary file not necessary
[MD5.5341B9AC65621272BA66425FABDE085E] [SPRF][2012-12-04] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt9A9C.tmp.bat   [98]    => Temporary file not necessary
[MD5.5341B9AC65621272BA66425FABDE085E] [SPRF][2012-12-04] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\utt9DA8.tmp.bat   [98]    => Temporary file not necessary
[MD5.5007949F1DFD9C8186E21AD8AE4D5F82] [SPRF][2013-04-17] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttAA43.tmp.bat   [98]    => Temporary file not necessary
[MD5.5007949F1DFD9C8186E21AD8AE4D5F82] [SPRF][2013-04-17] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttADEB.tmp.bat   [98]    => Temporary file not necessary
[MD5.6C9AB0B99399AE3815844DFF6E2B66B2] [SPRF][2013-04-29] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttB54B.tmp.bat   [77]    => Temporary file not necessary
[MD5.2BE71120A0497563B8A2AF15C601415B] [SPRF][2012-12-12] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttEC91.tmp.bat   [98]    => Temporary file not necessary
[MD5.2BE71120A0497563B8A2AF15C601415B] [SPRF][2012-12-12] (...) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttEE07.tmp.bat   [98]    => Temporary file not necessary
C:\Users\COOLER MASTER\AppData\Local\Temp
sbD719.tmp    => Temporary file not necessary
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster
pPandoWebPlugin.dll (.not file.)    => P2P.Pando
O43 - CFD: 2013-04-29 - 12:56:29 - [14,327] ----D C:\Users\COOLER MASTER\AppData\Roaming\uTorrent    => P2P.µTorrent*
O43 - CFD: 2012-01-28 - 04:07:33 - [0] ----D C:\Users\COOLER MASTER\AppData\Local\uTorrent    => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 14:53:36 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht.dat.old   [4196]    => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 14:53:36 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrentss.dat.old   [99]    => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 21:54:35 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\Java.Heat.2013.SWESUB.BDrip.xvid-SC666.torrent   [28184]    => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:11:18 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrentesume.dat.old   [20826]    => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht.dat   [4274]    => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht_feed.dat.old   [2]    => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrentss.dat   [99]    => P2P.µTorrent*
O61 - LFC: 2013-04-28 - 22:12:44 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrentesume.dat   [2447]    => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:51:03 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\dht_feed.dat   [2]    => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:56:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\settings.dat   [96118]    => P2P.µTorrent*
O61 - LFC: 2013-04-29 - 11:56:29 ---A- C:\Users\COOLER MASTER\AppData\Roaming\uTorrent\settings.dat.old   [96144]    => P2P.µTorrent*
[MD5.5FC1063C1532F31A21012BA59C06A2EE] [SPRF][2013-04-17] (.BitTorrent Inc. - µTorrent.) -- C:\Users\COOLER MASTER\AppData\Local\Temp\uttA822.tmp.exe   [802136]    => P2P.BitTorrent*
O87 - FAEL: "TCP Query User{0E1539C9-E98D-4CD6-AE76-586669150568}C:\users\cooler master\downloads\utorrent.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\cooler master\downloads\utorrent.exe (.not file.)    => P2P.µTorrent*
O87 - FAEL: "UDP Query User{D1B0BBAE-59B1-4735-9C48-4F0AA2B28418}C:\users\cooler master\downloads\utorrent.exe" |In - Public - P17 - TRUE | .(...) 

After the step above, your computer should be squeeky clean from malware and in top running shape.

Best regards

Porkchop · Answer

Hi again, 

You will not belive it but i still can't access tera europe. The same rumanian site pops up like before. I saw that you wrote to deidara to change his hosts file and take away the following:
 213.239.204.183	tera-europe.com
159.253.18.161	download.frogster-online.com
213.239.204.183	www.tera-europe.com
159.253.18.161	account.tera-europe.com
213.239.204.183	www.account.tera-europe.com

somehow i can't delete it, it saids i need the administrators approval and im the only administrator there is so im completely lost mate.

Hope you find a solution.

Cheers!

Porkchop · Answer

Hi again

Thought you might need it:

ZHPfix results https://authentification.site/2eRAY/ZHPFixReport.txt

Best regards

Ambucias · Answer

Oink, oink

I did'nt think that I needed it but I did !

You should no longer get redirected when linking to tera Europe as it seems that your Host file has been cleaned.  If not let me know.

We will now clean your registry and that should be it.

I suggest you download, install and run this totally free yet very efficient registry cleaner :

https://ccm.net/download/download-13339-eusing-free-registry-cleaner

You can use the above tool once a month to keep the system in top shape.

Regards

Porkchop · Answer

Hi!

It wont work! tried scanning and repairing with the program you linked above and still no results.. Im running out of hope to be honest, seems like tera dosn't want me to visit them.

Thanks though mate, if you get any new ideas please do tell.

Peace

Can't go to a website: is "replaced" by another. (virus?)

22 responses

Subscribe To Our Newsletter!