Assigned Am I being redirected to fake PayPal webpage?

lovehungryman · Feb 9, 2022

Hello friends!
I have been trying to enter Paypal.com but anytime page loads, it defaults to Денежные переводы и онлайн-платежи PayPal | PayPal RU even though I am not Russian nor I am in Russia same happens even if click website link through Wikipedia. Which it is strange since before I am being able to open the "normal" PayPal and all. Now, I might sound a little paranoid but I don't even dare to enter my login details since they might be stolen if it is indeed a phishing website. Any advice how to proceed? Is my PC infected by malware that tries to redirect me to scam sites like this?
Thanks!

nasdaq · Feb 9, 2022

Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

lovehungryman · Feb 10, 2022

nasdaq said:
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Attach Files.
Navigate to the location of the File.
Click the file. It will appear in the reply section.
Click the Post Reply button.

Please post the logs for my review.

Let me know what problems persists.

Wait for further instructions

Hello! Thanks for reply!
It seems for some reason I can not upload the FRST.txt file to here only the Addition.txt uploads... how to do it?

nasdaq · Feb 10, 2022

Hi,
I need to the the FRST.TXT fle created by the Farbar program.
Please post it.

lovehungryman · Feb 11, 2022

nasdaq said:
Hi,
I need to the the FRST.TXT fle created by the Farbar program.
Please post it.

Hello, as I said, for some reason I can't upload FRST.txt file. Whenever I try to post it here it uploads a blank/empty file, I tried to make copies and all copies seem to upload but are empty after I click "Post". Tried to create a zip file but MT doesn't support that extension. I tried through my phone, different PC´s and it is not possible. Only the addition.txt file worked at first try, don't know what else to do? Below a png file showing what I mean.

nasdaq · Feb 11, 2022

I cannot read your logs.

I need you ro rename the Farbar .exe program to FRSTENGLISH.exe.
The logs will be written in English.

I need you to post the logs in this topic.
If the logs are too long please attach them to your next reply.

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

lovehungryman · Feb 11, 2022

nasdaq said:
I cannot read your logs.

I need you ro rename the Farbar .exe program to FRSTENGLISH.exe.
The logs will be written in English.

I need you to post the logs in this topic.
If the logs are too long please attach them to your next reply.

Attach the file(s). A 2 Steps process.
Reply to this topic.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach. <- Step 1.
Click Attach this file. <- Step 2.
Click the Add reply button.

Please post the logs for my review.

Sorry but I never got FRST.txt attached, so I checked a workaround here at MalwareTips ( they say that it seems to be an upload issue on this site). So only option is to copy and paste the URL.
Anyways, I hope it works and it's Ok with you!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022Ran b - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.

pastebin.com

nasdaq · Feb 11, 2022

Hi,

Nothing suspicious was found in your logs. Run this fix.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code:

start

Comment: For your security a new restore point will be created.
CreateRestorePoint:
Comment: We need to close all processes to complete the fix.
CloseProcesses:

Comment: TCP/IP Reset
CMD: netsh int ip reset
CMD: ipconfig /flushDNS

Comment: To rebuild the performance counter library values.
CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R"
CMD: "%WINDIR%\SysWOW64\lodctr.exe /R"
CMD: "C:\Windows\SYSTEM32\lodctr.exe /R"
CMD: "C:\Windows\SysWOW64\lodctr.exe /R"

Comment: Use Farbar routine to delete temp files
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp.

Comment: The system will restart.
Reboot:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt.
Let me know if the problem persists.

lovehungryman · Feb 12, 2022

First of all I thank you for all trouble and willingness for helping me!

I was thinking (as someone else pointed out), that maybe the DNS I was using (Yandex) is the culprit or for example: yesterday while using Google Maps on street view all street names and places where shown in Russian (see attached file) even though the city is in Mexico but as I found in the broad internet, that sometimes Edge browser defaults to Russian while browsing around non-English sites if in language settings Russian is installed. To my surprise Russian was installed as a preference language not by me (but by Microsoft I guess) along with Portuguese. I deleted them and install Mexican Spanish and put it as default and it seem problem is solved.
I'll try flushing and changing my DNS to something else as an extra step.
Thanks again @nasdaq !

lovehungryman · Feb 12, 2022

nasdaq said:
Hi,

Nothing suspicious was found in your logs. Run this fix.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

Code:

start Comment: For your security a new restore point will be created. CreateRestorePoint: Comment: We need to close all processes to complete the fix. CloseProcesses: Comment: TCP/IP Reset CMD: netsh int ip reset CMD: ipconfig /flushDNS Comment: To rebuild the performance counter library values. CMD: "%WINDIR%\SYSTEM32\lodctr.exe /R" CMD: "%WINDIR%\SysWOW64\lodctr.exe /R" CMD: "C:\Windows\SYSTEM32\lodctr.exe /R" CMD: "C:\Windows\SysWOW64\lodctr.exe /R" Comment: Use Farbar routine to delete temp files C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp. Comment: The system will restart. Reboot: End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt.
Let me know if the problem persists.

nasdaq · Feb 12, 2022

if you still have issues let me know.
This topic will be closed in 6 days.

lovehungryman · Feb 15, 2022

It seems everything back to normal.
Thanks be given to you @nasdaq for your time.
Cheers!

Search

Assigned Am I being redirected to fake PayPal webpage?

lovehungryman

Level 2

Attachments

nasdaq

Moderator

lovehungryman

Level 2

Attachments

nasdaq

Moderator

lovehungryman

Level 2

Attachments

nasdaq

Moderator

lovehungryman

Level 2

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2022Ran b - Pastebin.com

nasdaq

Moderator

lovehungryman

Level 2

Attachments

lovehungryman

Level 2

Attachments

nasdaq

Moderator

lovehungryman

Level 2

Similar threads