What is EtatesCHpeg.exe?

[Rhel01]

CollectionLog-2019.01.02-22.04.zip
I ran hiJackthis, and EtatesCHpeg.exe showed up as malware. What is it, and is it safe to get rid of it?

[dragokas]

Hi,
thank you for the log.
We'll return to you as soon as possible.

---

Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.

[Sandor-Helper]

Hello,

Please uninstall PUP's:

Spybot - Search & Destroy
Spybot Anti-Beacon
TAP-Windows 9.21.2

Did you edit hosts file by yourself?

Close all running programs, temporarily unload antivirus and other protecting software.

Run a script in AVZ (File - Run script):

 ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
 ClearQuarantineEx(true);
 StopService('netfilter2');
 QuarantineFile('c:\program files (x86)\common files\etatechpeg\etatechpeg.exe', '');
 QuarantineFile('C:\WINDOWS\system32\drivers\netfilter2.sys', '');
 QuarantineFileF('c:\program files (x86)\common files\etatechpeg\', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0, 0);
 DeleteFile('C:\WINDOWS\system32\drivers\netfilter2.sys', '64');
 DeleteService('netfilter2');
 CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
 ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.

Computer will reboot.

File quarantine.zip from extracted AVZ foldet please send using this form or (if archive size exceeds the 8 MB) to this mailbox: quarantine at safezone.cc (change at to @) and specify your forum link in e-mail subject and password: virus in message body.

For secondary diagnostics please run AutoLogger again.
Attach new CollectionLog to your post.

Please update the AVZ safe files database:

1. Sart AVZ.
2. Execute database update by going through menu Files -> Update database
3. Close all of the applications and start the Internet Browser you use in your system (for example Internet Explorer, FireFox, Opera etc. – if several are installed on the system - start all of the browsers so that AVZ would analyze all of the plug-ins and extensions used).
4. In AVZ menu select File – Standard scripts. Select script 8 in an opened window ("Collection not recognized and suspicious files") and click "Execute selected scripts". This should take 1-5 minutes. As a result there will be created folder LOG inside of the AVZ folder and an archive named virusinfo_files<PC_name>.zip_
5. Upload this archive as described here.
6. If size of the archive will be more thatn 100 Mb you will need to upload it to any file exchange server that does not require recapture submission (for example: RGhost, Uploadmb.Com, Zippyshare, My-Files.RU, Ge.tt or WebFile) and add a link to it in your next forum message.

[Rhel01]

Thank you. I've never edited a hosts file.

[Sandor-Helper]

OK.
Please, continue all the above recomendations.

[dragokas]

Closed.
Reason: no answer for 10 days.
If you still need our help, please, execute tha last steps, requested by helper.
Also, download again AutoLogger, prepare new CollectionLog and write what problems remained.