partner37.mydomainuser malware infections

[hedvix]

Here are the first 4 logs.
The only thing I noticed is that RogueKiller found 1 object and I closed the program without deleting anything.

[hedvix]

TDSSkiller found 11 objects, but they're in the form of unsigned files.
I choose 'skip' on all of them.

and yes, redirection still occuring on firefox

[thisisu]

Code:

Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
FF - user.js - File not found

Not so sure why OTL is having trouble fixing these but I think it is going to be necessary for you to completely uninstall FireFox (Use Revo Uninstaller) and then reinstall a fresh copy from here: Mozilla Firefox 11.0 Final

Try this and let me know how it goes.

[thisisu]

Quote:

Originally Posted by hedvix

and yes, redirection still occuring on firefox

Just to clarify, as you stated earlier; You're not actually getting "redirected" because this would mean you are still being forced to the partner37 site.

Instead, you are receiving a "cannot load this page / server" type error when browsing 1 website.

[hedvix]

Quote:

Originally Posted by thisisu

Just to clarify, as you stated earlier; You're not actually getting "redirected" because this would mean you were still being forced to the partner37 site.

Instead, you are receiving a "cannot load this page / server" type error when browsing 1 website.

Yes that is correct.. Sorry to confuse you

[hedvix]

Quote:

Originally Posted by thisisu

Code:

Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
FF - user.js - File not found

Not so sure why OTL is having trouble fixing these but I think it is going to be necessary for you to completely uninstall FireFox (Use Revo Uninstaller) and then reinstall a fresh copy from here: Mozilla Firefox 11.0 Final

Try this and let me know how it goes.

I unsintalled firefox using Rev_uninstaller... I chose "Moderate" instead of "advanced" remove. Around the end, it asked me to check the bold items to delete them.. I checked them all and removed them..

After reinstalling the new firefox... I thought that the infection was gone.. Since when I first visited the -triggering-site... I wasn't receiving any error at all and was going through my bookmarks to see if any of them gets redirected (error)... It turns out, I am still receiving the error after going 3-4 bookmarks (this number varies).
All I can tell is that its a bit more less obvious? Before, the next website would definitely be redirected (error) right after triggering... Now, not so much.. but it is still there.

I also changed my settings on Chrome back to the original to check for the redirection.... And yes, I did get it... So I changed it back.

[hedvix]

Just would like to update...

Please ignore my last message about it being less obvious or harder to trigger... It just went back to the previous behavior which is redirecting the next website after more testing.

[thisisu]

Can you screenshot the problems you are experiencing now. In both Google Chrome and FireFox.

[hedvix]

Attached both screenshot.
I added some error console for the firefox.
Don't really know my way around Chrome unfortunately...

[thisisu]

Hi,

After reviewing these screenshots, this does not appear to be malware related.

See the following topics/discussions on your issue:

• http://stackoverflow.com/questions/8...ebook-com-to-g
• http://stackoverflow.com/questions/8...installtrigger
• http://stackoverflow.com/questions/8...o-get-property
• https://bugzilla.mozilla.org/show_bug.cgi?id=701029

If none of the above resolves your issue, we have a Software forum that is better suited for these types of discussions.

__

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

[hedvix]

Quote:

Originally Posted by thisisu

Hi,

After reviewing these screenshots, this does appear to be malware related.

This does appear or this doesn't appear?

[thisisu]

Quote:

Originally Posted by hedvix

This does appear or this doesn't appear?

Sorry. Does not.

[hedvix]

Sorry if I wasted your time if this has been a software problem after all... Thanks again for all of your time in helping me..
If I may ask, have my computer been clean for a while? Can I go ahead and create a restore point at this stage?

[thisisu]

You're welcome.

I would follow the cleanup instructions in the order given. I actually had OTL flush most your restore points a few posts ago. There shouldn't be many but you can flush them again and create a new one if you'd like.

[hedvix]

Hi just would like to let you know,
after following the clean up procedure and the "how to protect yourself with malware"... The error is now gone from firefox.

Things I installed:
Spybot SnD
AVG 2012
AVG firewall
Spyware Blaster
Comodo DNS

[Kestrel13!]

Just noticed your response! Glad to hear all is well again!!! Thanks thisisu for your contribution to this thread.