MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #61  
Old 04-23-12, 00:38
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

Here are the first 4 logs.
The only thing I noticed is that RogueKiller found 1 object and I closed the program without deleting anything.
Attached Files
File Type: txt Result.txt (450 Bytes, 2 views)
File Type: log 04232012_151844.log (12.9 KB, 8 views)
File Type: txt OTL.Txt (87.1 KB, 7 views)
File Type: txt RKreport[1].txt (1.3 KB, 5 views)
Reply With Quote
Sponsored links
  #62  
Old 04-23-12, 00:42
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

TDSSkiller found 11 objects, but they're in the form of unsigned files.
I choose 'skip' on all of them.

and yes, redirection still occuring on firefox
Attached Files
File Type: txt TDSSKiller.2.7.31.0_23.04.2012_15.31.34_log.txt (83.3 KB, 4 views)
Reply With Quote
  #63  
Old 04-23-12, 03:11
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: partner37.mydomainuser malware infections

Code:
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
FF - user.js - File not found
Not so sure why OTL is having trouble fixing these but I think it is going to be necessary for you to completely uninstall FireFox (Use Revo Uninstaller) and then reinstall a fresh copy from here: Mozilla Firefox 11.0 Final

Try this and let me know how it goes.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #64  
Old 04-23-12, 03:14
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: partner37.mydomainuser malware infections

Quote:
Originally Posted by hedvix View Post
and yes, redirection still occuring on firefox
Just to clarify, as you stated earlier; You're not actually getting "redirected" because this would mean you are still being forced to the partner37 site.

Instead, you are receiving a "cannot load this page / server" type error when browsing 1 website.
__________________
Facebook . Twitter . Blog . VirusTotal

Last edited by thisisu; 04-23-12 at 03:44..
Reply With Quote
  #65  
Old 04-23-12, 03:25
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

Quote:
Originally Posted by thisisu View Post
Just to clarify, as you stated earlier; You're not actually getting "redirected" because this would mean you were still being forced to the partner37 site.

Instead, you are receiving a "cannot load this page / server" type error when browsing 1 website.
Yes that is correct.. Sorry to confuse you
Reply With Quote
Sponsored links
  #66  
Old 04-23-12, 04:07
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

Quote:
Originally Posted by thisisu View Post
Code:
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
FF - user.js - File not found
Not so sure why OTL is having trouble fixing these but I think it is going to be necessary for you to completely uninstall FireFox (Use Revo Uninstaller) and then reinstall a fresh copy from here: Mozilla Firefox 11.0 Final

Try this and let me know how it goes.
I unsintalled firefox using Rev_uninstaller... I chose "Moderate" instead of "advanced" remove. Around the end, it asked me to check the bold items to delete them.. I checked them all and removed them..

After reinstalling the new firefox... I thought that the infection was gone.. Since when I first visited the -triggering-site... I wasn't receiving any error at all and was going through my bookmarks to see if any of them gets redirected (error)... It turns out, I am still receiving the error after going 3-4 bookmarks (this number varies).
All I can tell is that its a bit more less obvious? Before, the next website would definitely be redirected (error) right after triggering... Now, not so much.. but it is still there.

I also changed my settings on Chrome back to the original to check for the redirection.... And yes, I did get it... So I changed it back.
Reply With Quote
  #67  
Old 04-23-12, 04:46
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

Just would like to update...

Please ignore my last message about it being less obvious or harder to trigger... It just went back to the previous behavior which is redirecting the next website after more testing.
Reply With Quote
  #68  
Old 04-23-12, 11:42
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: partner37.mydomainuser malware infections

Can you screenshot the problems you are experiencing now. In both Google Chrome and FireFox.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #69  
Old 04-23-12, 19:09
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

Attached both screenshot.
I added some error console for the firefox.
Don't really know my way around Chrome unfortunately...
Attached Images
File Type: jpg googlechromerror.jpg (92.9 KB, 7 views)
File Type: jpg firefoxerror.jpg (90.7 KB, 4 views)
Reply With Quote
  #70  
Old 04-23-12, 20:37
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: partner37.mydomainuser malware infections

Hi,

After reviewing these screenshots, this does not appear to be malware related.

See the following topics/discussions on your issue:

If none of the above resolves your issue, we have a Software forum that is better suited for these types of discussions.

__

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /uninstall
      • Notes: The space between the combofix" and the /uninstall, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
  4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
  6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  7. Go to add/remove programs and uninstall HijackThis if it present
  8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
    related to MGtools and some other items from our cleaning procedures.
  9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures pointed to by step 7 of the READ ME
      for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
  10. After doing the above, you should work through the below link:
Be safe
__________________
Facebook . Twitter . Blog . VirusTotal

Last edited by thisisu; 04-23-12 at 21:38.. Reason: typo
Reply With Quote
Sponsored links
  #71  
Old 04-23-12, 21:29
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

Quote:
Originally Posted by thisisu View Post
Hi,

After reviewing these screenshots, this does appear to be malware related.
This does appear or this doesn't appear?
Reply With Quote
  #72  
Old 04-23-12, 21:38
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: partner37.mydomainuser malware infections

Quote:
Originally Posted by hedvix View Post
This does appear or this doesn't appear?
Sorry. Does not.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #73  
Old 04-23-12, 22:25
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

Sorry if I wasted your time if this has been a software problem after all... Thanks again for all of your time in helping me..
If I may ask, have my computer been clean for a while? Can I go ahead and create a restore point at this stage?
Reply With Quote
  #74  
Old 04-23-12, 22:38
thisisu's Avatar
thisisu thisisu is offline
Malware Consultant
 
Join Date: Apr 2006
Location: Houston, TX
Posts: 8,162
Thanks: 269
Thanked 1,434 Times in 1,355 Posts
Default Re: partner37.mydomainuser malware infections

You're welcome.

I would follow the cleanup instructions in the order given. I actually had OTL flush most your restore points a few posts ago. There shouldn't be many but you can flush them again and create a new one if you'd like.
__________________
Facebook . Twitter . Blog . VirusTotal
Reply With Quote
  #75  
Old 04-24-12, 07:44
hedvix hedvix is offline
Private First Class
 
Join Date: Apr 2012
Posts: 38
Thanks: 9
Thanked 0 Times in 0 Posts
Default Re: partner37.mydomainuser malware infections

Hi just would like to let you know,
after following the clean up procedure and the "how to protect yourself with malware"... The error is now gone from firefox.

Things I installed:
Spybot SnD
AVG 2012
AVG firewall
Spyware Blaster
Comodo DNS
Reply With Quote
Sponsored links
  #76  
Old 04-24-12, 08:03
Kestrel13!'s Avatar
Kestrel13! Kestrel13! is offline
Super Malware Fighter - Major Dilemma
 
Join Date: Apr 2007
Location: cloud cuckoo land
Posts: 27,864
Thanks: 833
Thanked 3,463 Times in 3,387 Posts
Default Re: partner37.mydomainuser malware infections

Just noticed your response! Glad to hear all is well again!!! Thanks thisisu for your contribution to this thread.
__________________
Have we been helpful? Did our services here at MajorGeeks save you a whole lot of cash? If you would like to bequest a small amount as a token of your appreciation, please look out for the yellow 'Donate' button on the top right of any page. Thanks!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Various malware/rootkit/trojan infections Jackers Malware Removal 2 11-30-10 17:36
multipule malware infections smssoleimani Malware Removal 1 05-26-09 14:10
malware infections nachito3 Malware Removal 3 05-14-08 22:03
malware infections aaronfr Malware Removal 8 03-04-07 14:34
Please help - Trojans, malware infections!! FaMaK Malware Removal 1 08-16-06 00:59


All times are GMT -5. The time now is 11:57.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger