8 replies to this topic

[oldreb]

Hello

Resently sometimes when I try to load some sites it redirects to partner37.mydomainadvisor.com and shows that the servers is not found.

I found that I had installed a software that monitos for phishing that had a verry similar name so I uninstalled it and now I do not get the redirects however I get the server not found message when the site should be loading.

Also this morning my computer got so slow I almost could not even get it to restart.
I had just restarted it yesterday.

One thing that I should mention is that I do web site design so I do have a test server installed called abyss web server but I only turn it on when I am testing my sites.

Thank you for any help that you give with this.

Attached Files

•  DDS.txt   17.04K   8 downloads
•  Attach.txt   5.28K   5 downloads

[Maniac]

Hello oldreb and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


Step 1

Please uninstall the following applications:

BitTorrent
FrostWire 5.0.8
eMule

Because they are against our policy.
http://forums.malwar...showtopic=97700

Also, uninstall Spam Free Search Bar, because is a Visicom "Dynamic Toolbar", hailing from downloadcdn.com - detected by ESET's Nod32 antivirus as Win32/Adware.Toolbar.Visicom .


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log

[oldreb]

Hello Maniac
Thank you for your reply

I wanted to reply to a few things.

BitTorrent, FrostWire 5.0.8, eMule
I don't even remember installing those but I don't need then so they are now removed.

Spam Free Search Bar
I have been trying to figure out what that thing was called and how to remove it for a while now and thinks to you I now knowq what it's called and have removed it.

BACKDOOR WARNING
Okay that has me very worried.
So I think I'm going to backup my pictures and do the format and reinstall the OS.

One question. I know that it is not recomended to backup such files as php files but my web site files are important.
Is there a safe way to back those up?

I am backing up to dvd.
I used Malwarebytes and scaned my web site files folder and it did not find anything.

Think you again for your help.

[Maniac]

Of course you can. I'm also a developer and understand.

To be more sure that everything is OK, enter in www.virustotal.com and upload them there. Will be scanned more than 40 antivirus programs and thus avoid the likelihood of being infected.

[oldreb]

Hello again

I did not have a copy of windows so I went to place that I bought the computer as windows was already installed. The guy siad that he could not give me the key or cd so I had to end buying a copy (which really upset me me.

Anyway case I ran the install and everything seems to be running a lot better.

However: One site that I went to last night after the install loaded fine but today I tryed it and got server not found.
So right then I called a friend and asked him to check the site and he said it loaded fine for him.
Note that my friendhas a different ISP than I do.

So now I'm worried if something is still there or could it just be something that my ISP is doing?

The only thing that I did was install windows and downloaded all of the windows updates.
The site would not load even before I installed the AVG.

So I just went through the same thing that I did in my first post and will attach the log files here.
Can you please have one more look and see if there is anything there?

Thank you

Attached Files

•  Attach.txt   2.51K   2 downloads
•  DDS.txt   10.45K   3 downloads

[Maniac]

Only happens with this site? If so, the problem is most likely due to this site, not to your system or internet connection.

Everything looks good.

[oldreb]

Okay thinks again for everything.

Yes it only happens on that one site but my friendgot on the site at the same time that it was telling me that the server could not be found.

Oh well I'm not going to worry to much because I only go there for the political discussions lol.
As long as I know my computer is clean I'm happy.

Thank you again for everything

[Maniac]

I suggest you to ask your ISP, if the problem persists, there is simply no logic to the problem due to you because it is a one single website.

Glad I could help!

Some malware prevention tips:
http://forums.malwar...=0


Safe surfing!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!