![]() |
I've been hit by the Partner18mydomainadvisor malware... - Printable Version +- Linux Lite Forums (https://www.linuxliteos.com/forums) +-- Forum: Software - Support (https://www.linuxliteos.com/forums/forumdisplay.php?fid=5) +--- Forum: Other (https://www.linuxliteos.com/forums/forumdisplay.php?fid=20) +--- Thread: I've been hit by the Partner18mydomainadvisor malware... (/showthread.php?tid=822) Pages:
1
2
|
I've been hit by the Partner18mydomainadvisor malware... - m654321 - 09-09-2014 My LL 2.0 has just been hit by the parner18.mydomainadvisor malware. I have Firefox as web-browser and Google as search engine. This is despite having ESET antivirus for Linux (paid subscription) on my laptop, as well as being up-to-date with all my LL2 updates. It has already attacked my wife's Windows 8 on her computing and appears to be doing odd things to our mailbox. Help !!! What can I do? I have seen some websites declaring that you can download their software to remove partner18, but how do I know they are genuine and not malicious? Mike Re: I've been hit by the Partner18mydomainadvisor malware... - Scott(0) - 09-09-2014 Hi m654321, I feel for you, malware is never a good thing. Until your post I've never heard of parner18.mydomainadvisor malware. My last windows laptop died about 9 months ago so I can't test anything first hand but I did Google around and found this from Malwarebytes for the Windows side of things. https://forums.malwarebytes.org/index.php?/topic/153204-being-redirected/ Still looking for references to this malware on Linux. If I find anything I'll make a separate post. ~Scott Re: I've been hit by the Partner18mydomainadvisor malware... - rokytnji - 09-09-2014 If this is one of those drive by surfing malware thingies just for windows. If concerned. You can compare your ~/.mozilla folder contents with mine to see if any ~/.mozilla folder contents to mine. See if anything stands out to you. Mine is malware free. Code: harry@biker1:~$ cd .mozilla Also my /home folder. Code: harry@biker1:~$ ls -a Honestly. I don't think your malware what ever can get past /home to / root but that is just my opinion being unfamiliar with this malware. Re: I've been hit by the Partner18mydomainadvisor malware... - N4RPS - 09-10-2014 Hello! For the Windows box, Junkware Removal Tool (JRT) and AdwCleaner are both available from [url]http://www.bleepingcomputer.com Those two should take care of the issue. If not, Malwarebytes (which you can try for free to clean your infection) will remove it. NEVER PAY *ANYONE* for utilities to clean your infected PC. There ARE some good ones, but most are bogus. With the right tools, you can clean and optimize your own Windows PC for free - AND/OR make a buck or few off the poor souls who still use Windows. Keep us posted on how to deal with this junkware on Linux, as this is THE first time I've heard of a Linux machine being infected with ANYTHING malicious... 73 DE N4RPS Rob Re: I've been hit by the Partner18mydomainadvisor malware... - ohjrson - 09-15-2014 Yes please keep us informed about this threat. My Understanding is that web browsers and Search engines operate slightly different when on Linux. So I would be very interested to know what your Linux Lite OS is doing as a result of this malware. Please give details. Re: I've been hit by the Partner18mydomainadvisor malware... - Valtam - 09-15-2014 (09-09-2014, 07:13 PM)m654321 link Wrote: My LL 2.0 has just been hit by the parner18.mydomainadvisor malware. Could you please explain how your Linux Lite has been 'hit' by this. How does this infect Linux Lite? It's important to explain this to people as these kind of thread titles can stir up unnecessary paranoia. Re: I've been hit by the Partner18mydomainadvisor malware... - Wirezfree - 09-15-2014 Hi I just helped a friend with a similar "Browser Hijack" situation on Chrome. Which is what I suspect Partner18 is. ((Though you may have 2 issues, if one of the supposed fixes, added something else.?)) In Chrome, click on the "Options", top right 3 parallel bars, Select "Settings", near bottom of drop down list. That will now bring up a Chrome Settings screen. Top Left, Click on "Extensions". That will list all the extensions currently installed on Chrome. Unless you recognise anything you have installed yourself.? Click on the "Trash Can" next to each of them and remove from Chrome re-start Chrome. If no extensions present.?, I'm not sure what next, sorry.? There was(in Windows) a bogus program doing the rounds "Anti Phishing Domain Advisor" That manifested itself with Browser re-directs, and oddities if you used Web based email. Can be easily removed, Add/Remove programs, but that wont get onto Linux. Dave Re: I've been hit by the Partner18mydomainadvisor malware... - ohjrson - 09-15-2014 Hmm ok I am not a programmer by any right but I just looked at a site called http://wikimalware.com/how-to-remove-newsfudge-com-virus-completely/ and judging from what it says it looks like this is geared for a Microsoft product. So therefore Linux cannot be infected. However it does give you what I think is a name to look for. It is called "random.exe" Again a windows executable. I seriously am beginning to think that this should not be effecting a linux based system But I could be wrong. Have a look Valtam if you have not already figured it out. Let me know what you think. Ohjrson Re: I've been hit by the Partner18mydomainadvisor malware... - elija - 09-18-2014 Could these run under Wine perhaps? Re: I've been hit by the Partner18mydomainadvisor malware... - m654321 - 09-21-2014 More details about what happened... My wife's Windows 8.1 laptop got infected initially. She is unable to work out how or when exactly this happened. What I could find out about this malware is that it appears to latch itself on to the Google Chrome browser, and can do damage by stealing passwords, etc. I noticed whenever my wife went to her TalkTalk webmail account, the 'partner18' link would appear on the bottom left of the screen, which would then flick through a variety of website links in rapid succession (some of these were apparently African & Asian), before finally arriving at TalkTalk. Strangely, when my wife arrived at TalkTalk, she often had difficulties logging into the webmail account, and strangely TalkTalk would suggest non-existent TalkTalk account names for her to type in. Using my LL2 laptop, I wanted to look up 'partner18mydomainadvisor' malware on the internet to get some further information, but inadvertently arrived at their .com website. However their website showed as a black screen, LL2 flickered a few times, and I noticed RAM consumption shot up from around 0.4-0.5 GB to about 1.1 GB, out of a total of 3.8. Clearly, there was something wrong. Even in Win8.1 there appears to be no effective tool from Microsoft to get rid of this - I'd imagine even less in Linux - I only found some quite complicated work to do in the registry to get rid of it (I am not experienced in this area at all), and didn't trust the one or two sites I saw that purported to have a free downloadable software tool for partner18 removal. So, in the end, the easiest solution was a fresh clean-install on both laptops and the problem appears to have now gone. And... under the Firefox browser I have changed the search engine from Google to Bing, just to be on the safe side ! Regards Mike |