Jump to content


Photo
- - - - -

I think I have malware on my computer!

malware virus remove laptop windows 7 global consumer surver computer pop up survey pop up norton

  • This topic is locked This topic is locked
8 replies to this topic

#1 callumm2

callumm2

    New Member

  • Members
  • Pip
  • 5 posts

Posted 16 August 2013 - 07:48 AM

Hi, I am new to this forum so sorry if it is not in the correct topic.

Recently I have been getting redirected from websites taking me to globalconsumersurvey.com asking me to fill out a questionnaire, i googled the site and it has brought up a lot of people saying that it is a virus of some kind. I have norton antivirus and it said I have a few Trogen.Gen but norton has removed them. I ran a full scan and it didn't show any other viruses? I am not sure what do to now, but I want this malware to be removed!

Thanks in advance - Callum 



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 August 2013 - 07:51 AM

Hello callumm2 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.
http://forums.malwar...?showtopic=9573
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 callumm2

callumm2

    New Member

  • Members
  • Pip
  • 5 posts

Posted 16 August 2013 - 08:03 AM

Thanks for replying. Here is the log from the scan.

 

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291045
Time elapsed: 4 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 15
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> No action taken.
HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> No action taken.
HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Api (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> No action taken.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> No action taken.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\TidyNetwork.com (PUP.TidyNetwork) -> No action taken.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> No action taken.
HKCR\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B} (PUP.TidyNetwork) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 8
C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> No action taken.
C:\Program Files (x86)\Web Cake (PUP.Optional.WebCake.A) -> No action taken.
C:\Users\User\Local Settings\Application Data\TIDYNETWORK.COM (PUP.TidyNetwork) -> No action taken.
C:\Users\User\AppData\Local\TIDYNETWORK.COM (PUP.TidyNetwork) -> No action taken.
C:\ProgramData\TARMA INSTALLER (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
 
Files Detected: 26
C:\Program Files (x86)\Movdap\WEBCAKEIECLIENT.DLL (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\User\Downloads\horizon-setup.exe (PUP.DownloadAdmin) -> No action taken.
C:\Users\User\AppData\Roaming\explorer.exe (Trojan.Agent.Gen) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> No action taken.
C:\Program Files (x86)\Web Cake\WEBCAKEDESKTOP.UPDATER.INSTALLSTATE (PUP.Optional.WebCake.A) -> No action taken.
C:\Program Files (x86)\Web Cake\OptChrome.exe (PUP.Optional.WebCake.A) -> No action taken.
C:\Program Files (x86)\Web Cake\sqlite3.exe (PUP.Optional.WebCake.A) -> No action taken.
C:\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe (PUP.Optional.WebCake.A) -> No action taken.
C:\Users\User\Local Settings\Application Data\TIDYNETWORK.COM\sidTRUK03.tidy (PUP.TidyNetwork) -> No action taken.
C:\Users\User\Local Settings\Application Data\TIDYNETWORK.COM\tidy2ie.dll (PUP.TidyNetwork) -> No action taken.
C:\Users\User\Local Settings\Application Data\TIDYNETWORK.COM\tidy2update.exe (PUP.TidyNetwork) -> No action taken.
C:\Users\User\Local Settings\Application Data\TIDYNETWORK.COM\TidyNetwork.exe (PUP.TidyNetwork) -> No action taken.
C:\Users\User\Local Settings\Application Data\TIDYNETWORK.COM\tidynetwork.log (PUP.TidyNetwork) -> No action taken.
C:\Users\User\AppData\Local\TIDYNETWORK.COM\sidTRUK03.tidy (PUP.TidyNetwork) -> No action taken.
C:\Users\User\AppData\Local\TIDYNETWORK.COM\tidy2ie.dll (PUP.TidyNetwork) -> No action taken.
C:\Users\User\AppData\Local\TIDYNETWORK.COM\tidy2update.exe (PUP.TidyNetwork) -> No action taken.
C:\Users\User\AppData\Local\TIDYNETWORK.COM\TidyNetwork.exe (PUP.TidyNetwork) -> No action taken.
C:\Users\User\AppData\Local\TIDYNETWORK.COM\tidynetwork.log (PUP.TidyNetwork) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\TARMA INSTALLER\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
 
(end)
 


#4 callumm2

callumm2

    New Member

  • Members
  • Pip
  • 5 posts

Posted 16 August 2013 - 08:21 AM

There where 2 boxes checked, one of the was Malware.Trace and the other was Trojan.Agent.Gen 

 

I think it could be these that are causing the problem?



#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 August 2013 - 08:22 AM

Not only them. Please continue with DDS.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 callumm2

callumm2

    New Member

  • Members
  • Pip
  • 5 posts

Posted 16 August 2013 - 08:40 AM

Not only them. Please continue with DDS.

There.

Attached Files



#7 callumm2

callumm2

    New Member

  • Members
  • Pip
  • 5 posts

Posted 16 August 2013 - 09:23 AM

Not only them. Please continue with DDS.

What should I do now?



#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 August 2013 - 04:43 AM

To follow my instructions right.

Hello callumm2 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,101 posts
  • Gender:Male
  • Location:US

Posted 21 August 2013 - 08:36 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook






Also tagged with one or more of these keywords: malware, virus, remove, laptop, windows 7, global consumer surver, computer, pop up, survey pop up, norton

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users