Remove Global Consumer Survey virus

pchieco1964 · Oct 19, 2013

I cannot seem to remove these surveys that continue to pop up randomly whether I'm using IE, Firefox or Chrome. They seem to be from Global Consumer Survey. I have run my anti-virus software and spybot remover and still surveys. Any assistance would be appreciated.

TimW · Oct 19, 2013

If you want us to check your system for malware, please do the following:

READ & RUN ME FIRST. Malware Removal Guide

pchieco1964 · Oct 20, 2013

Your instructions were excellent. I have attached the logs as requested. Hopefully I followed the instructions correctly and can finally get these annoying surveys removed. I have one more log to attached.

Thank you. Phil

pchieco1964 · Oct 20, 2013

Please find the last log file from Hitman Pro. Thanks again. Phil

TimW · Oct 21, 2013

I am not finding it in your logs.

You can rerun Hitman and remove these:

Code:

Malware remnants ____________________________________________________________

   HKU\S-1-5-21-1070870028-3523365556-3890122372-1000\Software\InstalledBrowserExtensions\215 Apps\ (Adware.IWantThis)

Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\s\ (Softonic)

pchieco1964 · Oct 21, 2013

Ok. I have completed Hitman one more time and removed the items you specified. I guess only time will tell to determine if the survey virus has been removed. Thank you again for all your assistance.

Phil

TimW · Oct 22, 2013

You're welcome.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.

Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.

Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.

If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:

Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore

What we want you to do is to first disable System Restore to flush restore points some of which could be infected.

Then we want you to Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

pchieco1964 · Oct 24, 2013

Well unfortunately the Global Consumer Survey popped up again today. Should I try and go through these procedures again?

TimW · Oct 25, 2013

Yes, rerun the procedures.

pchieco1964 · Oct 27, 2013

Ok. I went through the entire process again and have uploaded the output files. There was on item I screwed up on and that was Hitman even with your clear instructions. I inadvertently deleted and quarantined two files. I was able to undo the the quarantined file but the deleted one I could not. I did write down the name which was IEPV.exe. I realized that this was a no no and apologize for that. I'm guessing I will have to re-install that at some point. Thanks again for your assistance. Phil

TimW · Oct 27, 2013

Do you have a log for RogueKiller?

Rerun Hitman and remove that malware trace.

pchieco1964 · Oct 27, 2013

I'm sorry I forgot about that one and I had it all along. Please find attached. Phil

TimW · Oct 28, 2013

Rerun Hitman and have it delete the one malware trace.

I am not finding it in your logs. Does it happen on all browsers?

pchieco1964 · Oct 28, 2013

I did run Hitman again per your earlier email and several times before that. I am attaching the logs just in case. It happens when I use firefox as this is my default browser however it has happened in IE and Chrome. I actually received one last night while on Ebay using firefox. Very strange. Thanks Phil

TimW · Oct 29, 2013

Let's try this:

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

pchieco1964 · Oct 29, 2013

It almost appears that the program your suggested did some major cleanup. I have attached the log files. Thank you. Phil

TimW · Oct 30, 2013

Yes. How are things running now?

pchieco1964 · Nov 3, 2013

I was waiting a few days to see if it would pop up again and it has not. What a pain in the ***. Thank you for working through this with me, I appreciate the help.

TimW · Nov 4, 2013

You're welcome.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.

Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.

Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.

If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:

Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore

What we want you to do is to first disable System Restore to flush restore points some of which could be infected.

Then we want you to Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

Remove Global Consumer Survey virus

pchieco1964 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

pchieco1964 Private E-2

Attached Files:

pchieco1964 Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

pchieco1964 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

pchieco1964 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

pchieco1964 Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

pchieco1964 Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

pchieco1964 Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

pchieco1964 Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

pchieco1964 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member