Tidaltv malware

gdwitch · Apr 14, 2015

I keep getting a pop up from Malwarebytes about detecting set.tidaltv.com and I can't make it stop.

flavallee · Apr 14, 2015

Go here, then click the large blue "Download Now @ Bleeping Computer" button to download and save AdwCleaner.exe to your desktop.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Scan" button, then allow the scanning process to finish.
(Note: Several seconds may pass before the scanning process starts, so be patient.)

Click the "Logfile" button.

When the log appears, save it.

Return here to your thread, then copy-and-paste the ENTIRE log here.

Note: After you submit the log, close AdwCleaner. When the warning appears, click "Yes".

-------------------------------------------------------------------

When was the last time you ran a "Threat Scan" with Malwarebytes and allowed it to quarantine everything it found?

-------------------------------------------------------------------

gdwitch · Apr 14, 2015

# AdwCleaner v4.201 - Logfile created 14/04/2015 at 08:35:31
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lucy - LUCY-PC
# Running from : C:\Users\Lucy\Downloads\adwcleaner_4.201.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\Lucy\Favorites\Coupons
Folder Found : C:\Users\Lucy\Favorites\Coupons

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : HKU\.DEFAULT\Software\AVG Secure Search

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v41.0.2272.118

[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://isearch.avg.com/search?cid={6DE74A80-DD07-4B68-9E78-72451B0DD2C0}&mid=7b4c53f7354f86da37b3a9a353dab16f-f4042bf9368560f17731813389c659f9541ec31f&lang=en&ds=AVG&pr=fr&d=2012-11-21 16:17:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3247201
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48

*************************

AdwCleaner[R2].txt - [4402 bytes] - [14/12/2014 15:07:13]
AdwCleaner[R3].txt - [4463 bytes] - [14/12/2014 17:45:26]
AdwCleaner[R4].txt - [4526 bytes] - [14/12/2014 18:09:05]
AdwCleaner[R5].txt - [4514 bytes] - [14/12/2014 19:43:14]
AdwCleaner[R6].txt - [1269 bytes] - [15/12/2014 09:18:18]
AdwCleaner[R7].txt - [4805 bytes] - [15/12/2014 11:42:26]
AdwCleaner[R8].txt - [3620 bytes] - [14/04/2015 08:35:31]
AdwCleaner[S2].txt - [4728 bytes] - [15/12/2014 11:45:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [3738 bytes] ##########

flavallee · Apr 14, 2015

It looks like you used AdwCleaner several times in December, but you didn't allow it to delete the threats it found.

You didn't answer my question in the bottom part of post #2.

--------------------------------------------------------------------

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Scan" button, then allow the scanning process to finish.
(Note: Several seconds may pass before the scanning process starts, so be patient.)

Click the "Cleaning" button, then click "OK".

Allow the cleaning process to finish.

When it's finished, click "OK" in each window that appears.

The computer will restart.

When the log appears during restart, save it.

Return here to your thread, then copy-and-paste the ENTIRE log here.

--------------------------------------------------------------------

gdwitch · Apr 14, 2015

Here's the log. I could have sworn I deleted the threats in December. I run an automatic Malwarebytes scan every week and since this problem, I ran it again twice. It's coming up with no threats, yet this tidaltv thing persisted in popping up.

# AdwCleaner v4.201 - Logfile created 14/04/2015 at 12:18:53
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Lucy - LUCY-PC
# Running from : C:\Users\Lucy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8NKPUAO\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lucy\Favorites\Coupons
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
File Deleted : C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v41.0.2272.118

[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={6DE74A80-DD07-4B68-9E78-72451B0DD2C0}&mid=7b4c53f7354f86da37b3a9a353dab16f-f4042bf9368560f17731813389c659f9541ec31f&lang=en&ds=AVG&pr=fr&d=2012-11-21 16:17:15&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3247201
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48
[C:\Users\Lucy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48

*************************

AdwCleaner[R2].txt - [4402 bytes] - [14/12/2014 15:07:13]
AdwCleaner[R3].txt - [4463 bytes] - [14/12/2014 17:45:26]
AdwCleaner[R4].txt - [4526 bytes] - [14/12/2014 18:09:05]
AdwCleaner[R5].txt - [4514 bytes] - [14/12/2014 19:43:14]
AdwCleaner[R6].txt - [1269 bytes] - [15/12/2014 09:18:18]
AdwCleaner[R7].txt - [4805 bytes] - [15/12/2014 11:42:26]
AdwCleaner[R8].txt - [3821 bytes] - [14/04/2015 08:35:31]
AdwCleaner[R9].txt - [3948 bytes] - [14/04/2015 12:16:36]
AdwCleaner[S2].txt - [4728 bytes] - [15/12/2014 11:45:11]
AdwCleaner[S3].txt - [3865 bytes] - [14/04/2015 12:18:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3924 bytes] ##########

flavallee · Apr 14, 2015

Download and save and then install the free version of SUPERAntiSpyware 6.0.1186

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, it may offer.

Make sure to uncheck and decline to use the "Pro" or "Trial" version, if it's offered.

After it's installed, do the following with it:

Click "System Tools".

Click "Preferences", then uncheck "Run in the background (system tray)", then click "Done".

Click "Advanced Settings", then uncheck "Follow shortcuts (*.lnk) during scan", then click "OK - Done".

Click "Click here to check for updates".

When the definition files have updated, click "OK".

Click "Scan This Computer", then click Quick Scan.

If problems are found during the scan, the number of them will be highlighted in red.

When the scan is finished, click "Continue".

Make sure that EVERYTHING in the list is selected, then click "Continue".

When the removal process is complete, click "Continue".

If you're prompted to restart to finish the removal process, do so.

Start SUPERAntiSpyware again.

Click "System Tools", then click "Scan Logs".

Select the most current scan log, then click on its magnifying glass icon so it can open and be viewed, then save it on the desktop.

Return here, then copy-and-paste its ENTIRE contents here.

----------------------------------------------------------

gdwitch · Apr 14, 2015

Luckily I already had this program on my computer.

Scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2015 at 05:28 PM

Application Version : 6.0.1186
Database Version : 11828

Scan type : Quick Scan
Total Scan Time : 00:01:13

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 57286
Registry threats detected : 0
File items scanned : 8180
File threats detected : 24

Adware.Tracking Cookie
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\XXALI37V.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\XXALI37V.txt [ /track.adform.net ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\QXS86UNI.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\QXS86UNI.txt [ /adform.net ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\5IA788XG.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\5IA788XG.txt [ /doubleclick.net ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\URHPZRQ2.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\URHPZRQ2.txt [ /atdmt.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\DEMDGLW1.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\DEMDGLW1.txt [ /smartadserver.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AEF2HSA1.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AEF2HSA1.txt [ /ru4.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OEYW7B3L.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\OEYW7B3L.txt [ /imrworldwide.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROKCV0CH.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\ROKCV0CH.txt [ /ad.360yield.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IVUTCAK.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\3IVUTCAK.txt [ /burstnet.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\YL6DGQJL.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\YL6DGQJL.txt [ /247realmedia.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2R0H2HX.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\I2R0H2HX.txt [ /revsci.net ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\JS5FRRSW.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\JS5FRRSW.txt [ /advertising.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\NH4N1N83.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\NH4N1N83.txt [ /adtechus.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\MY2G2N0T.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\MY2G2N0T.txt [ /serving-sys.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O59DYW4.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O59DYW4.txt [ /oasc12.247realmedia.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\K09KRL5K.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\K09KRL5K.txt [ /casalemedia.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\IR5I82TI.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\IR5I82TI.txt [ /ads.undertone.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8QVKSCB.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\L8QVKSCB.txt [ /atwola.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\XTL9AZY0.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\XTL9AZY0.txt [ /statse.webtrendslive.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQSLXJ91.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\AQSLXJ91.txt [ /amazon-adsystem.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJ1A209Y.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJ1A209Y.txt [ /bs.serving-sys.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\TXKCVUYW.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\TXKCVUYW.txt [ /mediaplex.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y40VKV1E.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y40VKV1E.txt [ /oasc17.247realmedia.com ]
C:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\85A10AK2.txtC:\Users\Lucy\AppData\Roaming\Microsoft\Windows\Cookies\Low\85A10AK2.txt [ /zedo.com ]

============
End of Log
============

flavallee · Apr 15, 2015

Go here, then click the large blue "Download Now @ Author's Site" button to download and save TFC.exe (Temp File Cleaner by OldTimer) to your desktop.

After it's downloaded and saved, close all open windows.

Double-click it to load its main window.

Click the "Start" button.

If there are a large number of temp files or if there are multiple user accounts, the temp file deletion process may appear to freeze and may take a few minutes, so don't interfere with or abort it.

After it's finished, restart the computer.

Note: Advise how many temp files in MB's were found and deleted.

---------------------------------------------------------

flavallee · Apr 15, 2015

AFTER you complete the instructions in post #8, do the following:

Click Start, then type MSCONFIG in the search or run box, then press the Enter key.

When the small "System Configuration" window appears, click the "Startup" tab.

Write down ONLY the names in the "Startup Item" column that have a checkmark next to them.

If the "Startup Item" column isn't wide enough to see the entire name of any of them, widen the column.

Submit those names here in a vertical list.

Make sure to spell them EXACTLY as you see them there.

--------------------------------------------------------------

gdwitch · Apr 15, 2015

TFC.exe Total Cleaned 3,249.00 mb

Start up:
Microsoft Security Client
NVIDIA Backend
NVIDIA Geforce Experience
GoogleToolbarNotifier

flavallee · Apr 15, 2015

TFC.exe Total Cleaned 3,249.00 mb
Click to expand...

That was a lot of temp files. You might want to put it to use at least once a month.

Start up:
Microsoft Security Client
NVIDIA Backend
NVIDIA Geforce Experience
GoogleToolbarNotifier
Click to expand...

----------------------------------------------------------

gdwitch · Apr 15, 2015

okay, so this thing is still popping up after all that.

flavallee · Apr 15, 2015

Open the Programs And Features" window. This is where your installed programs, etc. are located.

If you see any names in the list that you don't recognize, submit their exact names here.

------------------------------------------------------------

gdwitch · Apr 15, 2015

Not too much just:
Host OpenAl
Web IQ Technology Engine

flavallee · Apr 15, 2015

You may need to get help from the gold shield specialists at the Virus & Other Malware Removal section.

Click the orange "Report" button and then request to have your thread moved there.

----------------------------------------------------------

Log in or Sign up

Tidaltv malware

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

Sponsor

Welcome to Tech Support Guy!

Solved I can't connect to Internet after malwarebytes scanning

In Progress Computer has been freezing a lot lately, possible malware?

Solved Malware Issue

Solved Possible Virus or Malware With Chromebook

In Progress Malwarebytes detecting threats that just don't go away

Log in or Sign up

Tidaltv malware

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

gdwitch Thread Starter

flavallee Trusted Advisor

Sponsor

Welcome to Tech Support Guy!

Solved I can't connect to Internet after malwarebytes scanning

In Progress Computer has been freezing a lot lately, possible malware?

Solved Malware Issue

Solved Possible Virus or Malware With Chromebook

In Progress Malwarebytes detecting threats that just don't go away

Useful Searches