Trying to remove CouponDropDown

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Gardomyn, Nov 11, 2012.

  1. Gardomyn

    Gardomyn Private E-2

    Hi everyone,
    I am longtime reader of this forum, but never created an account so far :)
    But I need your help right now as I can't get read of what seems to be a malware : CouponDropDown, which create / replace links / ads on a website to the coupondropdown website.
    I read the jlawnt thread but I didn't run the advices yet, because I'm not sure if I need to do the same things... If so, just tell me.

    In my case, it only affects Firefox (v16). IE seems OK. I don't have other browers. I'm on W7 64.

    Here's all the logs I got from the Malware Removal Guide + the Junkware Removal Tool from the jlawnt thread.

    Thank you.
     

    Attached Files:

  2. Gardomyn

    Gardomyn Private E-2

    And the JRT log file...
     

    Attached Files:

    • JRT.txt
      File size:
      1.1 KB
      Views:
      3
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Just so I know, which browser(s) does this affect?
     
  4. Gardomyn

    Gardomyn Private E-2

    It affects Mozilla Firefox.
     
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Re run Hitman and have it delete all the Potential Unwanted Programs.

    Delete this file:
    C:\Windows\1444846

    We are going to be uninstalling your old version of FireFox and installing the new version. (Except we are going to use Revo Uninstaller instead of the standard uninstaller. ) So do the below to save bookmarks:

    • Run FireFox and click Bookmarks.
    • Then select Organize Bootmarks.
    • Then on the next window click File and then select Export. Save the bookmarks.html file to your Desktop for later use in importing.
    Now download and save the installer for the current version of FireFox but DO NOT install it yet. Get it here: Mozilla FireFox

    You will need exit FireFox now and use Internet Explorer to continue with the below until we reinstall FireFox.

    Start by uninstalling FireFox and then reboot. Do not skip the reboot.
    After reboot, delete the below folders:
    • C:\Program Files\Mozilla Firefox
    • C:\users\UserAccount\AppData\Roaming\Mozilla\Firefox

    where UserAccount is the actual user account name being used.

    Now reinstall FireFox from the file previously downloaded.
    Import your bookmarks file. (similar process to exporting).

    Now let me know how everything is running.
     
  6. Gardomyn

    Gardomyn Private E-2

    Thank you.
    I'll do that asap.
    Quick question : the Mozilla Firefox link you privided downloads a version 3.6.28 and the current version of FF is 16.2. I still go with the 3.6.28 version ?
     
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Sorry. Go for the current version. ;)
     
  8. Gardomyn

    Gardomyn Private E-2

    Eh there !

    Everything is back to normal ! After 2 days, still nothing to signal !

    Thank you very much for your assistance !
     
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Glad to hear it. ;)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds