What is Coupon Drop Down?
The Malwarebytes research team has determined that Coupon Drop Down is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.
How do I know if my computer is affected by Coupon Drop Down?
You may see this entry in your list of installed software:
Or these entries in your Scheduled Tasks :
and these warnings:
and this icon in your taskbar:
How did Coupon Drop Down get on my computer?
Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Coupon Drop Down?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- Coupon Drop Down replaces your hosts file, so you may have to restore the old one. You can find third-party hosts file alternatives at hpHosts or at mvps.org or you can simply reset the default hosts file as outlined here by Microsoft.
- This PUP creates some scheduled tasks. You can read here how to remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Coupon Drop Down hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
Signs in a HijackThis log:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3128 O1 - Hosts: 54.204.28.26 lopecioihlfdbpggkhdmbdldiclifdpc O4 - HKLM\..\Run: [BService] C:\Program Files\Bench\BService\1.1\bservice.exe O4 - HKLM\..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exe O4 - HKLM\..\Run: [Bench Communicator Watcher] C:\Program Files\Bench\Proxy\pwdg.exe O4 - HKLM\..\Run: [Bench Settings Cleaner] C:\Program Files\Bench\Proxy\cl.exe O4 - HKLM\..\RunOnce: [Coupon Drop Down-repairJob] wscript.exe "C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js" "Coupon Drop Down-repairJob"Possible signs in a FRST log:
() C:\Program Files\Bench\BService\1.1\bservice.exe () C:\Program Files\Bench\Wd\wd.exe () C:\Program Files\Bench\Proxy\pwdg.exe () C:\Program Files\Bench\Proxy\proc.exe HKLM\...\Run: [BService] => C:\Program Files\Bench\BService\1.1\bservice.exe [52736 2014-07-11] () HKLM\...\Run: [Wd] => C:\Program Files\Bench\Wd\wd.exe [92672 2014-07-11] () HKLM\...\Run: [Bench Communicator Watcher] => C:\Program Files\Bench\Proxy\pwdg.exe [127488 2014-07-14] () HKLM\...\Run: [Bench Settings Cleaner] => C:\Program Files\Bench\Proxy\cl.exe [55296 2014-07-11] () HKLM\...\RunOnce: [Coupon Drop Down-repairJob] => wscript.exe "C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js" "Coupon Drop Down-repairJob" ProxyEnable: [S-1-5-21-4016700205-1717049133-1125222536-1001] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-4016700205-1717049133-1125222536-1001] => http=127.0.0.1:3128 Hosts: 54.204.28.26 lopecioihlfdbpggkhdmbdldiclifdpc () C:\Users\{username}\AppData\Local\BenchUpdater () C:\Windows\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job () C:\Users\{username}\AppData\Local\Coupon Drop Down () C:\Windows\Tasks\bench-sys.job () C:\Users\{username}\AppData\Local\proxy.log () C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down () C:\Program Files\BenchAlterations made by the installer:
File system details --------------------------------------------- Adds the folder C:\Program Files\Bench\BService\1.1 Adds the file bhelper.dll"="7/11/2014 11:38 PM, 53248 bytes, A Adds the file bservice.exe"="7/11/2014 11:38 PM, 52736 bytes, A Adds the folder C:\Program Files\Bench\NmHost Adds the file manifest.json"="7/11/2014 11:38 PM, 117 bytes, A Adds the file nmhost.exe"="7/11/2014 11:38 PM, 165376 bytes, A Adds the folder C:\Program Files\Bench\Proxy Adds the file cl.exe"="7/11/2014 11:38 PM, 55296 bytes, A Adds the file icon.ico"="7/11/2014 11:38 PM, 32038 bytes, A Adds the file proc.exe"="7/14/2014 7:24 PM, 428032 bytes, A Adds the file pwdg.exe"="7/14/2014 7:24 PM, 127488 bytes, A Adds the folder C:\Program Files\Bench\Updater Adds the file products.xml"="2/20/2015 9:42 AM, 376 bytes, A Adds the file updater.exe"="7/11/2014 11:38 PM, 69120 bytes, A Adds the folder C:\Program Files\Bench\Updater\1.7.0.0 Adds the file updater.exe"="7/14/2014 7:24 PM, 419840 bytes, A Adds the folder C:\Program Files\Bench\Wd Adds the file wd.exe"="7/11/2014 11:38 PM, 92672 bytes, A In the existing folder C:\Users\{username}\AppData\Local Adds the file proxy.log"="2/20/2015 9:42 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\Local\BenchUpdater Adds the file products.xml"="2/20/2015 9:44 AM, 447 bytes, A Adds the folder C:\Users\{username}\AppData\Local\Coupon Drop Down Adds the file chrome_gp_update.js"="7/11/2014 11:38 PM, 2348 bytes, A Adds the file chrome_installer.js"="7/11/2014 11:38 PM, 6304 bytes, A Adds the file clear_cache.js"="7/11/2014 11:38 PM, 522 bytes, A Adds the file common.js"="7/11/2014 11:38 PM, 13540 bytes, A Adds the file firefox_installer.js"="7/11/2014 11:38 PM, 6848 bytes, A Adds the file gpedit.exe"="7/14/2014 7:24 PM, 93184 bytes, A Adds the file icon.ico"="7/14/2014 7:57 PM, 32038 bytes, A Adds the file ie_installer.js"="7/11/2014 11:38 PM, 3685 bytes, A Adds the file installer.js"="7/11/2014 11:38 PM, 799 bytes, A Adds the file main_installer.js"="7/11/2014 11:38 PM, 1567 bytes, A Adds the file migrate.js"="7/11/2014 11:38 PM, 4746 bytes, A Adds the file projectInstaller.js"="7/11/2014 11:38 PM, 3004 bytes, A Adds the file repair.js"="7/11/2014 11:38 PM, 1735 bytes, A Adds the file SoftwareDetector.exe"="7/11/2014 11:38 PM, 78848 bytes, A Adds the file sqlite3.exe"="7/11/2014 11:38 PM, 492544 bytes, A Adds the file uninstall.exe"="2/20/2015 9:42 AM, 150941 bytes, A In the existing folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage Adds the file chrome-extension_lopecioihlfdbpggkhdmbdldiclifdpc_0.localstorage"="2/20/2015 9:42 AM, 0 bytes, A Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\Blocker Adds the file 212e90ffa529f5c99c44dc574c6f9a16"="2/20/2015 9:42 AM, 630176 bytes, A Adds the file 661d2a49ae9c29fdbdb0e735f567c5cf"="2/20/2015 9:42 AM, 106 bytes, A Adds the file 8d3f613ded3421026a6b47abd4042139"="2/20/2015 9:42 AM, 8 bytes, A Adds the file b24f88eb229178ba93accf228dc5b280"="2/20/2015 9:42 AM, 70 bytes, A Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\CanvasStorage Adds the file 7bf8e2b7288ee31947f028830fe682c3"="2/20/2015 9:42 AM, 28 bytes, A Adds the file 8ab1244a97308124c8207af9517ce460"="2/20/2015 9:42 AM, 94 bytes, A Adds the file a645fa10d3b7c3be385a23d8e9796994"="2/20/2015 9:42 AM, 30 bytes, A Adds the file c8ca0d6097bee7d978cc54b0e9075409"="2/20/2015 9:42 AM, 46 bytes, A Adds the file ee9adb2bad520b37c67f38edc62ec22d"="2/20/2015 9:42 AM, 230 bytes, A Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down Adds the file Browser Guardian Settings.url"="2/20/2015 9:42 AM, 136 bytes, A Adds the file Browser Guardian.lnk"="2/20/2015 9:42 AM, 1974 bytes, A Adds the file Uninstall.lnk"="2/20/2015 9:42 AM, 1096 bytes, A In the existing folder C:\Windows\System32\drivers\etc Alters the file hosts 6/10/2009 11:39 PM, 824 bytes, A ==> 2/20/2015 9:42 AM, 871 bytes, A In the existing folder C:\Windows\System32\Tasks Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001"="2/20/2015 9:44 AM, 3234 bytes, A Adds the file bench-sys"="2/20/2015 9:42 AM, 3242 bytes, A In the existing folder C:\Windows\Tasks Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="2/20/2015 9:44 AM, 346 bytes, A Adds the file bench-sys.job"="2/20/2015 9:42 AM, 346 bytes, A Registry details ------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE] "38914"="REG_SZ", "Coupon Drop Down" [HKEY_LOCAL_MACHINE\SOFTWARE\AdvertisingSupport] "Seen"="REG_SZ", "1" "SeenDate"="REG_SZ", "1424421759" "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd" [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService] "Path"="REG_SZ", "C:\Program Files\Bench\BService\1.1" "Version"="REG_SZ", "1.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService\38914] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\InstalledExtensions] "38914"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost] "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\nmhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost\38914] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater] "path"="REG_SZ", "C:\Program Files\Bench\Updater\updater.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater\38914] "(Default)"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Coupon Drop Down] "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Drop Down" "AllowProxy"="REG_SZ", "1" "CDN"="REG_SZ", "coupondrop-a.akamaihd.net" "czoneid"="REG_SZ", "12199" "InstallTime"="REG_SZ", "1424425359" "Pid"="REG_SZ", "" "Seen"="REG_SZ", "1" "SeenDate"="REG_SZ", "1424421759" "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd" "UTCInstallTime"="REG_SZ", "1424421759" "ZoneId"="REG_SZ", "" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost] "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\manifest.json" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bench Communicator Watcher"="REG_SZ", "C:\Program Files\Bench\Proxy\pwdg.exe" "Bench Settings Cleaner"="REG_SZ", "C:\Program Files\Bench\Proxy\cl.exe" "BService"="REG_SZ", "C:\Program Files\Bench\BService\1.1\bservice.exe" "Wd"="REG_SZ", "C:\Program Files\Bench\Wd\wd.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Coupon Drop Down-repairJob"="REG_SZ", "wscript.exe "C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js" "Coupon Drop Down-repairJob"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\38914_Coupon Drop Down] "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Drop Down/icon.ico" "DisplayName"="REG_SZ", "Coupon Drop Down" "DisplayVersion"="REG_SZ", "1.0" "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Drop Down" "NoModify"="REG_DWORD", 1 "NoRepair"="REG_DWORD", 1 "Publisher"="REG_SZ", "Actually Apps" "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Drop Down\uninstall.exe " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures] "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="REG_BINARY, ................................ "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job.fp"="REG_DWORD", -1783153393 "bench-sys.job"="REG_BINARY, ................................ "bench-sys.job.fp"="REG_DWORD", 838339457 [HKEY_LOCAL_MACHINE\SOFTWARE\Proxy\Installations\Coupon Drop Down] "aoi"="REG_SZ", "1424425359" "domain"="REG_SZ", "coupondrop-a.akamaihd.net" "ext"="REG_SZ", "Coupon Drop Down" "format"="REG_SZ", "//{domain}/loaders/{pid}/l.js?pid={pid}&systemid={systemid}&ext={ext}&aoi={aoi}&zoneid={zoneid}&crr={crr}&type=p" "more_info_url"="REG_SZ", "http://browserguardian.com" "pid"="REG_SZ", "" "protect_redirect_url"="REG_SZ", "http://coupondrop-a.akamaihd.net/protect/warning?%blocked_url%" "settings_url"="REG_SZ", "http://coupondrop-a.akamaihd.net/protect/settings" "system_black_list_url"="REG_SZ", "http://coupondrop-a.akamaihd.net/protect/rules.json" "zoneid"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"="REG_DWORD", 1 "ProxyServer"="REG_SZ", "http=127.0.0.1:3128" [HKEY_CURRENT_USER\Software\Proxy] "app_name"="REG_SZ", "Coupon Drop Down" "AutoConfigURL"="REG_SZ", "" "disableChainProxy"="REG_DWORD", 0 "ProxyEnable"="REG_DWORD", 0 "ProxyServer"="REG_SZ", "" "totalFail"="REG_DWORD", 0Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2/20/2015 Scan Time: 9:52:52 AM Logfile: mbamCouponDropDown.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.02.20.03 Rootkit Database: v2015.02.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Malwarebytes Scan Type: Threat Scan Result: Completed Objects Scanned: 292892 Time Elapsed: 3 min, 31 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 2 PUP.Optional.Bprotector, C:\Program Files\Bench\Wd\wd.exe, 3628, Delete-on-Reboot, [c8ebd14fb8d23105e799985bef12b34d] PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, 3360, Delete-on-Reboot, [41720020f991fc3a1935f9a49172669a] Modules: 6 PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], Registry Keys: 9 PUP.Optional.ActuallyApps.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\38914_Coupon Drop Down, Quarantined, [2c8707196822e74fca01893835ccb14f], PUP.Optional.AdevertisingSupport.A, HKLM\SOFTWARE\AdvertisingSupport, Quarantined, [fcb7829e4a40ef47d29d4062b74c4eb2], PUP.Optional.CouponDropDown.A, HKLM\SOFTWARE\Coupon Drop Down, Quarantined, [466d40e0d2b8bb7b910e961c30d3629e], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\BService, Quarantined, [12a1e63a8efcfd39e06d9d00946f7a86], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\InstalledExtensions, Quarantined, [a11251cf3951e452ad1c9033ba494fb1], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\NmHost, Quarantined, [feb5a47c2d5d85b1ca00457e1ae97090], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\Updater, Quarantined, [694af0305f2b1e18d2f9f0d3dc2751af], PUP.Optional.Bench.A, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhost, Quarantined, [aa09e63af29820168b1d9973e5205ba5], PUP.Optional.CouponDropDown.A, HKLM\SOFTWARE\PROXY\INSTALLATIONS\Coupon Drop Down, Quarantined, [3c771907b3d70a2c6636ded412f10ef2], Registry Values: 5 PUP.Optional.Bprotector, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Wd, C:\Program Files\Bench\Wd\wd.exe, Quarantined, [c8ebd14fb8d23105e799985bef12b34d] PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BService, C:\Program Files\Bench\BService\1.1\bservice.exe, Quarantined, [41720020f991fc3a1935f9a49172669a] PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Communicator Watcher, C:\Program Files\Bench\Proxy\pwdg.exe, Quarantined, [338033ed5832a98dfae0b315a45fd62a] PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Settings Cleaner, C:\Program Files\Bench\Proxy\cl.exe, Quarantined, [3b7843dd4347989e7665e1e7fd06d62a] PUP.Optional.SmartApps, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Coupon Drop Down-repairJob, wscript.exe "C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js" "Coupon Drop Down-repairJob", Quarantined, [fcb7eb357e0c55e1bea8fa13b253e51b] Registry Data: 0 (No malicious items detected) Folders: 10 PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater, Quarantined, [9b18c9573258b2843214736d9d6652ae], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], PUP.Optional.Bench.A, C:\Program Files\Bench\Wd, Delete-on-Reboot, [a50e6bb5a1e9fb3b95697ae22dd6956b], PUP.Optional.Bench.A, C:\Program Files\Bench\NmHost, Quarantined, [01b2b16f800a6bcb5fa01646d52e3ac6], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy, Quarantined, [07ace43c4c3e01350557085e798af010], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down, Quarantined, [ebc82ff1f595e94de338d7a1d92a60a0], PUP.Optional.Bench.A, C:\Program Files\Bench\BService, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], Files: 40 PUP.Optional.Bprotector, C:\Program Files\Bench\Wd\wd.exe, Delete-on-Reboot, [c8ebd14fb8d23105e799985bef12b34d], PUP.Optional.ActuallyApps.A, C:\Users\{username}\Desktop\CDDinstaller.exe, Quarantined, [ac070020bfcbe45263688f32d32e639d], PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\uninstall.exe, Quarantined, [2c8707196822e74fca01893835ccb14f], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lopecioihlfdbpggkhdmbdldiclifdpc_0.localstorage, Quarantined, [fcb7160aed9def4718ba7537dc279b65], PUP.Optional.Proxy.A, C:\Users\{username}\AppData\Local\proxy.log, Quarantined, [2093ce520b7f092da45aedc5cd361de3], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001, Quarantined, [2c87b070890130067bf0675541c203fd], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-sys, Quarantined, [c1f253cd3c4e251172f9ccf044bff709], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job, Quarantined, [d7dc58c89feb51e552f3bd23b84ba25e], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, Quarantined, [bdf61f013a50ce688db8c61ab2519070], PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater\products.xml, Quarantined, [9b18c9573258b2843214736d9d6652ae], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, Delete-on-Reboot, [41720020f991fc3a1935f9a49172669a], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\pwdg.exe, Quarantined, [338033ed5832a98dfae0b315a45fd62a], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\cl.exe, Quarantined, [3b7843dd4347989e7665e1e7fd06d62a], PUP.Optional.SmartApps, C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js, Quarantined, [fcb7eb357e0c55e1bea8fa13b253e51b], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\products.xml, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\updater.exe, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0\updater.exe, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], PUP.Optional.Bench.A, C:\Program Files\Bench\NmHost\manifest.json, Quarantined, [01b2b16f800a6bcb5fa01646d52e3ac6], PUP.Optional.Bench.A, C:\Program Files\Bench\NmHost\nmhost.exe, Quarantined, [01b2b16f800a6bcb5fa01646d52e3ac6], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\icon.ico, Quarantined, [07ace43c4c3e01350557085e798af010], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\proc.exe, Quarantined, [07ace43c4c3e01350557085e798af010], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\chrome_gp_update.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\chrome_installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\clear_cache.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\common.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\firefox_installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\gpedit.exe, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\icon.ico, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\ie_installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\main_installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\migrate.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\projectInstaller.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\SoftwareDetector.exe, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\sqlite3.exe, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down\Browser Guardian Settings.url, Quarantined, [ebc82ff1f595e94de338d7a1d92a60a0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down\Browser Guardian.lnk, Quarantined, [ebc82ff1f595e94de338d7a1d92a60a0], PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down\Uninstall.lnk, Quarantined, [ebc82ff1f595e94de338d7a1d92a60a0], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (54.204.28.26 lopecioihlfdbpggkhdmbdldiclifdpc), Replaced,[b300da46850578be94338f73e5219868] Physical Sectors: 0 (No malicious items detected) (end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention