Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Coupon Drop Down

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Content is republished with permission from Malwarebytes.

What is Coupon Drop Down?

The Malwarebytes research team has determined that Coupon Drop Down is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Coupon Drop Down?

You may see this entry in your list of installed software:

warning4.png

Or these entries in your Scheduled Tasks :

warning3.png

and these warnings:

main.png

warning1.png

warning2.png

and this icon in your taskbar:

icons.png

How did Coupon Drop Down get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Coupon Drop Down?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Coupon Drop Down?
  • Coupon Drop Down replaces your hosts file, so you may have to restore the old one. You can find third-party hosts file alternatives at hpHosts or at mvps.org or you can simply reset the default hosts file as outlined here by Microsoft.
  • This PUP creates some scheduled tasks. You can read here how to remove Scheduled Tasks.
Look at the replies to this topic for the additional guides.

How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Coupon Drop Down hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png


Technical details for experts

Signs in a HijackThis log:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3128
O1 - Hosts: 54.204.28.26 lopecioihlfdbpggkhdmbdldiclifdpc
O4 - HKLM\..\Run: [BService] C:\Program Files\Bench\BService\1.1\bservice.exe
O4 - HKLM\..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exe
O4 - HKLM\..\Run: [Bench Communicator Watcher] C:\Program Files\Bench\Proxy\pwdg.exe
O4 - HKLM\..\Run: [Bench Settings Cleaner] C:\Program Files\Bench\Proxy\cl.exe
O4 - HKLM\..\RunOnce: [Coupon Drop Down-repairJob] wscript.exe "C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js" "Coupon Drop Down-repairJob"
Possible signs in a FRST log:

 () C:\Program Files\Bench\BService\1.1\bservice.exe
 () C:\Program Files\Bench\Wd\wd.exe
 () C:\Program Files\Bench\Proxy\pwdg.exe
 () C:\Program Files\Bench\Proxy\proc.exe
 HKLM\...\Run: [BService] => C:\Program Files\Bench\BService\1.1\bservice.exe [52736 2014-07-11] ()
 HKLM\...\Run: [Wd] => C:\Program Files\Bench\Wd\wd.exe [92672 2014-07-11] ()
 HKLM\...\Run: [Bench Communicator Watcher] => C:\Program Files\Bench\Proxy\pwdg.exe [127488 2014-07-14] ()
 HKLM\...\Run: [Bench Settings Cleaner] => C:\Program Files\Bench\Proxy\cl.exe [55296 2014-07-11] ()
 HKLM\...\RunOnce: [Coupon Drop Down-repairJob] => wscript.exe "C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js" "Coupon Drop Down-repairJob"
 ProxyEnable: [S-1-5-21-4016700205-1717049133-1125222536-1001] => Internet Explorer proxy is enabled.
 ProxyServer: [S-1-5-21-4016700205-1717049133-1125222536-1001] => http=127.0.0.1:3128
 Hosts: 54.204.28.26	lopecioihlfdbpggkhdmbdldiclifdpc
 () C:\Users\{username}\AppData\Local\BenchUpdater
 () C:\Windows\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job
 () C:\Users\{username}\AppData\Local\Coupon Drop Down
 () C:\Windows\Tasks\bench-sys.job
 () C:\Users\{username}\AppData\Local\proxy.log
 () C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down
 () C:\Program Files\Bench
Alterations made by the installer:

File system details  
---------------------------------------------
    Adds the folder C:\Program Files\Bench\BService\1.1
       Adds the file bhelper.dll"="7/11/2014 11:38 PM, 53248 bytes, A
       Adds the file bservice.exe"="7/11/2014 11:38 PM, 52736 bytes, A
    Adds the folder C:\Program Files\Bench\NmHost
       Adds the file manifest.json"="7/11/2014 11:38 PM, 117 bytes, A
       Adds the file nmhost.exe"="7/11/2014 11:38 PM, 165376 bytes, A
    Adds the folder C:\Program Files\Bench\Proxy
       Adds the file cl.exe"="7/11/2014 11:38 PM, 55296 bytes, A
       Adds the file icon.ico"="7/11/2014 11:38 PM, 32038 bytes, A
       Adds the file proc.exe"="7/14/2014 7:24 PM, 428032 bytes, A
       Adds the file pwdg.exe"="7/14/2014 7:24 PM, 127488 bytes, A
    Adds the folder C:\Program Files\Bench\Updater
       Adds the file products.xml"="2/20/2015 9:42 AM, 376 bytes, A
       Adds the file updater.exe"="7/11/2014 11:38 PM, 69120 bytes, A
    Adds the folder C:\Program Files\Bench\Updater\1.7.0.0
       Adds the file updater.exe"="7/14/2014 7:24 PM, 419840 bytes, A
    Adds the folder C:\Program Files\Bench\Wd
       Adds the file wd.exe"="7/11/2014 11:38 PM, 92672 bytes, A
    In the existing folder C:\Users\{username}\AppData\Local
       Adds the file proxy.log"="2/20/2015 9:42 AM, 0 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\BenchUpdater
       Adds the file products.xml"="2/20/2015 9:44 AM, 447 bytes, A
    Adds the folder C:\Users\{username}\AppData\Local\Coupon Drop Down
       Adds the file chrome_gp_update.js"="7/11/2014 11:38 PM, 2348 bytes, A
       Adds the file chrome_installer.js"="7/11/2014 11:38 PM, 6304 bytes, A
       Adds the file clear_cache.js"="7/11/2014 11:38 PM, 522 bytes, A
       Adds the file common.js"="7/11/2014 11:38 PM, 13540 bytes, A
       Adds the file firefox_installer.js"="7/11/2014 11:38 PM, 6848 bytes, A
       Adds the file gpedit.exe"="7/14/2014 7:24 PM, 93184 bytes, A
       Adds the file icon.ico"="7/14/2014 7:57 PM, 32038 bytes, A
       Adds the file ie_installer.js"="7/11/2014 11:38 PM, 3685 bytes, A
       Adds the file installer.js"="7/11/2014 11:38 PM, 799 bytes, A
       Adds the file main_installer.js"="7/11/2014 11:38 PM, 1567 bytes, A
       Adds the file migrate.js"="7/11/2014 11:38 PM, 4746 bytes, A
       Adds the file projectInstaller.js"="7/11/2014 11:38 PM, 3004 bytes, A
       Adds the file repair.js"="7/11/2014 11:38 PM, 1735 bytes, A
       Adds the file SoftwareDetector.exe"="7/11/2014 11:38 PM, 78848 bytes, A
       Adds the file sqlite3.exe"="7/11/2014 11:38 PM, 492544 bytes, A
       Adds the file uninstall.exe"="2/20/2015 9:42 AM, 150941 bytes, A
    In the existing folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage
       Adds the file chrome-extension_lopecioihlfdbpggkhdmbdldiclifdpc_0.localstorage"="2/20/2015 9:42 AM, 0 bytes, A
    Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\Blocker
       Adds the file 212e90ffa529f5c99c44dc574c6f9a16"="2/20/2015 9:42 AM, 630176 bytes, A
       Adds the file 661d2a49ae9c29fdbdb0e735f567c5cf"="2/20/2015 9:42 AM, 106 bytes, A
       Adds the file 8d3f613ded3421026a6b47abd4042139"="2/20/2015 9:42 AM, 8 bytes, A
       Adds the file b24f88eb229178ba93accf228dc5b280"="2/20/2015 9:42 AM, 70 bytes, A
    Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\CanvasStorage
       Adds the file 7bf8e2b7288ee31947f028830fe682c3"="2/20/2015 9:42 AM, 28 bytes, A
       Adds the file 8ab1244a97308124c8207af9517ce460"="2/20/2015 9:42 AM, 94 bytes, A
       Adds the file a645fa10d3b7c3be385a23d8e9796994"="2/20/2015 9:42 AM, 30 bytes, A
       Adds the file c8ca0d6097bee7d978cc54b0e9075409"="2/20/2015 9:42 AM, 46 bytes, A
       Adds the file ee9adb2bad520b37c67f38edc62ec22d"="2/20/2015 9:42 AM, 230 bytes, A
    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down
       Adds the file Browser Guardian Settings.url"="2/20/2015 9:42 AM, 136 bytes, A
       Adds the file Browser Guardian.lnk"="2/20/2015 9:42 AM, 1974 bytes, A
       Adds the file Uninstall.lnk"="2/20/2015 9:42 AM, 1096 bytes, A
    In the existing folder C:\Windows\System32\drivers\etc
       Alters the file hosts
        6/10/2009 11:39 PM, 824 bytes, A ==> 2/20/2015 9:42 AM, 871 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001"="2/20/2015 9:44 AM, 3234 bytes, A
       Adds the file bench-sys"="2/20/2015 9:42 AM, 3242 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="2/20/2015 9:44 AM, 346 bytes, A
       Adds the file bench-sys.job"="2/20/2015 9:42 AM, 346 bytes, A

Registry details  
------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE]
       "38914"="REG_SZ", "Coupon Drop Down"
    [HKEY_LOCAL_MACHINE\SOFTWARE\AdvertisingSupport]
       "Seen"="REG_SZ", "1"
       "SeenDate"="REG_SZ", "1424421759"
       "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService]
       "Path"="REG_SZ", "C:\Program Files\Bench\BService\1.1"
       "Version"="REG_SZ", "1.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService\38914]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\InstalledExtensions]
       "38914"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost]
       "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\nmhost.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost\38914]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater]
       "path"="REG_SZ", "C:\Program Files\Bench\Updater\updater.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater\38914]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Coupon Drop Down]
       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Drop Down"
       "AllowProxy"="REG_SZ", "1"
       "CDN"="REG_SZ", "coupondrop-a.akamaihd.net"
       "czoneid"="REG_SZ", "12199"
       "InstallTime"="REG_SZ", "1424425359"
       "Pid"="REG_SZ", ""
       "Seen"="REG_SZ", "1"
       "SeenDate"="REG_SZ", "1424421759"
       "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd"
       "UTCInstallTime"="REG_SZ", "1424421759"
       "ZoneId"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost]
       "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\manifest.json"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
       "Bench Communicator Watcher"="REG_SZ", "C:\Program Files\Bench\Proxy\pwdg.exe"
       "Bench Settings Cleaner"="REG_SZ", "C:\Program Files\Bench\Proxy\cl.exe"
       "BService"="REG_SZ", "C:\Program Files\Bench\BService\1.1\bservice.exe"
       "Wd"="REG_SZ", "C:\Program Files\Bench\Wd\wd.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
       "Coupon Drop Down-repairJob"="REG_SZ", "wscript.exe "C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js" "Coupon Drop Down-repairJob""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\38914_Coupon Drop Down]
       "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Drop Down/icon.ico"
       "DisplayName"="REG_SZ", "Coupon Drop Down"
       "DisplayVersion"="REG_SZ", "1.0"
       "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Drop Down"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Actually Apps"
       "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Drop Down\uninstall.exe "
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="REG_BINARY, ................................
       "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job.fp"="REG_DWORD", -1783153393
       "bench-sys.job"="REG_BINARY, ................................
       "bench-sys.job.fp"="REG_DWORD", 838339457
    [HKEY_LOCAL_MACHINE\SOFTWARE\Proxy\Installations\Coupon Drop Down]
       "aoi"="REG_SZ", "1424425359"
       "domain"="REG_SZ", "coupondrop-a.akamaihd.net"
       "ext"="REG_SZ", "Coupon Drop Down"
       "format"="REG_SZ", "//{domain}/loaders/{pid}/l.js?pid={pid}&systemid={systemid}&ext={ext}&aoi={aoi}&zoneid={zoneid}&crr={crr}&type=p"
       "more_info_url"="REG_SZ", "http://browserguardian.com"
       "pid"="REG_SZ", ""
       "protect_redirect_url"="REG_SZ", "http://coupondrop-a.akamaihd.net/protect/warning?%blocked_url%"
       "settings_url"="REG_SZ", "http://coupondrop-a.akamaihd.net/protect/settings"
       "system_black_list_url"="REG_SZ", "http://coupondrop-a.akamaihd.net/protect/rules.json"
       "zoneid"="REG_SZ", ""
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
       "ProxyEnable"="REG_DWORD", 1
       "ProxyServer"="REG_SZ", "http=127.0.0.1:3128"
    [HKEY_CURRENT_USER\Software\Proxy]
       "app_name"="REG_SZ", "Coupon Drop Down"
       "AutoConfigURL"="REG_SZ", ""
       "disableChainProxy"="REG_DWORD", 0
       "ProxyEnable"="REG_DWORD", 0
       "ProxyServer"="REG_SZ", ""
       "totalFail"="REG_DWORD", 0


Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/20/2015
Scan Time: 9:52:52 AM
Logfile: mbamCouponDropDown.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.20.03
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Malwarebytes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292892
Time Elapsed: 3 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.Bprotector, C:\Program Files\Bench\Wd\wd.exe, 3628, Delete-on-Reboot, [c8ebd14fb8d23105e799985bef12b34d]
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, 3360, Delete-on-Reboot, [41720020f991fc3a1935f9a49172669a]

Modules: 6
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 

Registry Keys: 9
PUP.Optional.ActuallyApps.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\38914_Coupon Drop Down, Quarantined, [2c8707196822e74fca01893835ccb14f], 
PUP.Optional.AdevertisingSupport.A, HKLM\SOFTWARE\AdvertisingSupport, Quarantined, [fcb7829e4a40ef47d29d4062b74c4eb2], 
PUP.Optional.CouponDropDown.A, HKLM\SOFTWARE\Coupon Drop Down, Quarantined, [466d40e0d2b8bb7b910e961c30d3629e], 
PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\BService, Quarantined, [12a1e63a8efcfd39e06d9d00946f7a86], 
PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\InstalledExtensions, Quarantined, [a11251cf3951e452ad1c9033ba494fb1], 
PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\NmHost, Quarantined, [feb5a47c2d5d85b1ca00457e1ae97090], 
PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\Updater, Quarantined, [694af0305f2b1e18d2f9f0d3dc2751af], 
PUP.Optional.Bench.A, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhost, Quarantined, [aa09e63af29820168b1d9973e5205ba5], 
PUP.Optional.CouponDropDown.A, HKLM\SOFTWARE\PROXY\INSTALLATIONS\Coupon Drop Down, Quarantined, [3c771907b3d70a2c6636ded412f10ef2], 

Registry Values: 5
PUP.Optional.Bprotector, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Wd, C:\Program Files\Bench\Wd\wd.exe, Quarantined, [c8ebd14fb8d23105e799985bef12b34d]
PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BService, C:\Program Files\Bench\BService\1.1\bservice.exe, Quarantined, [41720020f991fc3a1935f9a49172669a]
PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Communicator Watcher, C:\Program Files\Bench\Proxy\pwdg.exe, Quarantined, [338033ed5832a98dfae0b315a45fd62a]
PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Settings Cleaner, C:\Program Files\Bench\Proxy\cl.exe, Quarantined, [3b7843dd4347989e7665e1e7fd06d62a]
PUP.Optional.SmartApps, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Coupon Drop Down-repairJob, wscript.exe "C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js" "Coupon Drop Down-repairJob", Quarantined, [fcb7eb357e0c55e1bea8fa13b253e51b]

Registry Data: 0
(No malicious items detected)

Folders: 10
PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater, Quarantined, [9b18c9573258b2843214736d9d6652ae], 
PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], 
PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], 
PUP.Optional.Bench.A, C:\Program Files\Bench\Wd, Delete-on-Reboot, [a50e6bb5a1e9fb3b95697ae22dd6956b], 
PUP.Optional.Bench.A, C:\Program Files\Bench\NmHost, Quarantined, [01b2b16f800a6bcb5fa01646d52e3ac6], 
PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy, Quarantined, [07ace43c4c3e01350557085e798af010], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down, Quarantined, [ebc82ff1f595e94de338d7a1d92a60a0], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 

Files: 40
PUP.Optional.Bprotector, C:\Program Files\Bench\Wd\wd.exe, Delete-on-Reboot, [c8ebd14fb8d23105e799985bef12b34d], 
PUP.Optional.ActuallyApps.A, C:\Users\{username}\Desktop\CDDinstaller.exe, Quarantined, [ac070020bfcbe45263688f32d32e639d], 
PUP.Optional.ActuallyApps.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\uninstall.exe, Quarantined, [2c8707196822e74fca01893835ccb14f], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lopecioihlfdbpggkhdmbdldiclifdpc_0.localstorage, Quarantined, [fcb7160aed9def4718ba7537dc279b65], 
PUP.Optional.Proxy.A, C:\Users\{username}\AppData\Local\proxy.log, Quarantined, [2093ce520b7f092da45aedc5cd361de3], 
PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001, Quarantined, [2c87b070890130067bf0675541c203fd], 
PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-sys, Quarantined, [c1f253cd3c4e251172f9ccf044bff709], 
PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job, Quarantined, [d7dc58c89feb51e552f3bd23b84ba25e], 
PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, Quarantined, [bdf61f013a50ce688db8c61ab2519070], 
PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater\products.xml, Quarantined, [9b18c9573258b2843214736d9d6652ae], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, Delete-on-Reboot, [41720020f991fc3a1935f9a49172669a], 
PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\pwdg.exe, Quarantined, [338033ed5832a98dfae0b315a45fd62a], 
PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\cl.exe, Quarantined, [3b7843dd4347989e7665e1e7fd06d62a], 
PUP.Optional.SmartApps, C:\Users\{username}\AppData\Local\Coupon Drop Down\repair.js, Quarantined, [fcb7eb357e0c55e1bea8fa13b253e51b], 
PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\products.xml, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], 
PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\updater.exe, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], 
PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0\updater.exe, Quarantined, [9c17cd53f694cc6a4ae32a306d96c43c], 
PUP.Optional.Bench.A, C:\Program Files\Bench\NmHost\manifest.json, Quarantined, [01b2b16f800a6bcb5fa01646d52e3ac6], 
PUP.Optional.Bench.A, C:\Program Files\Bench\NmHost\nmhost.exe, Quarantined, [01b2b16f800a6bcb5fa01646d52e3ac6], 
PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\icon.ico, Quarantined, [07ace43c4c3e01350557085e798af010], 
PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\proc.exe, Quarantined, [07ace43c4c3e01350557085e798af010], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\chrome_gp_update.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\chrome_installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\clear_cache.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\common.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\firefox_installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\gpedit.exe, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\icon.ico, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\ie_installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\main_installer.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\migrate.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\projectInstaller.js, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\SoftwareDetector.exe, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Local\Coupon Drop Down\sqlite3.exe, Quarantined, [6053ed330a807eb80514a2d6eb1830d0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down\Browser Guardian Settings.url, Quarantined, [ebc82ff1f595e94de338d7a1d92a60a0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down\Browser Guardian.lnk, Quarantined, [ebc82ff1f595e94de338d7a1d92a60a0], 
PUP.Optional.CouponDropDown.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Drop Down\Uninstall.lnk, Quarantined, [ebc82ff1f595e94de338d7a1d92a60a0], 
PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [6c4739e704860c2a9e7c01890bf808f8], 
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (54.204.28.26	lopecioihlfdbpggkhdmbdldiclifdpc), Replaced,[b300da46850578be94338f73e5219868]

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.