Friday, May 23, 2014

CouponDropDown, Stop “Ads by CouponDropDown” from Popping up

VilmaTech Onlione Support and this website
should not be mistakenly taken to be
associated, affiliated, sponsored
or owned by
CouponDropDown’s creator
or distributors.
The provision of information
and solution is the one and only intent.






OUTLINE
  • CouponDropDown Detected
  • Is CouponDropDown malware?
  • One should notice the potential dangers from CouponDropDown
  • Follow removal thread to remove ads by ouponDropDown


I attempted to download what I thought was a video from a reputable site, but instead I ended up with some obnoxious pop up malware called CouponDropDown. I can't locate it to uninstall, although I did uninstall the program it piggybacked on. It doesn't show up in extensions either.



One should be well informed of the followings:
  • The name of the extension is not necessarily the same as the application/item.
  • There can be multiple extensions for just one item.
  • CouponDropDown could result in additional installations of web applications including toolbar, ads and hijacker such as:
1ClickDown
1ClickDownloader
FB Photo Zoom
GoPhoto.it
HDvid Codec
IB Updater
Incredibar Toolbar
OneClickDownload
OneClickDownloader
Online HD TV
PutLockerDownload
StartNow 
TornTV
Yontoo  
  • CouponDropDown ads could slow down both PC and browser performance and might be very well captured by virus.


Is CouponDropDown Malware?


It is believed that what we call “malware” is not malware as-is. Technically, CouponDropDown ad is not malware, it is categorized as PUP (potentially unwanted programs). It is created to:
  1. Intercept traffic.
  2. Show ads to PC users for high exposure and better promotion.
  3. Collect the information on the surfing preference so as to decide which operators to cooperate with and where to place itself so as to get huge traffic from one single system within a short period of time. Backdoor program is adopted to allow its maker to access the collected information for analysis.
It is not a virus, with slightly-modified BHO and JS techniques, browser settings and DNS settings will be modified accordingly so that CouponDropDown manages to preload itself onto a machine and harass the machine frequently.



Potential Dangers from CouponDropDown Need Attention


To make it convincible that CouponDropDown owns loose structure, a list of some part of its values is offered below:
HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox
HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055435552}
HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066436652}
HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077437752}
HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044434452}
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011431152}
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022432252}
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{33333333-3333-3333-3333-330033433352}

Such loose structure will give infections a fat chance to take advantage of its bug for easy infiltration. In other word, getting CouponDropDown ads can probably get additional virus. Besides, as a web application indulging in obtaining traffic crazily, CouponDropDown would bundle with other web applications. As a consequence, more items will pile up in local disk to overwhelm the machine, leaving little CPU/internal resource to keep the proper functioning and the machine will be then compromised to be susceptible to virus.

Once CouponDropDown is captured by random virus, BHO technique would help virus to preload into DataBase and JS technique will be utilized to help record any in-put information, including the log-in credentials of all your accounts.

live chat to get expert help in removing CouponDropDownIt is not worth taking such risk and a solid way to remove CouponDropDown ads is in desperate need. Since CouponDropDown is not technically a virus, it is no use employing anti-virus program. Below is the manual method to follow up. Be noted that certain level of computer knowledge and skill is required to carry out the below removal thread as what has been made clear that random items can worm into the target machine through CouponDropDown and the name of the dropped-down files can vary. In the event that you need expert help, just start a live chat to contact Global PC Support Center.



Manual Thread On Removing CouponDropDown 


1. Reset browser settings.

IE
Tools menu > Internet Options > Advanced tab > Restore Defaults button > OK.

Firefox
Firefox button > Help > Troubleshooting information > ‘Reset Firefox’ button.

Chrome
‘Customize and Control Google Chrome’ menu > ‘Options’ > ‘Under the Hood’ > ‘Reset to Defaults’ button.

Opera
Show hidden files and folders (explicit instruction shown in Step5) > navigate to "C:\Users\user_name\AppData\Roaming\Opera\Opera\" > remove Operapref.ini.

Safari
Safari menu > ‘Reset Safari’ > tick all given options > ‘Reset’ button.



2. Enable pop-up blocker to stop CouponDropDown from popping up.

IE
Tools > Options > Privacy tab > “Block pop-ups” > stop CouponDropDown from popping up.

Firefox
Tools > Options > Web features button > block CouponDropDown from popping up.

Chrome
Tool menu > Options > “Under the Hood” tab > “Content Settings” > “Pop-ups” > “Exceptions” > rule out CouponDropDown popup.

Opera
Opera’s menu > “settings” > “Preference” > General tab > “Pop-up” > “Block Unwanted Pop-ups” > OK button.

Safari
“Safari” > “Preference”>“Security” tab > check “Block pop-up windows".



3. End CouponDropDown's running process.

For Windows users
Access Task Manager > View > select columns > tick "PID" and "Path name" > go to open up System Information > end the process with path name directing to CouponDropDown's path.
select columns to help end the processes related to CouponDropDown correctly

For Mac OS X users
Applications > Utilities > Activity Monitor > click open the suspected processes > "Open ports and files" > end the process with path name directing to CouponDropDown's path.
access Activity Monitor to end CouponDropDown's processes



4.Remove all the Temp files under the following directories.

Windows 7/XP/Vista
Click open ‘Control Panel’ > search for ‘Folder Options’ > tap View tab > tick ‘Show hidden files and folders' and non-tick 'Hide protected operating system files (Recommended)’.

Windows 8
Start screen > open any folder > open Windows Explorer > select View tab > Tick ‘File name extensions’ and ‘Hidden items’ options. 

  • navigate to the following directories and remove all the files and folders:
C:\WINDOWS\Temp
C:\Documents and Settings\[user name]\Local Settings\Temp
C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File
  •  remove the following listed items:
    (tip: the below directories are for 86 bit computers only, they can be different on other system)
%ProgramFilesX86%\CouponDropDown\
%ProgramFilesX86%\CouponDropDown\CouponDropDown.dll
%ProgramFilesX86%\CouponDropDown\CouponDropDown.exe
%ProgramFilesX86%\CouponDropDown\CouponDropDown.ico
%ProgramFilesX86%\CouponDropDown\CouponDropDown.ini
%ProgramFilesX86%\CouponDropDown\CouponDropDownGui.exe
%ProgramFilesX86%\CouponDropDown\CouponDropDownInstaller.log
%ProgramFilesX86%\CouponDropDown\Uninstall.exe
%LocalAppData%\CouponDropDown\
%LocalAppData%\CouponDropDown\Chrome\
%LocalAppData%\CouponDropDown\Chrome\CouponDropDown.crx 

Mac OS X
Finder > Utilities folder > terminal:
access Mac's Terminal to remove the temp files generated by CouponDropDown

  1. type
    cd ~/Library/Logs
    sudo rm -rf ~/Library/Logs/*
    and press Return button.

  2. type
    rm -rf ~/Library/Safari/Downloads.plist
    cd ~/Library/Caches
    sudo rm -rf ~/Library/Caches/*
    and press Return button.



5. Access DataBase to Remove the following listed entries.
(Tip: no need for Mac users)

Win+R key combination > Run box > type "regedit" > Enter key > navigate to the following entries.
HKCU\Software\AppDataLow\Software\CouponDropDown\
HKCU\Software\AppDataLow\Software\Crossrider
HKCU\Software\Cr_Installer
HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO
HKLM\SOFTWARE\Classes\CrossriderApp0004352.FBApi
HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox
HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055435552}
HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066436652}
HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077437752}
HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044434452}
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110011431152}
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022432252}
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{33333333-3333-3333-3333-330033433352}
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055435552}
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066436652}
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077437752}
HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440044434452}
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011431152}
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022432252}
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033433352}
HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055435552}
HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066436652}
HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077437752}
HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{44444444-4444-4444-4444-440044434452}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\New Windows\Allow\*.crossrider.com
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponDropDown
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011431152}

CouponDropDown is a potentially unwanted program carrying potential dangers. It is not a news that additional virus gets in after CouponDropDown and the PC performance is degraded. Such PUP has long been active on the Internet and some very explicit steps have lost efficacy as the name of the generated files vary. This is why VilmaTech Online Support offers removal thread. In the case where additional virus gets in, seek corresponding solution in virus reservoir, or as alternative, get quick fix according to your concrete situation by starting a live chat window.

get expert help in removing CouponDropDown




No comments: