Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Adware (Maybe Unicoupon 2.0)


  • Please log in to reply
9 replies to this topic

#1 CowboyDinosaur

CowboyDinosaur

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 November 2014 - 04:03 AM

Hello, I have been having a problem with being redirected whenever I click a link. I noticed an extension called 'Unicoupon 2.0' that kept appearing on Firefox and Chrome. I tried deleting/disabling it but every time I restarted the browser it would reappear.

I ran MalwareBytes and Comodo's Antivirus scans on it. Malwarebytes picked it up and deleted the files from my computer, but I am still having the issue. In ProgramData, I removed Unicoupon files along with others called SmartShopper and GoldenCoupon. 

I have run MalwareBytes and Comodo's Anitvirus again, restarting every time it asked me. I ran CCleaner to clean up my registry afterwards, but it didn't seem to pick anything up.

Please help me, I really would like to get rid of this. Mostly it affects links on Tumblr.com. I am not sure why.

It redirects to "rewardzone.seedanswer.biz" and "stylene.net"


Edited by CowboyDinosaur, 14 November 2014 - 04:16 AM.


BC AdBot (Login to Remove)

 


m

#2 xAnti_HerOx

xAnti_HerOx

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:02:35 PM

Posted 14 November 2014 - 04:27 AM

I would suggest also Removing any and All Extensions that you have running in any/all Browsers you have.
 
Hopefully if it is nothing serious it should resolve the issue.
 
Internet Explorer
  • Press Alt+T and click Internet Options.
  • Open the Program tab.
  • Click Manage Add-ons.
  • Click Toolbars and Extensions and remove unwanted extension.
  • Click Search Providers and set a new default search engine.
 
Google Chrome
  • Press Alt+F and point to Tools.
  • Click Extensions.
  • Remove unwanted extensions.
  • Under Search, click Manage search engines and click enter the URL of your new default search provider. Click Ok.
 
Remove from Mozilla Firefox
  • Press Alt+T and click Options.
  • Open the General tab and change the home page.
  • Click OK.
  • Press Ctrl+Shift+A and click Extensions.
  • Remove unwanted extensions.
  • Close the tab.
  • Click the search engine icon next to the search box and select a new search provider.

I also assume that you checked Programs and Features.

 

If they still remain, I would recommend running Adwcleaner as it is pretty good with removing Re/Directs and or Pop Ups

 
 

icon1349013334.jpg

Download AdwCleaner  HERE onto your desktop.

 

 

Double Click the Tool

 

1. Close all open programs and internet browsers.

2. Double click on AdwCleaner.exe to run the tool. 

3. Click on Scan.

4. After the scan is complete click on "Clean"

5. Confirm each time with Ok.

 

NOTE : Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next answer.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

 


Edited by xAnti_HerOx, 14 November 2014 - 04:27 AM.

4mKMIUp.jpg

 

"The human spirit must prevail over technology". -Albert Einstein 


#3 CowboyDinosaur

CowboyDinosaur
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 November 2014 - 05:09 AM

I checked and the issue is still persisting.  Here is the log file. 
 

# AdwCleaner v4.101 - Report created 14/11/2014 at 03:57:48
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Milo - MILO-PC
# Running from : C:\Users\Milo\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\58821baccebad084
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Deleted : C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkhiddjcdmlpbhonmdhkdahaacojche
Folder Deleted : C:\Users\Milo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Deleted : C:\Users\Milo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gjkhiddjcdmlpbhonmdhkdahaacojche
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
File Deleted : C:\Users\Milo\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\Milo\AppData\Roaming\regsvr32.exe_log.txt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}
Key Deleted : HKCU\Software\LiveSupport
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~2.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v33.1 (x86 en-US)

[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.4W0XTQ0yzsU.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumo[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.Ox22GpsXX2e.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumo[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.YXv0Eor.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.br_Vkbqu0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumoro[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.ctARnAQZQKIs.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sum[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.dQV_CPreWUY.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumo[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.jAdbL.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorobo.n[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.trusted-ads.ExLst", "{\"u\":{\"v\":\"1.70\",\"d\":\"032414\"},\"h\":{\"pogo.com\":{\"p\":[{\"e\":\"/.*/\",\"r\":[\"/connect\\\\.facebook\\\\.net\\\\/en_US\\\\/all\\\\.js$/i\"]}]}[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.trusted-ads.list_api", "{\"r\":[\"hxxp://24x7homesecurity.com/\",\"hxxp://a1supplements.com/\",\"hxxp://aactionair.net/\",\"hxxp://abcnews.go.com/\",\"hxxp://adp.com/\",\"hxxp://[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.trusted-ads.serpInject", "{\"u\":{\"v\":\"2.72\",\"d\":\"061714\"},\"l\":\"hxxp://search.adtrustmedia.com/search_safecontent.php\",\"e\":[{\"u\":\"hxxp://ads.adtrustmedia.com/con[...]
[fes9b80i.default\prefs.js] - Line Deleted : user_pref("extensions.trusted-ads.serp_mywebsearch", "\"%2F*!%20serp-mywebsearch%20-%20v0.1.10%20-%202014-04-07%2018%3A21%3A58%20*%2F%0D%0Avar%20u%20%3D%20%7B%7D%3B%0A%0Avar%20Util%20%3D%20%7B%0A%09de[...]

-\\ Google Chrome v34.0.1847.131

[C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : gjkhiddjcdmlpbhonmdhkdahaacojche

-\\ Comodo Dragon v33.1.0.0

[C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Milo\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Milo\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Milo\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : gjkhiddjcdmlpbhonmdhkdahaacojche

*************************

AdwCleaner[R0].txt - [6720 octets] - [14/11/2014 03:55:42]
AdwCleaner[S0].txt - [7039 octets] - [14/11/2014 03:57:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7099 octets] ##########



#4 CowboyDinosaur

CowboyDinosaur
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 November 2014 - 04:14 PM

I am running the Junkware Removal Tool to see if it picks it up. 

Edit: No luck. Didn't find anything.


Edited by CowboyDinosaur, 14 November 2014 - 04:45 PM.


#5 xAnti_HerOx

xAnti_HerOx

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:02:35 PM

Posted 14 November 2014 - 05:11 PM

I would now recommend Uninstalling and Re/Installing your browsers.

I would say to use CCleaner to Remove Fire Fox and Chrome as well as any traces of them.

If whatever is causing this issue is stuck on the browsers, then re/installation might be the way to go. 

 

Once you have uninstalled them. You can Re/Install them. 

  • HERE is the Link for FF
  • HERE is the Link for Chrome

4mKMIUp.jpg

 

"The human spirit must prevail over technology". -Albert Einstein 


#6 CowboyDinosaur

CowboyDinosaur
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 November 2014 - 05:24 PM

Okay. I will do that. I ran RougeKiller as well and this was the log from that, just in case it's of interest.

Edited by Queen-Evie, 14 November 2014 - 08:29 PM.
deleted RogueKiller log as it is not allowed in Am I Infected. It is allowed only in Malware Removal Logs.


#7 CowboyDinosaur

CowboyDinosaur
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 November 2014 - 05:40 PM

No dice. I reinstalled both Firefox and Chrome. I am still being redirected whenever I click on certain links. 



#8 xAnti_HerOx

xAnti_HerOx

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:02:35 PM

Posted 14 November 2014 - 05:40 PM

Okay. Does not look like it found the root issue .

 

Rogue Killer is not an approved tool for Members to Recommend using because : 

 

Most of these tools require guidance and supervision by trained experts. Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible. "

 

So please be careful when you use such a tool.

 

But either way, keep us updated once you do the Re/Installation. 


4mKMIUp.jpg

 

"The human spirit must prevail over technology". -Albert Einstein 


#9 CowboyDinosaur

CowboyDinosaur
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 14 November 2014 - 05:49 PM

Okay, I think I was able to solve the problem. I asked a friend to click some of the links that were causing me to be redirected and determined that it was just a few infected blogs and not specifically my computer. Thank you so much for your help!



#10 xAnti_HerOx

xAnti_HerOx

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles
  • Local time:02:35 PM

Posted 14 November 2014 - 06:19 PM

Okay, if that is the case I would recommend downloading 

 

Adblocker for both FireFox and Chrome. 

 

Will help keep those pesky ads and pop ups away . 


4mKMIUp.jpg

 

"The human spirit must prevail over technology". -Albert Einstein 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users