Microsoft – Windows – Another Day, Another Virus – This time did not bother to know its name

 

Picked up a friend’s laptop last night.

Tried starting it, but it was too slow.

Really can not be bothered to dig in too deep.

Knew it was a virus, and so attacked it soon as I got home.

Tried Kaspersky Rescue CD (https://support.kaspersky.com/viruses/rescuedisk), but after  20 to minutes, it was still at 1 to 2%.

Who has that much time on a Friday evening.

Rebooted and tried AVG Rescue CD (http://www.avg.com/us-en/avg-rescue-cd).

It appeared to be a bit faster.

Went to sleep and by mid morning it had completed its work.  Sleepily and stupidly agreed to  remove all found viruses.

Upon waking up, rebooted laptop and all is well.

One problem with the route I took is that one might not keep good record of each virus found and cleaned.

And, so I have to do more work reviewing auto-start Applications and reviewing applications in the “program and Features” applet.

One of those Applications is “Coupon Alert Toolbar”.

CouponAlertToolbar_v2

Trying to uninstall, brought up the error message stating “The specified module could not be found.”

It seems taking the high spirited brute force approach of cleaning via the Repair CD meant that I would end up with a few un-linked application handles.

To un-link I will have to directly to do so via the registry:

How to manually remove programs from the Add or Remove Programs tool
http://support.microsoft.com/kb/314481

  • In our case, we searched the for the Application’s name – “CouponAlert Toolbar”
  •  And, ended up @ “HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall”

Registry-Uninstall__CouponAlert Toolbar

The pertinent registry entry that guides’s an un-install of “CouponAlert_2pbar” is:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall]
"DisplayName"="CouponAlert Toolbar"
"HelpLink"="http://search.mywebsearch.com/mywebsearch/default.jhtml"
"Publisher"="Mindspark Interactive Network"
"UninstallString"="rundll32 C:\\PROGRA~2\\COUPON~2\\bar\\1.bin\\2pBar.dll,O"
"UrlInfoAbout"="http://search.mywebsearch.com/mywebsearch/default.jhtml"

 
 

It seems that “CustomAlert Toolbar” is linked to mywebsearch.  It is not always desirable.

So we saved the registry branch and manually deleted the entry for “CouponAlert Toolbar”.

The next time you access “Programs & Features” the deleted element (CouponAlert Toolbar) should be gone.

CouponAlertToolbar (no longer in registry)

There are other changes made to the Windows Core – Services, auto-run:

Services:

CouponAlertService

System Configuration Utility (msconfig.exe)

SystemConfiguration

  • Launch System Configuration ( msconfig.exe)
  • Access the Startup tab
  • Remove entries for “Coupon Alert Search Scope Monitor” and “Coupon Alert_2p Browser Plugin Loader”

Ready to return laptop.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s