1. /
  2. Security Response/
  3. Adware.TopMoxie

Adware.TopMoxie - Removal

Updated:
February 13, 2007 11:36:16 AM
Type:
Adware
Publisher:
Top Moxie Inc
Risk Impact:
Medium
File Names:
Couponsandoffers.exe Main.class WebSavingsfromEbates.exe
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Uninstall "Coupons and Offers" using the Add/Remove Programs utility.
  3. Run a full system scan and delete all the files detected as Adware.TopMoxie.
  4. Delete the value that was added to the registry.
  5. Delete any remaining files relating to Adware.TopMoxie
For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. Uninstalling the Adware
  1. Do one of the following:
    • On the Windows 98 taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.

    • On the Windows Me taskbar:
      1. Click Start > Settings > Control Panel.
      2. In the Control Panel window, double-click Add/Remove Programs.
        If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."

    • On the Windows 2000 taskbar:
      By default, Windows 2000 is set up the same as Windows 98. In that case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings, point to Control Panel, and then click Add/Remove Programs.

    • On the Windows XP taskbar:
      1. Click Start > Control Panel.
      2. In the Control Panel window, double-click Add or Remove Programs.

  2. Click "Coupons and offers" or "Web Savings From Ebates"


    Note: You may need to use the scroll bar to view the whole list.

  3. Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.

3. Scanning for and deleting the files
  1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  2. Run a full system scan.
  3. If any files are detected as Adware.TopMoxie, click Delete.


    Notes:
  • If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
  • This is done to make sure that all the files were removed. If you ran the Add/Remove programs applet as described in the previous section, it is possible that all the files were removed, and therefore none will be detected.
4. Deleting the value from the registry

WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.


Note: This is done to make sure that all the keys are removed. They may not be there if the uninstaller removed them.

  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type regedit

    Then click OK. (The Registry Editor opens.)

  3. Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  4. In the right pane, delete the appropriate value:

    "couponsandoffers" = "wjview /cp:p "C:\Program Files\couponsandoffers\
    System\Code" Main lp: "C:\Program Files\couponsandoffers"


    "WebSavingsFromEbates" = "javaw -cp "C:\Program Files\WebSavingsFromEbates\System\Code" main pl: "C:\Program Files\WebSavingsfromEbates"

  5. Exit the Registry Editor.

5. Navigate to one of the folder described in Technical Details, Step 1 and delete the folder and its contents.


Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report