What is Coupon Alerts?
The Malwarebytes research team has determined that Coupon Alerts is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by Coupon Alerts?
You may see this entry in your list of installed programs:
this icon in your taskbar:
and these warnings during install:
and this proxy in IE under Internet options > Connections > LAN settings > proxy server > Advanced :
How did Coupon Alerts get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove Coupon Alerts?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes Coupon Alerts completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Coupon Alerts adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
You will see these signs in a HijackThis log:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3128
O1 - Hosts: 54.204.28.26 cbaiddeoemldinncijanafifphajjppj
O4 - HKLM\..\Run: [BService] C:\Program Files (x86)\Bench\BService\bservice.exe
O4 - HKLM\..\Run: [Wd] C:\Program Files (x86)\Bench\Wd\wd.exe
O4 - HKLM\..\Run: [Bench Communicator Watcher] C:\Program Files (x86)\Bench\Proxy\pwdg.exe
O4 - HKLM\..\Run: [Bench Settings Cleaner] C:\Program Files (x86)\Bench\Proxy\cl.exe
O4 - HKLM\..\RunOnce: [Coupon Alerts-repairJob] wscript.exe "C:\Users\{username}\AppData\Local\Coupon Alerts\repair.js" "Coupon Alerts-repairJob"
You may see these signs in FRST logs:
() C:\Program Files (x86)\Bench\BService\bservice.exe
() C:\Program Files (x86)\Bench\Wd\wd.exe
() C:\Program Files (x86)\Bench\Proxy\pwdg.exe
() C:\Program Files (x86)\Bench\Proxy\proc.exe
HKLM-x32\...\Run: [BService] => C:\Program Files (x86)\Bench\BService\bservice.exe [51712 2014-05-29] ()
HKLM-x32\...\Run: [Wd] => C:\Program Files (x86)\Bench\Wd\wd.exe [61952 2014-05-29] ()
HKLM-x32\...\Run: [Bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe [111616 2014-05-29] ()
HKLM-x32\...\Run: [Bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe [55296 2014-05-29] ()
HKLM-x32\...\RunOnce: [Coupon Alerts-repairJob] => wscript.exe "C:\Users\{username}\AppData\Local\Coupon Alerts\repair.js" "Coupon Alerts-repairJob"
ProxyEnable: [HKLM-x32] => ProxyEnable is set
ProxyServer: [HKLM-x32] => http=127.0.0.1:3128
ProxyEnable: [{userid}] => Internet Explorer proxy is enabled.
ProxyServer: [{userid}] => http=127.0.0.1:3128
C:\Users\{username}\AppData\Local\BenchUpdater
C:\Windows\System32\Tasks\bench-{userid}
C:\Windows\Tasks\bench-{userid}.job
C:\Users\{username}\AppData\Local\Coupon Alerts
C:\Windows\System32\Tasks\bench-sys
C:\Windows\Tasks\bench-sys.job
C:\Users\{username}\AppData\Local\proxy.log
C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Alerts
C:\Program Files (x86)\Bench
Coupon Alerts (HKLM-x32\...\37436_Coupon Alerts) (Version: 1.3 - Exciting Apps) <==== ATTENTION
Task: {53BD9A27-C26E-49C1-B43B-95C6C69FE4EB} - System32\Tasks\bench-{userid} => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-05-29] () <==== ATTENTION
Task: {7A22124B-4D89-457E-8899-588F4C7D4033} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-05-29] () <==== ATTENTION
Task: C:\Windows\Tasks\bench-{userid}.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files (x86)\Bench\BService
Adds the file bhelper.dll"="29/05/2014 20:35, 53248 bytes, A
Adds the file bservice.exe"="29/05/2014 20:35, 51712 bytes, A
Adds the folder C:\Program Files (x86)\Bench\NmHost
Adds the file manifest.json"="29/05/2014 20:35, 117 bytes, A
Adds the file nmhost.exe"="29/05/2014 20:35, 165376 bytes, A
Adds the folder C:\Program Files (x86)\Bench\Proxy
Adds the file cl.exe"="29/05/2014 20:35, 55296 bytes, A
Adds the file icon.ico"="29/05/2014 20:35, 32038 bytes, A
Adds the file proc.exe"="29/05/2014 20:35, 410624 bytes, A
Adds the file pwdg.exe"="29/05/2014 20:35, 111616 bytes, A
Adds the folder C:\Program Files (x86)\Bench\Updater
Adds the file products.xml"="28/07/2015 10:27, 383 bytes, A
Adds the file updater.exe"="29/05/2014 20:35, 69120 bytes, A
Adds the folder C:\Program Files (x86)\Bench\Updater\1.7.0.0
Adds the file updater.exe"="29/05/2014 20:35, 468480 bytes, A
Adds the folder C:\Program Files (x86)\Bench\Wd
Adds the file wd.exe"="29/05/2014 20:35, 61952 bytes, A
In the existing folder C:\Users\{username}\AppData\Local
Adds the file proxy.log"="28/07/2015 10:27, 0 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\BenchUpdater
Adds the file products.xml"="28/07/2015 10:28, 444 bytes, A
Adds the folder C:\Users\{username}\AppData\Local\Coupon Alerts
Adds the file chrome_gp_update.js"="29/05/2014 20:35, 2348 bytes, A
Adds the file chrome_installer.js"="29/05/2014 20:35, 5662 bytes, A
Adds the file common.js"="29/05/2014 20:35, 12835 bytes, A
Adds the file gpedit.exe"="29/05/2014 20:35, 113664 bytes, A
Adds the file icon.ico"="16/06/2014 03:21, 32038 bytes, A
Adds the file installer.js"="29/05/2014 20:35, 774 bytes, A
Adds the file main_installer.js"="29/05/2014 20:35, 1567 bytes, A
Adds the file migrate.js"="29/05/2014 20:35, 4746 bytes, A
Adds the file projectInstaller.js"="29/05/2014 20:35, 3004 bytes, A
Adds the file repair.js"="29/05/2014 20:35, 1735 bytes, A
Adds the file SoftwareDetector.exe"="29/05/2014 20:35, 78336 bytes, A
Adds the file sqlite3.exe"="29/05/2014 20:35, 492544 bytes, A
Adds the file uninstall.exe"="28/07/2015 10:27, 147854 bytes, A
Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\Blocker
Adds the file 212e90ffa529f5c99c44dc574c6f9a16"="28/07/2015 10:27, 630176 bytes, A
Adds the file 661d2a49ae9c29fdbdb0e735f567c5cf"="28/07/2015 10:27, 106 bytes, A
Adds the file 8d3f613ded3421026a6b47abd4042139"="28/07/2015 10:27, 8 bytes, A
Adds the file b24f88eb229178ba93accf228dc5b280"="28/07/2015 10:27, 70 bytes, A
Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\CanvasStorage
Adds the file 7bf8e2b7288ee31947f028830fe682c3"="28/07/2015 10:27, 28 bytes, A
Adds the file 8ab1244a97308124c8207af9517ce460"="28/07/2015 10:27, 94 bytes, A
Adds the file a645fa10d3b7c3be385a23d8e9796994"="28/07/2015 10:27, 30 bytes, A
Adds the file c8ca0d6097bee7d978cc54b0e9075409"="28/07/2015 10:27, 46 bytes, A
Adds the file ee9adb2bad520b37c67f38edc62ec22d"="28/07/2015 10:27, 230 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Alerts
Adds the file Browser Guardian Settings.url"="28/07/2015 10:27, 144 bytes, A
Adds the file Uninstall.lnk"="28/07/2015 10:27, 1092 bytes, A
In the existing folder C:\Windows\System32\drivers\etc
Alters the file hosts
10/06/2009 23:00, 824 bytes, A ==> 28/07/2015 10:27, 871 bytes, A
In the existing folder C:\Windows\System32\Tasks
Adds the file bench-{userid}"="28/07/2015 10:28, 3234 bytes, A
Adds the file bench-sys"="28/07/2015 10:27, 3248 bytes, A
In the existing folder C:\Windows\Tasks
Adds the file bench-{userid}.job"="28/07/2015 10:28, 352 bytes, A
Adds the file bench-sys.job"="28/07/2015 10:27, 352 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"bench-{userid}.job"="REG_BINARY, ................................
"bench-{userid}.job.fp"="REG_DWORD", 739631050
"bench-sys.job"="REG_BINARY, ................................
"bench-sys.job.fp"="REG_DWORD", -329032436
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node]
"37436"="REG_SZ", "Coupon Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AdvertisingSupport]
"Seen"="REG_SZ", "1"
"SeenDate"="REG_SZ", "1438072053"
"SystemId"="REG_SZ", "0b4e404aef68e2e0fc6460246068feca"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bench\BService\37436]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bench\InstalledExtensions]
"37436"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bench\NmHost]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Bench\NmHost\nmhost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bench\NmHost\37436]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bench\Updater]
"path"="REG_SZ", "C:\Program Files (x86)\Bench\Updater\updater.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Bench\Updater\37436]
"(Default)"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Coupon Alerts]
"(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Alerts"
"AllowProxy"="REG_SZ", "1"
"CDN"="REG_SZ", "couponalerts-a.akamaihd.net"
"czoneid"="REG_SZ", "12199"
"InstallTime"="REG_SZ", "1438079253"
"Pid"="REG_SZ", ""
"Seen"="REG_SZ", "1"
"SeenDate"="REG_SZ", "1438072053"
"SystemId"="REG_SZ", "0b4e404aef68e2e0fc6460246068feca"
"UTCInstallTime"="REG_SZ", "1438072053"
"ZoneId"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\NativeMessagingHosts\com.bench.nmhost]
"(Default)"="REG_SZ", "C:\Program Files (x86)\Bench\NmHost\manifest.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"="REG_SZ", ""
"ProxyEnable"="REG_DWORD", 1
"ProxyServer"="REG_SZ", "http=127.0.0.1:3128"
"ProxySettingsPerUser"="REG_DWORD", 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Bench Communicator Watcher"="REG_SZ", "C:\Program Files (x86)\Bench\Proxy\pwdg.exe"
"Bench Settings Cleaner"="REG_SZ", "C:\Program Files (x86)\Bench\Proxy\cl.exe"
"BService"="REG_SZ", "C:\Program Files (x86)\Bench\BService\bservice.exe"
"Wd"="REG_SZ", "C:\Program Files (x86)\Bench\Wd\wd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Coupon Alerts-repairJob"="REG_SZ", "wscript.exe "C:\Users\{username}\AppData\Local\Coupon Alerts\repair.js" "Coupon Alerts-repairJob""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\37436_Coupon Alerts]
"DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Alerts/icon.ico"
"DisplayName"="REG_SZ", "Coupon Alerts"
"DisplayVersion"="REG_SZ", "1.3"
"InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Alerts"
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "Exciting Apps"
"UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\Coupon Alerts\uninstall.exe "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Proxy]
"AutoConfigURL"="REG_SZ", ""
"ProxyEnable"="REG_DWORD", 0
"ProxyServer"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Proxy\Installations\Coupon Alerts]
"aoi"="REG_SZ", "1438079253"
"domain"="REG_SZ", "couponalerts-a.akamaihd.net"
"ext"="REG_SZ", "Coupon Alerts"
"format"="REG_SZ", "//{domain}/loaders/{pid}/l.js?pid={pid}&systemid={systemid}&ext={ext}&aoi={aoi}&zoneid={zoneid}&crr={crr}&type=p"
"pid"="REG_SZ", ""
"protect_redirect_url"="REG_SZ", "http://couponalerts-a.akamaihd.net/protect/warning?%blocked_url%"
"settings_url"="REG_SZ", "http://couponalerts-a.akamaihd.net/protect/settings"
"system_black_list_url"="REG_SZ", "http://couponalerts-a.akamaihd.net/protect/rules.json"
"zoneid"="REG_SZ", ""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"="REG_DWORD", 1
"ProxyServer"="REG_SZ", "http=127.0.0.1:3128"
[HKEY_CURRENT_USER\Software\Proxy]
"AutoConfigURL"="REG_SZ", ""
"disableChainProxy"="REG_DWORD", 0
"ProxyEnable"="REG_DWORD", 0
"ProxyServer"="REG_SZ", ""
"totalFail"="REG_DWORD", 0
[HKEY_CURRENT_USER\Software\Proxy\installations\Coupon Alerts]
"czoneid"="REG_SZ", "71533770"
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 28/07/2015
Scan Time: 10:39
Logfile: mbamCouponAlerts.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.07.28.01
Rootkit Database: v2015.07.22.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327952
Time Elapsed: 4 min, 7 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 4
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Proxy\proc.exe, 2816, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3]
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Proxy\pwdg.exe, 3720, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3]
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\bservice.exe, 1016, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3]
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Wd\wd.exe, 3128, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3]
Modules: 5
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\bhelper.dll, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\bhelper.dll, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\bhelper.dll, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\bhelper.dll, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\bhelper.dll, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
Registry Keys: 10
PUP.Optional.CouponAlerts.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\37436_Coupon Alerts, Quarantined, [b76a8364682259ddf1572eddd72ab34d],
PUP.Optional.AdevertisingSupport.A, HKLM\SOFTWARE\WOW6432NODE\AdvertisingSupport, Quarantined, [9091a93e0981d85ea471899d23e043bd],
PUP.Optional.CouponAlerts.A, HKLM\SOFTWARE\WOW6432NODE\Coupon Alerts, Quarantined, [839eae392f5bc76f1722c281d82bb848],
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\BENCH\BService, Quarantined, [42df905726641521f27b1809cf348b75],
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\BENCH\InstalledExtensions, Quarantined, [35ec0cdb1b6f93a3391c5ae7778c4eb2],
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\BENCH\NmHost, Quarantined, [4ad7fbecf1991323ababb28f0af9a45c],
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\BENCH\Updater, Quarantined, [ee3301e6c3c7dd59c0979ba6a45fcd33],
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhost, Quarantined, [839e7b6c21696cca06b7136b24e0fc04],
PUP.Optional.CouponAlerts.A, HKLM\SOFTWARE\WOW6432NODE\PROXY\INSTALLATIONS\Coupon Alerts, Quarantined, [80a150973c4e53e303625be4689b51af],
PUP.Optional.CouponAlerts.A, HKCU\SOFTWARE\PROXY\INSTALLATIONS\Coupon Alerts, Quarantined, [cb5695529cee6cca86de8fb055ae3ac6],
Registry Values: 7
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Settings Cleaner, C:\Program Files (x86)\Bench\Proxy\cl.exe, Quarantined, [4dd48166177369cd010d2a6b3cc80df3]
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Communicator Watcher, C:\Program Files (x86)\Bench\Proxy\pwdg.exe, Quarantined, [4dd48166177369cd010d2a6b3cc80df3]
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BService, C:\Program Files (x86)\Bench\BService\bservice.exe, Quarantined, [4dd48166177369cd010d2a6b3cc80df3]
PUP.Optional.Bench.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Wd, C:\Program Files (x86)\Bench\Wd\wd.exe, Quarantined, [4dd48166177369cd010d2a6b3cc80df3]
PUM.Bad.Proxy, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:3128, Quarantined, [839e4b9cd8b2da5cc8eb15228e75a65a]
PUP.Optional.SmartApps, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Coupon Alerts-repairJob, wscript.exe "C:\Users\{username}\AppData\Local\Coupon Alerts\repair.js" "Coupon Alerts-repairJob", Quarantined, [c45d687f1773280e9b941a6548bca35d]
PUM.Bad.Proxy, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:3128, Quarantined, [9b8617d09af0d16598d2d86831d25ca4]
Registry Data: 0
(No malicious items detected)
Folders: 10
PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater, Quarantined, [2ef327c097f336000fd91243699a4ab6],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Proxy, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\NmHost, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Updater, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Updater\1.7.0.0, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Wd, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Alerts, Quarantined, [36ebd4136129f0464513d315b84acb35],
Files: 36
PUP.Optional.CouponAlerts.A, C:\Users\{username}\Desktop\install.exe, Quarantined, [b0710fd8c7c39a9c7ccc86858d74a35d],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\uninstall.exe, Quarantined, [b76a8364682259ddf1572eddd72ab34d],
PUP.Optional.Proxy.A, C:\Users\{username}\AppData\Local\proxy.log, Delete-on-Reboot, [8c9513d47b0fe353d538979dc1429868],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cbaiddeoemldinncijanafifphajjppj_0.localstorage, Quarantined, [c958b33492f8241254761c1b679cfa06],
PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-S-1-5-21-612512518-1730918975-1677248042-1002, Quarantined, [1011796ec9c152e48b60ff3c1be86e92],
PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-sys, Quarantined, [67ba9c4ba0ea1125bc2f211a56ad8b75],
PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-S-1-5-21-612512518-1730918975-1677248042-1002.job, Quarantined, [30f1e8ff8dfdb6806087b99c1ee54fb1],
PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, Quarantined, [27fa13d42b5f63d30cdbe273f70c867a],
PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater\products.xml, Quarantined, [2ef327c097f336000fd91243699a4ab6],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Proxy\icon.ico, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Proxy\cl.exe, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Proxy\proc.exe, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Proxy\pwdg.exe, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\bhelper.dll, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\BService\bservice.exe, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\NmHost\manifest.json, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\NmHost\nmhost.exe, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Updater\products.xml, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Updater\updater.exe, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Updater\1.7.0.0\updater.exe, Quarantined, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.Bench.A, C:\Program Files (x86)\Bench\Wd\wd.exe, Delete-on-Reboot, [4dd48166177369cd010d2a6b3cc80df3],
PUP.Optional.SmartApps, C:\Users\{username}\AppData\Local\Coupon Alerts\repair.js, Quarantined, [c45d687f1773280e9b941a6548bca35d],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\chrome_gp_update.js, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\chrome_installer.js, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\common.js, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\gpedit.exe, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\icon.ico, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\installer.js, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\main_installer.js, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\migrate.js, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\projectInstaller.js, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\SoftwareDetector.exe, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Local\Coupon Alerts\sqlite3.exe, Quarantined, [ba6726c1deac94a2f0c7e4000af88a76],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Alerts\Browser Guardian Settings.url, Quarantined, [36ebd4136129f0464513d315b84acb35],
PUP.Optional.CouponAlerts.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Coupon Alerts\Uninstall.lnk, Quarantined, [36ebd4136129f0464513d315b84acb35],
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (54.204.28.26 cbaiddeoemldinncijanafifphajjppj), Replaced,[fb26945383072c0a1b980472f70eec14]
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
