Jump to content

Recommended Posts

  • Staff

What is Coupon Printer?

The Malwarebytes research team has determined that Coupon Printer is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Coupon Printer?

You may see this entry in your list of installed software:

warning4.png

and these warnings during install:

warning1.png

warning2.png

warning3.png

How did Coupon Printer get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their website:

website.png

How do I remove Coupon Printer?

Our program Malwarebytes can detect and remove this potentially unwanted program.

  • Please download Malwarebytes for Windows to your desktop.
  • Double-click MBSetup.exe and follow the prompts to install the program.
  • When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
  • Click on the Get started button.
  • Click Scan to start a Threat Scan.
  • When the scan is finished click Quarantine to remove the found threats.
  • Reboot the system if prompted to complete the removal process.

Is there anything else I need to do to get rid of Coupon Printer?

  • No, Malwarebytes removes Coupon Printer completely.

How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes would have protected you against the Coupon Printer hijacker. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


 

protection1.png

 

Technical details for experts

Possible signs in FRST logs:


 

(Coupons, Inc. -> Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2021-05-19]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-14] (Coupons, Inc. -> Coupons.com Inc.)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Program Files (x86)\Coupons
(Coupons.com Incorporated) C:\Users\{username}\Desktop\couponprintercps.exe

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)

Alterations made by the installer:
 

File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\Coupons
       Adds the file CouponPrinterService.exe"="2/13/2014 11:58 PM, 176624 bytes, A
       Adds the file Coupons.ico"="5/2/2013 11:07 PM, 894 bytes, A
       Adds the file CouponsDotCom.url"="5/2/2013 11:07 PM, 220 bytes, A
       Adds the file license_agreement.html"="1/14/2014 11:46 PM, 10299 bytes, A
       Adds the file uninstall.exe"="5/19/2021 9:59 AM, 587312 bytes, A
    Adds the folder C:\Program Files (x86)\Coupons\Uninstall
       Adds the file IRIMG1.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG1.JPG"="5/19/2021 9:56 AM, 57511 bytes, A
       Adds the file IRIMG10.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG2.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG2.JPG"="5/19/2021 9:56 AM, 55382 bytes, A
       Adds the file IRIMG3.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG3.JPG"="5/19/2021 9:56 AM, 18195 bytes, A
       Adds the file IRIMG4.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG4.JPG"="5/19/2021 9:56 AM, 17831 bytes, A
       Adds the file IRIMG5.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG5.JPG"="5/19/2021 9:56 AM, 26791 bytes, A
       Adds the file IRIMG6.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG7.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG8.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRIMG9.BMP"="5/19/2021 9:56 AM, 540158 bytes, A
       Adds the file IRZip.lmd"="5/19/2021 9:56 AM, 344064 bytes, A
       Adds the file uninstall.dat"="5/19/2021 9:59 AM, 198728 bytes, A
       Adds the file uninstall.xml"="5/19/2021 9:59 AM, 12086 bytes, A
    Adds the folder C:\Program Files (x86)\Google\Chrome\Application\plugins
       Adds the file npMozCouponPrinter.dll"="2/11/2014 11:09 PM, 248304 bytes, A
    Adds the folder C:\Program Files (x86)\Mozilla Firefox\browser\components
       Adds the file npCouponPrinter.xpt"="5/2/2013 11:07 PM, 207 bytes, A
    Adds the folder C:\Program Files (x86)\Mozilla Firefox\browser\plugins
       Adds the file npMozCouponPrinter.dll"="2/11/2014 11:09 PM, 248304 bytes, A
    Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
       Adds the file Coupons.com - Print Coupons.lnk"="5/19/2021 9:59 AM, 1915 bytes, A
       Adds the file Uninstall Coupon Printer for Windows.lnk"="5/19/2021 9:59 AM, 2067 bytes, A
    In the existing folder C:\Windows
       Adds the file CouponPrinter.ocx"="5/2/2013 11:07 PM, 440184 bytes, A
       Adds the file couponprinter_x64.ocx"="5/2/2013 11:07 PM, 651640 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}]
       "(Default)"="REG_SZ", "cpbrkpie Control"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\Control]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ProgID]
       "(Default)"="REG_SZ", "coupons.couponprinter_x64.1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC}\ToolboxBitmap32]
       "(Default)"="REG_SZ", "C:\Windows\COUPON~2.OCX, 1"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}]
       "(Default)"="REG_SZ", "cpbrkpie Property Page"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}\InprocServer32]
       "(Default)"="REG_SZ", "C:\Windows\COUPON~2.OCX"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\coupons.couponprinter_x64.1]
       "(Default)"="REG_SZ", "cpbrkpie Control"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cpbrkpie.Coupon6Ctrl.1]
       "(Default)"="REG_SZ", "cpbrkpie Control"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E780F0B-BCD6-40CB-B2DB-7AF47AB4D4A4}]
       "(Default)"="REG_SZ", "_Dcpbrkpie"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A138BE8B-F051-4802-9A3F-A750A6D862D4}]
       "(Default)"="REG_SZ", "_DcpbrkpieEvents"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3E37FAA-3669-4212-A35D-157BF70ADC04}]
       "(Default)"="REG_SZ", "_DcpbrkpieEvents"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E755701B-A61B-4194-8902-17A61C4C1672}]
       "(Default)"="REG_SZ", "_Dcpbrkpie"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}\1.0]
       "(Default)"="REG_SZ", "cpbrkpie ActiveX Control module"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{87255C51-CD7D-4506-B9AD-97606DAF53F3}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Windows\CouponPrinter.ocx"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\1.0]
       "(Default)"="REG_SZ", "couponprinter ActiveX Control module"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CBED5D4B-6859-452B-80EA-3E66910984D7}\1.0\0\win32]
       "(Default)"="REG_SZ", "C:\Windows\couponprinter_x64.ocx"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
       "(Default)"="REG_SZ", "cpbrkpie Control"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\Control]
       "(Default)"="REG_SZ", ""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}]
       "(Default)"="REG_SZ", "cpbrkpie Property Page"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\iexplore]
       "Blocked"="REG_DWORD", 1
       "Count"="REG_DWORD", 1
       "Flags"="REG_DWORD", 4
       "Type"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.7]
       "Contact"="REG_SZ", "Coupons.com Incorporated Support Department"
       "DisplayIcon"="REG_SZ", ""C:\Program Files (x86)\Coupons\uninstall.exe""
       "DisplayName"="REG_SZ", "Coupon Printer for Windows"
       "DisplayVersion"="REG_SZ", "5.0.0.7"
       "HelpLink"="REG_SZ", "http://www.coupons.com"
       "InstallLocation"="REG_SZ", "C:\Program Files (x86)\Coupons"
       "NoModify"="REG_DWORD", 1
       "NoRepair"="REG_DWORD", 1
       "Publisher"="REG_SZ", "Coupons.com Incorporated"
       "UninstallString"="REG_SZ", ""C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml""
       "URLInfoAbout"="REG_SZ", "http://www.coupons.com"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CouponPrinterService]
       "DisplayName"="REG_SZ", "Coupon Printer Service"
       "ErrorControl"="REG_DWORD", 1
       "FailureActions"="REG_BINARY, ......................
       "ImagePath"="REG_EXPAND_SZ, "C:\Program Files (x86)\Coupons\CouponPrinterService.exe"
       "ObjectName"="REG_SZ", "LocalSystem"
       "Start"="REG_DWORD", 2
       "Type"="REG_DWORD", 16

Malwarebytes log:
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/19/21
Scan Time: 9:47 AM
Log File: 6c080560-b876-11eb-a17c-080027235d76.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1292
Update Package Version: 1.0.40630
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}-PC\{username}

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 234457
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 1 min, 45 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Generic.Malware/Suspicious, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Coupon Printer for Windows5.0.0.7, Quarantined, 0, 392686, , , , , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\COUPONS\UNINSTALL.EXE, Quarantined, 0, 392686, 1.0.40630, , shuriken, , 7AB9CB06F7A7FC667E452E05A0D102EF, 1D5A15A9378924D2063D39073FDE4877D6B0F753F9B76DFF66F4F8129AD86663
Generic.Malware/Suspicious, C:\USERS\{username}\APPDATA\LOCAL\TEMP\_IR_SF_TEMP_0\COUPONPRINTERSERVICEWIN32.EXE, Quarantined, 0, 392686, 1.0.40630, , shuriken, , CD08B9D9091B8BABB1D3317AF771F179, F9197551C45A2D9111531678352A8775A1E116BB4235314EE29193BE7D7AAB0A
PUP.Optional.Coupons, C:\USERS\{username}\DESKTOP\COUPONPRINTERCPS.EXE, Quarantined, 10300, 940143, 1.0.40630, B17ED733C3174C08F00A38F1, dds, 01251624, 35D31463586CC9309DFA4CE858B7843D, BD1F46A575DDA7488148DBBBA3E1DB9987B2FB211F3DD49ECFBE4E28EB35354D

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.