Adware:Win32/Coupons keeps appearing again

after each scan, I get a notice that 'adware: win32/coupons' is a threat. either the scan doesn't remove it after trying to do so after i hit 'start actions in windows security, or this adware just keeps popping up over and over again...how do I get rid of it? Malwarebytes doesn't stop the adware either

[Original Title: Adware]

HI 1G. I'm Greg, an installation specialist, 10 years awarded Windows MVP, and Volunteer Moderator, here to help you.

Try Malwarebytes new sister AdwCleaner in this sequence to remove it all:

Download, install and run a full scan with the most powerful on-demand free scanner Malwarebytes:
https://www.malwarebytes.com/mwb-download/.

In the Malwarebytes Settings > Security tab set it to include scanning for Rootkits.

If necessary run it in Safe Mode with Networking, or Safe Mode accessed by one of these methods: https://www.digitalcitizen.life/4-ways-boot-saf...

Clean up anything found, restart PC and then run again until it comes up clean.

Then download, install and run a full scan with AdwCleaner:
http://www.bleepingcomputer.com/download/adwcle... Remove whatever it finds.

Check for any remainders in Settings > Apps > Apps & Features, and also in each of your browser's Extensions, Home Page settings, Search service or Add-On's as shown here: https://www.computerhope.com/issues/ch001411.htm

Then check for damaged System files by running System File Checker from Step 10 in this checklist:
http://answers.microsoft.com/en-us/windows/wiki....

If completing all of Step 10 in above Checklist doesn't fix it then run a Repair Install which reinstalls WIndows while keeping your files, programs and most settings in place, by installing the Media Creation Tool from this link http://windows.microsoft.com/en-us/windows-10/m..., open the tool and choose Upgrade This PC Now. This will solve most problems and also bring it up to the latest version which you need anyway and by the most stable method.

If you want to keep Malwarebytes as an on-demand scanner then you can turn off its Real Time trial version in it's Settings > Account Details tab.

I hope this helps. Based on the results you report back I may have other suggestions if necessary. If you will wait to choose whether the problem is resolved, then I will continue to help until the problem is fixed.

___________________________________________________
Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.
_________________

Windows MVP 2010-21

Over 100,000 helped in forums in 10 years
I do not quit for those who are polite and cooperative.
I will walk you through any steps and will not let you fail.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi #1Golfer,

Locate the file that is described in the Protection History "Container" file, and delete it.

Then employ the contents of this link, to remove the "Notification" for this malware, from

Protection History.

https://answers.microsoft.com/en-us/protect/forum/all/windows-defender-identifies-the-same-pup-as-a/63f17794-3815-4784-b9cd-c6059c8e0828

Defender is re-detecting the "notification" of this Trojan, in Protection History.

Good luck,  Glen

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Glen...I should have mentioned that I have a flip phone...and I am technologically impaired.  I found the 'protection history'...but when I click on it, it's just a blank..not showing any recent actions even though I think I have been 'removing' the adware every day for the last few weeks.

AOL dial-up was way beyond my abilities!

Chris

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi #1Golfer,

Your threat is very like a "false positive" produced by the contents of "Detection History"

within Defenders Protection History.

Without technological expertise, you may be able to resolve your problem, in the following

manner.

To establish that your threat is in fact "false", download and run a full scan using the

Microsoft Safety Scanner. It uses the same intelligence definitions as Defender, and

should detect the same threats that Defender does, if they actually exist. I suspect that it

will not detect "Win:32/Coupons". If it doesn't, your threat is a false positive.

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

In that case, you can use Windows PowerShell (admin) to purge the item from

Protection History, even if you do not see it.

Right click on the Windows Icon in the Task Bar. Choose "Windows PowerShell (Admin)

from the list presented, and accept the UAC. The PowerShell screen will display.

Then, at the cursor, type or copy the following cmdlet.

Set-MpPreference -ScanPurgeItemsAfterDelay 01  and hit  <enter>

type Exit  and hit <enter>  to leave PowerShell.

After 1 full day, the Protection History should be purged. And you should not see the

threat anymore.

You should make it a point, to then perform the PowerShell procedure again.

Use the same cmdlet as before but replace the 01 with 19.

This resets the purge cycle to 25 days. Ample time for restoring anything that you might

need to keep in the future.

Good luck,  Glen

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Greg, I'm curious if you recommend AdwCleaner to be installed and run in the background or only if I'm having and issue as indicated above? Also, it sounded like you would only use Malwarebytes if needed. And not installed if not needed. Does that sound correct? Thanks!

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I believe this is in fact a false positive, especially if the only detected file is C:\Windows\Temp\cpnprt2x64.cid. I examined the binary of this file, and it is a coupon printing program installed by Coupons.com, a long-time coupon distribution site, to securely print paper coupons for use at grocery stores, discount stores, and the like. Once you visit Coupons.com or another authorized site (such as a grocer's website) and ask to print coupons, it installs this software to assure that the coupons are printed directly to a physical printer and not to a PDF or other virtual printer. (It once used a Java-based app to do this, but the general decline of Java forced it to use a different solution.) Since it is only used to print user-requested paper coupons and NOT to display unwanted ads, I believe it should NOT be detected as "adware".

In addition to Adware:Win32/Coupons, Windows Defender quick scans on my PC have also detected it as a false positive of App:CouponarificAds and PUA:Win32/Presenoker. If removed by Windows Defender or otherwise, other components of Coupons.com software automatically redownload it, thus leading to multiple hits under one or more of these detections. As a result, I have had to add all three detections as "allowed threats".

2 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated February 26, 2021 Views 504 Applies to: