Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Clicked on unsubscribe in suspicious e-mail while using my i-phone.

  • Please log in to reply
2 replies to this topic

#1 Nickola


  • Members
  • 4 posts
  • Local time:11:12 AM

Posted 14 December 2017 - 04:39 PM

Soon as I did, went oh-oh, that was dumb. Images in email were blocked, I had unblocked them, avoided hitting a button to "crack the egg", but hit the unsubscribe button since this was third email from same place.  Nothing appeared to happen when I did.  Googled the address email was from - no hits.  When i got home, went on computer, opened suspicious email (slow learner), looked at address for reply email to unsubscribe, and checked domains,  Host server in the states, but looks like goes back to Panama City Panama.   Address in email for account (circleplublications) turns out to be a UPS store. Yep, figure I'm screwed.


Windows 10, computer is 2-3 weeks old

Outlook email on computer, I was using Yahoo to access my mail

Microsoft Edge browser

Mozilla FireFox


What I've done:


Ran rkill, them MBAM.  MBAM completed scan in three minutes, nothing found.  Ran full scan with McAfee LiveSafe, (30 min), nothing found.

Repeated rkill and MBAM in safe mode, same short time and nothing found.


As soon as I completed the second round of scans, (I may have opened email program, do not remember exactly) the Important Security Alert from Windows locked the screen.  Downloaded Firefox, went on this site, stopped process, ran removal protocol.


rkill: no malicious processes to stop


Zemana AntiMalware (Installed)

Scan Result            : Completed
Scan Date              : 2017/12/13
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i5-7400T CPU @ 2.40GHz
BIOS Mode              : UEFI
CUID                   : 1234C277D5B52B806A47E5
Scan Type              : System Scan
Duration               : 7m 25s
Scanned Objects        : 88411
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects

Status             : Scanned
Object             : %userprofile%\downloads\couponprinter.exe
MD5                : 9A2C78C971B3647DFCB6D8BF25770AF8
Publisher          : Coupons, Inc.
Size               : 1859296
Version            :
Detection          : Adware:Win32/Coupons!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\couponprinter.exe

Cleaning Result
Cleaned               : 1
Reported as safe      : 0
Failed                : 0



# AdwCleaner - Logfile created on Wed Dec 13 23:21:33 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-13-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Users\bnich\Downloads\driver whiz

***** [ Files ] *****

PUP.Optional.SpyHunter, C:\Users\bnich\Downloads\SpyHunter-Installer.exe

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.


Apparently I am out of room for this post.

HitmanPro showed nothing malicious.


I just do not know if my computer is safe to use for banking, etc. Concerned that MBAM had such a short scan, I did not see an option for a full scan, only the threat scan. 


Sure appreciate it if someone can help me insure this computer is clean and safe to use. 




BC AdBot (Login to Remove)


#2 Nickola

  • Topic Starter

  • Members
  • 4 posts
  • Local time:11:12 AM

Posted 14 December 2017 - 06:27 PM

Clarification:  running McAfee LiveSafe (came installed on computer).  I am not concerned about the coincidental "Important Security Alert", just wanted to give the whole picture and what I had done so far.  Concern is the link in the suspicious email.

#3 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:12:12 PM

Posted 04 January 2018 - 09:32 PM

  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users