1. /
  2. Security Response/
  3. Adware.CoolSavings

Adware.CoolSavings

Updated:
February 13, 2007 11:47:03 AM
Type:
Adware
Publisher:
www.coolsavings.com
Risk Impact:
Medium
File Names:
cpnmgr.dll
Systems Affected:
Windows 2000, Windows 64-bit (AMD64), Windows 64-bit (IA64), Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When the Adware.SoolSavings dll is registered, it performs the following actions:
  1. Creates the following registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\Control
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\Insertable
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\MiscStatus
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\MiscStatus\1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ProgID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\Programmable
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ToolboxBitmap32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\Version
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\VersionIndependentProgID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}\ProxyStubClsid
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}\ProxyStubClsid32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}\ProxyStubClsid
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}\ProxyStubClsid32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0\0
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0\0\win32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0\FLAGS
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0\HELPDIR
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5\CLSID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5\CurVer
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5.3
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5.3\CLSID

  2. Adds the value:

    "(Default)" = "131473"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\MiscStatus\1

  3. Adds the value:

    "(Default)" = "CpnMgr.CMV5"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\VersionIndependentProgID

  4. Adds the value:

    "(Default)" = "CpnMgr.CMV5.3"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ProgID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5\CurVer

  5. Adds the value:

    "(Default)" = "1.0"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\Version
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}\TypeLib\Version
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}\TypeLib\Version

  6. Adds the value:

    "(Default)" = "{549F9571-2F89-11D6-8CFE-00C04F52B225}"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5\CLSID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5.3\CLSID


  7. Adds the value:

    "(Default)" = "[PATH TO ADWARE]\CPNMGR.DLL, 101"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\ToolboxBitmap32

  8. Adds the value:

    "(Default)" = "[PATH TO ADWARE]\CPNMGR.DLL"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0\0\win32

  9. Adds the value:

    "(Default)" = "[PATH TO ADWARE]\"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0\HELPDIR

  10. Adds the value:

    "(Default)" = "0"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\MiscStatus
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0\FLAGS

  11. Adds the value:

    "ThreadingModel" = "Apartment"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}\InprocServer32

  12. Adds the value:

    "(Default)" = "{00020424-0000-0000-C000-000000000046}"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}\ProxyStubClsid32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}\ProxyStubClsid
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}\ProxyStubClsid32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}\ProxyStubClsid

  13. Adds the value:

    "(Default)" = "ICMV5"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}

  14. Adds the value:

    "(Default)" = "_ICMV5Events"


    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}

  15. Adds the value:

    "(Default)" = "CpnMgr 1.0 Type Library"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{549F9571-2F89-11D6-8CFE-00C04F52B225}\1.0

  16. Adds the value:

    "(Default)" = "CMV5 Class"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CpnMgr.CMV5.3
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{549F957E-2F89-11D6-8CFE-00C04F52B225}

  17. Displays pop-up ads.

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report