lovelysumi topic

Discussion in 'malware problems & news' started by lovelysumi, Nov 13, 2006.

Thread Status:
Not open for further replies.
  1. lovelysumi

    lovelysumi Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    6
    Location:
    Malaysia
    Re: coolpics.com trashed my system

    Dear Peiter... :mad:

    i am having the same problem as what the crazy facing .. i mean ..after i update my yahoo messenger... one of my friend send me coolpics.com link to me ..and i've faced alot of problem ... shall i do the same instructions as what you post earlier?

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Please post the combofix log.
     
  2. lovelysumi

    lovelysumi Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    6
    Location:
    Malaysia
    Re: coolpics.com trashed my system

    Pieter,

    im using the Windows ME, and i guess the combofix cannot run on this PC?

    thre is a error message prompt up ... saying " ERROR !!! cmd.exe is not present !!"

    can u help to fix my problem? HELP MEEEEEEEE!
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi lovelysumi,

    Download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk (C: ) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Then, please go to Start > My Computer and navigate to the C:\BFU folder.
    • Start the Brute Force Uninstaller by doubleclicking BFU.exe
    • Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select coolpics.bfu
    • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
    • Wait for the complete script execution box to pop up and press OK.
    • Press exit to terminate the BFU program.
    Reboot your computer and check if it worked.

    Then do a find files for svhost32.exe
    Let me know the exact loaction where you find it, then delete it.

    Regards,

    Pieter
     
  4. lovelysumi

    lovelysumi Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    6
    Location:
    Malaysia
    Dear Pieter.... let me give you a kiss first.... mwaaaaaaaaaaaahhhhh :-*

    Thank you very much for helping me....

    It's work... thanks once again ...and yeah... i couldnt find svhost32.exe files today... but yesterday when i scan it ... i found in C: windows and under system i guess...

    anyway, im scanning the viruses again ... just to check everything is okay...

    this is the best site i ever visit... you are such a helpful person ... thanks ya ...

    you are the BEST :thumb:

    thanks! million of thanks to you all the way from MALAYSIA...

    regards,
    Sumitha @ Sumi
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi lovelysumi,

    Can you please post your problems here if you have any left to be dealt with.

    Regards,

    Pieter
     
  7. lovelysumi

    lovelysumi Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    6
    Location:
    Malaysia
    pieter, i still have the virus on my pc...

    i've scan more than 5 times... it's still there.. the same C:\RESTORE\TEMP\A0517086.CYP, C:\RESTORE\TEMP\A0517241.CYP and C:\RESTORE\TEMP\A0160662.CYP...

    and today there is another additional virus C:\RESTORE\TEMP\A0160794.CYP...

    how to remove them... please help me out.. :'(
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    They are definitely in your Restore points:
    C:\RESTORE\TEMP\

    Can you try this for me. On the Windows desktop, right-click My Computer, and then click Properties.
    On the Performance tab, click File System.
    On the Troubleshooting tab, check Disable System Restore, click OK, and then click Close.
    Click Yes to restart the computer.

    After the reboot run the scan. If there is anything left let me know.
    If everything is clean right-click My Computer, and then click Properties.
    On the Performance tab, click File System.
    On the Troubleshooting tab, uncheck Disable System Restore, click OK, and then click Close.
    Click Yes to restart.

    That wil turn System Restore back on.

    Regards,

    Pieter
     
  9. Eveilane

    Eveilane Registered Member

    Joined:
    Nov 15, 2006
    Posts:
    1
    Re: COOL PICS WORMS!!

    HI Pieter,

    I really-really need your help. My PC is also affected by the cool pics worm - click it when a friend give it to me. I have scan with virus but still it still there. now, http://coolpic.net been my IE default and I can't change that!!!! Please help!!!
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
  11. lovelysumi

    lovelysumi Registered Member

    Joined:
    Nov 13, 2006
    Posts:
    6
    Location:
    Malaysia
    Dear Pieter,

    everything is prefect .....:thumb:

    thanks once again! :-*

    take care... will drop in back later... have a nice day
     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Good to hear. :cool:
     
Thread Status:
Not open for further replies.