Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


CoolPix virus has caused so many problems...

Posted on 2007-07-31
Medium Priority
Last Modified: 2013-12-08
Hi friends !

I have a problem that my PC is virus infected. The virus name is coolpix.

This virus has disabled internet explorer home page alterations and made the www.coolpics.net website default website for internet explorer. It is not allowing to change the home page.
This virus has disabled the Run also so I can't type regedit or cmd or any other command and I need to searech for that particular file to open. So if I want to go on command prompt then I have to go C:\WINDOWS\system32.
This virus has disabled registry alterations so when I run regdit from C:\WINDOWS\  then it says that ....Registry is disabled by the Administrator.
This virus has also disabled task manager. So when I try to close or terminate an application or end a process by pressing Ctrl + Alt + Del then it gives the same message that...Task manager is disabled by the Administrator.

If anyone of you have faced the same problem then please help me in this regard.


Question by:JatinHemant
  • 3
  • 3
  • 2
LVL 32

Assisted Solution

r-k earned 720 total points
ID: 19601528
Try some of these:

(1) Online scan: http://onecare.live.com/site/en-us/default.htm

(2) Superantispyware: http://www.superantispyware.com/

(3) Post your HijackThis log: http://www.hijackthis.de/
LVL 47

Accepted Solution

rpggamergirl earned 1280 total points
ID: 19604761

yeah, a Hijackthis log is always VERY helpful in our diagnosis.

But this will take care of all the problems.
Download ComboFix to your Desktop, from either of these locations:

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

We need to see the Combofix result, because you might need to run another tool afterwards.
We need to check the combofix log for this entry below:
"Task Manager"="C:\\WINDOWS\\system\\svchost32.exe"

If the entry exists, or in some cases if Combofix can't clean it all. Please continue with instructions below.
1.  Please download Brute Force Uninstaller to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

2.  http://metallica.geekstogo.com/coolpics.bfu
and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the "Brute Force Uninstaller" by doubleclicking BFU.exe
Behind the 'scriptline to execute' field click the folder icon  and select coolpics.bfu
Press "Execute" and let it do its job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Author Comment

ID: 19608235
Thanks for the detailed explanation. It is a very nice explanation. But please look at the problem. When I run combofix from my desktop, my antivirus...Kesparsky Antivirus says that combofix.exe application wants control over the Operating System. It also shows that it is a suspecious application so I am little bit hesitate to give permission to this application for my operating system.

Please tell me whether I should give permission or not. Will it not have adverse effect on my machine.

And one more important thing...How can I find Hijackthis log file. Is there any program that I need to run for gettting Hijackthis log. When I click on the link www.hijackthis.de, it says to post the hijackthis log file. But I don't have any hijackthis log. How can I get ?

Please help me in this regard...

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

LVL 32

Assisted Solution

r-k earned 720 total points
ID: 19609443
"But I don't have any hijackthis log. How can I get ?"

There is a link at the top-right corner of that http://www.hijackthis.de/ page that reads "direct download". You can click there to download the program, then store it in a temp folder on your hard drive. Then run the hijackthis.exe files and follow the instruction to create a log.
LVL 47

Assisted Solution

rpggamergirl earned 1280 total points
ID: 19613683
I can assure you Combofix is not a rogue program or malicious. It does put files in system32 folder like catchme.exe for finding hidden files/rootkits.
This tool is being used by ALL anti-spyware forums, it's one of the best tool they rely on.
In the past there has been a case where combofix malfunction due to the present of a particular rootkit, but it has been able to tackle that rootkit since then.
Still to be use it at own risk.

For hijackthis. You can also use this renamed hijackthis.exe, it is renamed so vundo and conhook won't be able to hide from the scan.
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.

Author Comment

ID: 19625879
Thanks to all of you...

I hope this will certainly help me. After performing these steps, I will write to you again.


LVL 32

Expert Comment

ID: 19629165
Thanks. Feel free to write back. Also, you don't have to accept the answers until you've tried some of the suggestions.
LVL 47

Expert Comment

ID: 19629318
Thanks, is problem solved?
Sometimes there are bad files that combofix couldn't delete and it will show up in the report.

You closed your question, so it will be locked in approximately 7 days and no one can add comments to it.
If problem is not solved yet, and the question is locked, just let me know and I'll re-open it.


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question