CoolPix virus has caused so many problems...

Hi friends !

I have a problem that my PC is virus infected. The virus name is coolpix.

This virus has disabled internet explorer home page alterations and made the www.coolpics.net website default website for internet explorer. It is not allowing to change the home page.
This virus has disabled the Run also so I can't type regedit or cmd or any other command and I need to searech for that particular file to open. So if I want to go on command prompt then I have to go C:\WINDOWS\system32.
This virus has disabled registry alterations so when I run regdit from C:\WINDOWS\  then it says that ....Registry is disabled by the Administrator.
This virus has also disabled task manager. So when I try to close or terminate an application or end a process by pressing Ctrl + Alt + Del then it gives the same message that...Task manager is disabled by the Administrator.

If anyone of you have faced the same problem then please help me in this regard.

Thanks...

Hemant
T
JatinHemantAsked:
Who is Participating?
 
rpggamergirlCommented:
Hi,

yeah, a Hijackthis log is always VERY helpful in our diagnosis.

But this will take care of all the problems.
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

We need to see the Combofix result, because you might need to run another tool afterwards.
We need to check the combofix log for this entry below:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Task Manager"="C:\\WINDOWS\\system\\svchost32.exe"


If the entry exists, or in some cases if Combofix can't clean it all. Please continue with instructions below.
1.  Please download Brute Force Uninstaller to your desktop.
http://www.merijn.org/files/bfu.zip
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

2.  http://metallica.geekstogo.com/coolpics.bfu
and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the "Brute Force Uninstaller" by doubleclicking BFU.exe
Behind the 'scriptline to execute' field click the folder icon  and select coolpics.bfu
Press "Execute" and let it do its job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
0
 
r-kCommented:
Try some of these:

(1) Online scan: http://onecare.live.com/site/en-us/default.htm

(2) Superantispyware: http://www.superantispyware.com/

(3) Post your HijackThis log: http://www.hijackthis.de/
0
 
JatinHemantAuthor Commented:
Thanks for the detailed explanation. It is a very nice explanation. But please look at the problem. When I run combofix from my desktop, my antivirus...Kesparsky Antivirus says that combofix.exe application wants control over the Operating System. It also shows that it is a suspecious application so I am little bit hesitate to give permission to this application for my operating system.

Please tell me whether I should give permission or not. Will it not have adverse effect on my machine.

And one more important thing...How can I find Hijackthis log file. Is there any program that I need to run for gettting Hijackthis log. When I click on the link www.hijackthis.de, it says to post the hijackthis log file. But I don't have any hijackthis log. How can I get ?

Please help me in this regard...

Hemant
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
r-kCommented:
"But I don't have any hijackthis log. How can I get ?"

There is a link at the top-right corner of that http://www.hijackthis.de/ page that reads "direct download". You can click there to download the program, then store it in a temp folder on your hard drive. Then run the hijackthis.exe files and follow the instruction to create a log.
0
 
rpggamergirlCommented:
I can assure you Combofix is not a rogue program or malicious. It does put files in system32 folder like catchme.exe for finding hidden files/rootkits.
This tool is being used by ALL anti-spyware forums, it's one of the best tool they rely on.
In the past there has been a case where combofix malfunction due to the present of a particular rootkit, but it has been able to tackle that rootkit since then.
Still to be use it at own risk.

For hijackthis. You can also use this renamed hijackthis.exe, it is renamed so vundo and conhook won't be able to hide from the scan.
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.
0
 
JatinHemantAuthor Commented:
Thanks to all of you...

I hope this will certainly help me. After performing these steps, I will write to you again.

Thanks...

Hemant
0
 
r-kCommented:
Thanks. Feel free to write back. Also, you don't have to accept the answers until you've tried some of the suggestions.
0
 
rpggamergirlCommented:
Thanks, is problem solved?
Sometimes there are bad files that combofix couldn't delete and it will show up in the report.

You closed your question, so it will be locked in approximately 7 days and no one can add comments to it.
If problem is not solved yet, and the question is locked, just let me know and I'll re-open it.

~rpg
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.