CoolPix virus has caused so many problems...

Posted on 2007-07-31
Last Modified: 2013-12-08
Hi friends !

I have a problem that my PC is virus infected. The virus name is coolpix.

This virus has disabled internet explorer home page alterations and made the website default website for internet explorer. It is not allowing to change the home page.
This virus has disabled the Run also so I can't type regedit or cmd or any other command and I need to searech for that particular file to open. So if I want to go on command prompt then I have to go C:\WINDOWS\system32.
This virus has disabled registry alterations so when I run regdit from C:\WINDOWS\  then it says that ....Registry is disabled by the Administrator.
This virus has also disabled task manager. So when I try to close or terminate an application or end a process by pressing Ctrl + Alt + Del then it gives the same message that...Task manager is disabled by the Administrator.

If anyone of you have faced the same problem then please help me in this regard.


Question by:JatinHemant
    LVL 32

    Assisted Solution

    Try some of these:

    (1) Online scan:

    (2) Superantispyware:

    (3) Post your HijackThis log:
    LVL 47

    Accepted Solution


    yeah, a Hijackthis log is always VERY helpful in our diagnosis.

    But this will take care of all the problems.
    Download ComboFix to your Desktop, from either of these locations:

    Double click "combofix.exe" and follow the prompts.
    When finished, it shall produce a log for you.
    Post that log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    We need to see the Combofix result, because you might need to run another tool afterwards.
    We need to check the combofix log for this entry below:
    "Task Manager"="C:\\WINDOWS\\system\\svchost32.exe"

    If the entry exists, or in some cases if Combofix can't clean it all. Please continue with instructions below.
    1.  Please download Brute Force Uninstaller to your desktop.
    Right click the BFU folder on your desktop, and choose Extract All
    Click "Next"
    In the box to choose where to extract the files to,
    Click "Browse"
    Click on the + sign next to "My Computer"
    Click on "Local Disk (C:) or whatever your primary drive is
    Click "Make New Folder"
    Type in BFU
    Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

    and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Then, please go to Start > My Computer and navigate to the C:\BFU folder.
    Start the "Brute Force Uninstaller" by doubleclicking BFU.exe
    Behind the 'scriptline to execute' field click the folder icon  and select coolpics.bfu
    Press "Execute" and let it do its job. (You ought to see a progress bar if you did this correctly.)
    Wait for the complete script execution box to pop up and press OK.
    Press exit to terminate the BFU program.

    Author Comment

    Thanks for the detailed explanation. It is a very nice explanation. But please look at the problem. When I run combofix from my desktop, my antivirus...Kesparsky Antivirus says that combofix.exe application wants control over the Operating System. It also shows that it is a suspecious application so I am little bit hesitate to give permission to this application for my operating system.

    Please tell me whether I should give permission or not. Will it not have adverse effect on my machine.

    And one more important thing...How can I find Hijackthis log file. Is there any program that I need to run for gettting Hijackthis log. When I click on the link, it says to post the hijackthis log file. But I don't have any hijackthis log. How can I get ?

    Please help me in this regard...

    LVL 32

    Assisted Solution

    "But I don't have any hijackthis log. How can I get ?"

    There is a link at the top-right corner of that page that reads "direct download". You can click there to download the program, then store it in a temp folder on your hard drive. Then run the hijackthis.exe files and follow the instruction to create a log.
    LVL 47

    Assisted Solution

    I can assure you Combofix is not a rogue program or malicious. It does put files in system32 folder like catchme.exe for finding hidden files/rootkits.
    This tool is being used by ALL anti-spyware forums, it's one of the best tool they rely on.
    In the past there has been a case where combofix malfunction due to the present of a particular rootkit, but it has been able to tackle that rootkit since then.
    Still to be use it at own risk.

    For hijackthis. You can also use this renamed hijackthis.exe, it is renamed so vundo and conhook won't be able to hide from the scan.
    Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet.

    Author Comment

    Thanks to all of you...

    I hope this will certainly help me. After performing these steps, I will write to you again.


    LVL 32

    Expert Comment

    Thanks. Feel free to write back. Also, you don't have to accept the answers until you've tried some of the suggestions.
    LVL 47

    Expert Comment

    Thanks, is problem solved?
    Sometimes there are bad files that combofix couldn't delete and it will show up in the report.

    You closed your question, so it will be locked in approximately 7 days and no one can add comments to it.
    If problem is not solved yet, and the question is locked, just let me know and I'll re-open it.


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now