Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

thecoolpics.net Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 Faiza

Faiza

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 27 March 2009 - 01:40 AM

Hello,

I got infected with the thecoolpics.net virus. I can't change my IE homepage nor can i see my run in start menu. My task manager was disabled but now it's started running properly again. My clock would act weirdly. It would change the date to January 2006. And my time would stick to AM and never change to PM. But now, I dunno how, it's resolved too. And my date and time are running okay.

I didn't even know that this coolpics stuff was a virus until I googled it. Below is a hijackthis and kaspersky log of my comp. And I must say it looks scary to me!

HijackThis Report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:20, on 27/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\regsvr.exe
C:\WINDOWS\system32\28463\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\regsvr.exe
C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\regsvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecoolpics.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NIS] "E:\ANOOP\Norton Internet Security 2009\NIS09EN.exe" /RELAUNCH /RUNONCE
O4 - HKLM\..\Run: [svchost Agent] C:\WINDOWS\system32\28463\svchost.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Msn Messsenger] C:\WINDOWS\system32\regsvr.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE7-11] rundll32 advpack.dll,LaunchINFSection NR_IE7en.inf,AfterUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: 24Online Client.lnk = C:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: MSconfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

--
End of file - 8372 bytes



Kaspersky Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, March 26, 2009 16:52:31
Records in database: 1973208
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\

Scan statistics:
Files scanned: 37163
Threat name: 37
Infected objects: 128
Suspicious objects: 0
Duration of the scan: 01:27:00


File name / Threat name / Threats count
C:\WINDOWS\system32\kav320.dll/C:\WINDOWS\system32\kav320.dll Infected: Packed.Win32.Krap.g 17
C:\WINDOWS\system32\regsvr.exe//script.au3/C:\WINDOWS\system32\regsvr.exe//script.au3 Infected: Worm.Win32.AutoIt.x 3
C:\WINDOWS\system32\regsvr.exe//C:\svchost.exe/C:\WINDOWS\system32\regsvr.exe//C:\svchost.exe Infected: not-a-virus:Monitor.Win32.Ardamax.ae 3
C:\WINDOWS\system32\28463\svchost.exe/C:\WINDOWS\system32\28463\svchost.exe Infected: not-a-virus:Monitor.Win32.Ardamax.ae 1
C:\1utbfd.bat Infected: Trojan-GameThief.Win32.Magania.auub 1
C:\2.bat Infected: Packed.Win32.Krap.g 1
C:\2aaxaiy.exe Infected: Trojan-GameThief.Win32.Magania.auwn 1
C:\2fiy.bat Infected: Trojan-Dropper.Win32.Agent.ahvt 1
C:\a2h2.com Infected: Trojan-GameThief.Win32.Magania.aukf 1
C:\cb.exe Infected: Trojan-GameThief.Win32.Magania.awqv 1
C:\cv22.cmd Infected: Trojan.Win32.Agent.bres 1
C:\d1vmq.exe Infected: Trojan-GameThief.Win32.Magania.awru 1
C:\Documents and Settings\Administrator\DELME.exe Infected: Trojan.Win32.Agent.bvrz 1
C:\Documents and Settings\Administrator\dfghj.exe Infected: Trojan.Win32.Agent.bvrz 1
C:\Documents and Settings\Administrator\dfghjs.exe Infected: Trojan.Win32.Agent.bvrz 1
C:\Documents and Settings\Administrator\klko.exe Infected: Trojan.Win32.Buzus.aosr 1
C:\Documents and Settings\Administrator\Local Settings\Temp\ker4.tmp Infected: Trojan-GameThief.Win32.Magania.awvl 1
C:\Documents and Settings\Administrator\Local Settings\Temp\ker7.tmp Infected: Trojan-GameThief.Win32.Magania.awvl 1
C:\Documents and Settings\Administrator\Local Settings\Temp\kerEE.tmp Infected: Trojan-GameThief.Win32.Magania.awvl 1
C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$ML10.110\podcast.rar Infected: Worm.Win32.VB.ck 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3WHRH60B\3buekn4inhyexyojj606[1].jpg Infected: Trojan.Win32.Buzus.aosr 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3WHRH60B\help[1].exe Infected: Trojan-GameThief.Win32.Magania.awvl 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3WHRH60B\help[1].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3WHRH60B\help[3].exe Infected: Trojan-GameThief.Win32.Magania.awvl 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DOOI32UW\BGOOD[1].jpg Infected: Trojan.Win32.Agent2.fku 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DOOI32UW\BlaCk[1].exe Infected: Trojan.Win32.Buzus.aosr 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\DOOI32UW\help[1].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN71BURK\BlacK[1].jpg Infected: Trojan.Win32.Buzus.aosr 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN71BURK\BRED[1].jpg Infected: Trojan.Win32.Agent.bvrz 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN71BURK\help[1].exe Infected: Trojan-GameThief.Win32.Magania.awvl 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN71BURK\help[1].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN71BURK\help[2].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN71BURK\help[3].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\FN71BURK\red[1].jpg Infected: Backdoor.Win32.Small.hpz 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NU4U0DV0\gn5la4jk18d36x8a13d[1].jpg Infected: Backdoor.Win32.Small.hpz 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NU4U0DV0\help[1].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NU4U0DV0\help[5].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NU4U0DV0\help[6].rar Infected: Trojan.Win32.RaMag.a 1
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NU4U0DV0\tfvdp7ydc1rugn1t4pvz[1].jpg Infected: Backdoor.Win32.Small.hpz 1
C:\Documents and Settings\Administrator\My Documents\My Pictures\101MSDCF .exe Infected: Worm.Win32.AutoIt.x 1
C:\Documents and Settings\Administrator\My Documents\My Pictures\101MSDCF .exe Infected: not-a-virus:Monitor.Win32.Ardamax.ae 1
C:\Documents and Settings\Administrator\sfdsdf.exe Infected: Trojan.Win32.Agent2.fku 1
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSconfig.exe Infected: Worm.Win32.VB.ck 1
C:\e8kj.exe Infected: Trojan-GameThief.Win32.Magania.apmm 1
C:\gi2ky.exe Infected: Trojan-GameThief.Win32.Magania.avys 1
C:\hyetn1i.exe Infected: Worm.Win32.AutoRun.fag 1
C:\i.com Infected: Trojan-GameThief.Win32.Magania.awha 1
C:\i6g6x.cmd Infected: Trojan-GameThief.Win32.Magania.avwe 1
C:\jeorels.cmd Infected: Worm.Win32.AutoRun.aayn 1
C:\jm3cx96.bat Infected: Trojan-GameThief.Win32.Magania.axgd 1
C:\m0vnonh.bat Infected: Trojan-GameThief.Win32.Magania.auui 1
C:\New Folder.exe Infected: Worm.Win32.VB.ck 1
C:\opgde.exe Infected: Trojan-Dropper.Win32.Agent.agza 1
C:\pook.com Infected: Trojan-GameThief.Win32.Magania.aunz 1
C:\qphdin.com Infected: Trojan-GameThief.Win32.Magania.avfh 1
C:\qxty9be.cmd Infected: Worm.Win32.AutoRun.fcb 1
C:\RECYCLE\D-0-060-0000000000-1111111-2222222\fix.exe Infected: Trojan.Win32.Inject.nwq 1
C:\RECYCLER\H-6-1-53-0976546321-090909032-8763-1337\BLaCK.exe Infected: Trojan.Win32.Buzus.aosr 1
C:\RECYCLER\S-1-5-21-746137067-796845957-1801674531-500\Dc1.exe Infected: Worm.Win32.AutoIt.x 1
C:\RECYCLER\S-1-5-21-746137067-796845957-1801674531-500\Dc1.exe Infected: not-a-virus:Monitor.Win32.Ardamax.ae 1
C:\RESTORE\H-6-1-53-0976546321-090909032-8763-1337\GooD.exe Infected: Trojan.Win32.Agent2.fku 1
C:\u.com Infected: Trojan-GameThief.Win32.Magania.awjg 1
C:\ur0.com Infected: Trojan-GameThief.Win32.Magania.avbc 1
C:\uvsqfgwd.cmd Infected: Trojan-GameThief.Win32.Magania.audk 1
C:\w2.com Infected: Packed.Win32.Krap.g 1
C:\w98.com Infected: Trojan-GameThief.Win32.Magania.atzj 1
C:\WINDOWS\LSASS.VXE Infected: Worm.Win32.VB.ck 1
C:\WINDOWS\regsvr.exe Infected: Worm.Win32.AutoIt.x 1
C:\WINDOWS\regsvr.exe Infected: not-a-virus:Monitor.Win32.Ardamax.ae 1
C:\WINDOWS\system\LSASS.VXE Infected: Worm.Win32.VB.ck 1
C:\WINDOWS\system32\28463\svchost.exe Infected: not-a-virus:Monitor.Win32.Ardamax.ae 1
C:\WINDOWS\system32\amvo.exe Infected: Trojan-GameThief.Win32.Magania.apmm 1
C:\WINDOWS\system32\kav320.dll Infected: Packed.Win32.Krap.g 1
C:\WINDOWS\system32\olhrwef.exe Infected: Trojan-GameThief.Win32.Magania.axjr 1
C:\WINDOWS\system32\optyhww0.dll Infected: Trojan-GameThief.Win32.Magania.awrv 1
C:\WINDOWS\system32\regsvr.exe Infected: Worm.Win32.AutoIt.x 1
C:\WINDOWS\system32\regsvr.exe Infected: not-a-virus:Monitor.Win32.Ardamax.ae 1
C:\WINDOWS\system32\svchost .exe Infected: Worm.Win32.AutoIt.x 1
C:\WINDOWS\system32\svchost .exe Infected: not-a-virus:Monitor.Win32.Ardamax.ae 1
C:\WINDOWS\system32\urretnd.exe Infected: Trojan-GameThief.Win32.Magania.awru 1
C:\xsia.bat Infected: Trojan.Win32.Agent.bwkj 1
D:\1utbfd.bat Infected: Trojan-GameThief.Win32.Magania.auub 1
D:\2.bat Infected: Packed.Win32.Krap.g 1
D:\2aaxaiy.exe Infected: Trojan-GameThief.Win32.Magania.auwn 1
D:\2fiy.bat Infected: Trojan-Dropper.Win32.Agent.ahvt 1
D:\a2h2.com Infected: Trojan-GameThief.Win32.Magania.aukf 1
D:\cb.exe Infected: Trojan-GameThief.Win32.Magania.awqv 1
D:\cv22.cmd Infected: Trojan.Win32.Agent.bres 1
D:\d1vmq.exe Infected: Trojan-GameThief.Win32.Magania.awru 1
D:\e8kj.exe Infected: Trojan-GameThief.Win32.Magania.apmm 1
D:\gi2ky.exe Infected: Trojan-GameThief.Win32.Magania.avys 1
D:\hyetn1i.exe Infected: Worm.Win32.AutoRun.fag 1
D:\i.com Infected: Trojan-GameThief.Win32.Magania.awha 1
D:\i6g6x.cmd Infected: Trojan-GameThief.Win32.Magania.avwe 1
D:\jeorels.cmd Infected: Worm.Win32.AutoRun.aayn 1
D:\jm3cx96.bat Infected: Trojan-GameThief.Win32.Magania.axgd 1
D:\m0vnonh.bat Infected: Trojan-GameThief.Win32.Magania.auui 1
D:\New Folder.exe Infected: Worm.Win32.VB.ck 1
D:\opgde.exe Infected: Trojan-Dropper.Win32.Agent.agza 1
D:\pook.com Infected: Trojan-GameThief.Win32.Magania.aunz 1
D:\qphdin.com Infected: Trojan-GameThief.Win32.Magania.avfh 1
D:\qxty9be.cmd Infected: Worm.Win32.AutoRun.fcb 1
D:\u.com Infected: Trojan-GameThief.Win32.Magania.awjg 1
D:\ur0.com Infected: Trojan-GameThief.Win32.Magania.avbc 1
D:\uvsqfgwd.cmd Infected: Trojan-GameThief.Win32.Magania.audk 1
D:\w2.com Infected: Packed.Win32.Krap.g 1
D:\w98.com Infected: Trojan-GameThief.Win32.Magania.atzj 1
D:\xsia.bat Infected: Trojan.Win32.Agent.bwkj 1

The selected area was scanned.

Edited by Faiza, 27 March 2009 - 01:40 AM.


BC AdBot (Login to Remove)

 


#2 Faiza

Faiza
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 29 March 2009 - 11:12 AM

And now my date's back to January 2006 and my time's AM again. :thumbup2: :)

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:46 PM

Posted 05 April 2009 - 04:05 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 Faiza

Faiza
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 08 April 2009 - 10:24 AM

Thanks K. I understand there are lots of people with problems and relatively few helpers.

But my comp's going bonkers. I think there are more problems than just that coolpics.net virus and I just can't point my finger at what all is wrong. So I've decided to format it but I dunno if it's good move but I'm really tired of things popping up while I'm working or studying.

Thanks once again. And these forums are amazing. I'm learning loads.
Best,
Faiza

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:01:46 PM

Posted 08 April 2009 - 10:52 AM

Thanks for telling us what you are going to do.

Good luck.

I'm closing this thread.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users