Avast WEBforum

Other => Viruses and worms => Topic started by: muhammad shoaib on August 17, 2007, 02:15:53 PM

Title: my computer is infected by going to the following site http://thecoolpics.com/
Post by: muhammad shoaib on August 17, 2007, 02:15:53 PM

http://thecoolpics.com/ Infected my computer and avast was unable to find it and my taskmanager is not opening

Title: Re: my computer is infected by going to the following site http://thecoolpics.co
Post by: DavidR on August 17, 2007, 02:55:17 PM

What is your OS ?

Please don't post active links to suspect sites. You should modify your post and edit the link so that it isn't active, this avoids accidental exposure, e.g. http :// thecoolpics.com/
Though a scan of that page by DrWeb link che3cker doesn't find anything at that page, it is just good practice not to post live links to suspect sites.

The page however redirects to a different page where infection is found, http :// horse.he.net/~dynasty/albums/style/index.php and DrWeb link checker also finds infection at the redirected page.

This was detected by the avast web shield and the only option given was Abort Connection (see image), so the infection shouldn't have been downloaded to your system, so avast won't find anything.

The Task Manager not opening I don't think is related to this alert but may be an indication of another undetected infection on your system.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1.  If using winXP AVG anti-spyware (formerly Ewido) (http://www.ewido.net/en/download/) Resident scanner during trial On-Demand after trial ends. Or SUPERantispyware (http://www.superantispyware.com) On-Demand only in free version. Or Spyware Terminator (http://www.spywareterminator.com/) Resident scanner. Or a-Squared free (http://www.emsisoft.com/en/software/free/) On-Demand only with free version(if using win98/ME).

Title: Re: my computer is infected by going to the following site http://thecoolpics.com/
Post by: essexboy on August 17, 2007, 08:09:31 PM

Lets get it moved shall we.  If you are unsure of how to proceed when you have read the instructions.  Then complete the combofix portion and post the log here.  Download BFU  and coolpics remover to your desktop in any case.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

If you find this line in the resulting log:
"Task Manager"="C:\\WINDOWS\\system\\svchost32.exe"
under the header:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

Then download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
  
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C: ) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
  
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
  

RIGHT-CLICK HERE (http://metallica.geekstogo.com/coolpics.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
  
• Behind the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png) and select coolpics.bfu
  
• Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  
• Wait for the complete script execution box to pop up and press OK.
  
• Press exit to terminate the BFU program.
  

Reboot your computer and check if it worked.

Title: Re: my computer is infected by going to the following site http://thecoolpics.com/
Post by: CharleyO on August 18, 2007, 03:13:01 AM

***

Perhaps a Google search before clicking on such links might help. The results showed this ...

Active marketing website for ads.
This site may harm your computer.
Anonymizes all your internet activity 1000% Anonymous with proxy2proxy.com · Google
Enter your search terms Submit search form. XXX FREE SEX SITE XXX ...
thecoolpics.net/ - Similar pages

http://g.s.scandoo.com/search?hl=en&meta=on&q=www.thecoolpics.com%2F+

Clicking on the "This site may harm your computer" warning in the results takes you to this page ......

http://g.s.scandoo.com/support/bin/answer.py?answer=45449&topic=360&hl=en&sa=X&oi=malwarewarninglink&resnum=1&ct=help

Yeah, it may take a couple mins more to be safe but it's better than the infection you get from being careless.


***