cookingluck pop-up!!!!!!!!

Hi

I just joined this forum.

I have a problem with a pop-up of a link www.cookingluck.com/ ......
and my applications minimize all by itself.:cry
Every now and then a radio add also plays through my sound :confused

i read some post how to resolve this, but im still pretty clueless.....i saved the findAWF.exe and ran it!....so what next??/...I dont know how to add the result of the AWF scan( .txt file)

plz help
NooP

 

Hi NooP,
Welcome to Major Geeks!

Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs when you're finished. Below the reply window, there's a Manage Attachments button that will take you to the attachments. Their location is given in the instructions as you run each scan. The scans we request don't take that long and this is the best way we have of being able to help you.

Thanks.
abri

 

Hi abri

Thanx for the speedy response, it feels im gonna get somewhere with this xD
I am busy following the steps and i came to where u have to download the spyware/malware apps....
when i come to MGTools.exe the login link appear and when i try to log in it says i do not have sufficient privelages to access the site or something..:confused
Cn u plz tell me how do i get MGTools.exe??

thanx
NooP

 

Hi abri,

OK all scans done ( except Combo Fix) because combo fixed gave an error message...( i'll attach the printscreen of the message in my next post)

Ok, here are my other 3 logs (attached)

Thanx
NooP

 

.....Here is the error message i got from Combo Fix: Windows cannot find 'C:\Documents and Settings\Nico\desktop\cf.exe'. Make sure you typed the name correctly, and then try again.

PLZ NOTE: I did change the icon name to "cf.exe"

PLz let me know when i cn start with "Step 4: Toggle System Restore"

Cheers
NooP

 

Hi NooP,

We don't toggle system restore until your computer is completely clean. It is sometimes necessary to go back a restore point, even to an infected one, to recover computer functionality and for us it simply keeps the option open. Which Step 4 are you referring to?

Please go to C:\Documents and Settings\Nico\Local Settings\Temp\ and delete all the files Windows allows you to delete. It won't allow you to delete files from the current day.

Did you get the error when you tried to run Combofix or when you tried to find the log?

Please disable your guest account if this has not already been done.

Then rename this file C:\WINDOWS\system32\10201.sys to 10201.sys.zzz (right click on the file name and select rename)

abri

 

Hi there once again

...It is all fixed now and i did the recovery ect.

Thanks alot for all your help and guidence!

Btw, why did i have to put my log files of the scan results on the forum??....is it of importance to someone??:confused

I hope not to ask ur help in the near future, unless i get a virus or something soon xD!!

thanx and good luck

NooP :wave

 

Hi NooP,

You seem to be in a hurry to get out of here, so before you run off without allowing us any time to help you, please note a few things.

1) AVG7 is about to run out. As of June 1st, it will no longer be available as a standalone antivirus program, which I regret very much. I advise you to uninstall it and install Avast or Antivir, both of which can be found in How to Protect Yourself from Malware. To uninstall AVG properly, you need to first select the program you want to install and download the installation program (but do not install it). Remember where to find it later. Then disconnect your computer from the internet, disable AVG and uninstall it using add/remove programs. Then install the new antivirus program using the installation program you already installed. Alternatively, you can keep AVG, but upgrade to AVG8 which is a security suite with its own firewall and antispyware programs.

2) Also, you have an outdated Java program. To correct this, please do the following:
Go to add/remove programs and uninstall the below:

- Java(TM) 6 Update 5

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) Then if you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

6) You need to empty this folder and keep emptying it everyday until it's empty:

C:\Documents and Settings\Nico\Local Settings\Temp\

7) You need to disable your guest account.

8) You need to UPDATE your computer's XP to SP3. This should only be done after your computer is clean.

I don't know what the recovery act is, but the main thing still undetermined is whether the driver you renamed is malware or not. If you want further help, let me know.
abri

 

Hi NooP

Thanx for the pointers...looks like i'll stick around for a while after all!!

...is this why u needed the log files?? :-D

... I'm not sure wich driver ur referring to?? :confused

How??

Well, thanx nway for all ur guidance and support
Much appreciated!
NooP

 

Hi,

I meant Hi Abri in the previous post

hehe...didnt know how to edit my previous post, so i made a new one :cool

cheers
NooP

 

Hi NooP,
Yes, this is why we have you produce the logs (partly) and yes, this is what we do with them.

To see if your guest account has been disabled go to Start / System Settings and look for User Accounts and click on that. If the guest account is disabled, it will say so at the icon. If it's not, click on edit account and then change it to disabled.

The driver I'm talking about is the one I asked you to rename:

C:\WINDOWS\system32\10201.sys to 10201.sys.zzz

If renaming this driver has not caused any problems during reboots, I would like for you to use Combofix to remove it.
the Using Combofix

abri

 

Hi Abri

Cn u plz explain to me what that system files is for and what is the consequences of renaming/removing it??

...I don't like doing/working with things i dont fully understand. :confused

Thanx for ur time
NooP

 

Hi NooP,

That's the problem with malware. There's not much information on it. Unfortunately, some of the legitimate software offers little information either so it's sometimes hard to know if a file is legimate or malware. In this case, when you do a simple google search for 10201.sys one of the sites you are referred to is this thread you and I are working in right now. The other one is a German site with facts about China. Neither of these is very helpful. By renaming this file, it's possible to see if it causes any obvious disturbance to your running programs. What would be best would be to remove it using Combofix and that will put it into a backup folder where it can still be retrieved, but out of harm's way. I would like for you to try reinstalling combofix using the link Using Combofix and simply allow it to install to your desktop over the existing one. Don't rename it.

Then I would like for you to do the following 4 steps:

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:


O2 - BHO: 818646 helper - {54192079-8E8A-43D8-BCBC-3874916159AF} - (no file)

After you click fix, just close hijackthis.


2) Then, please do the following:

• Make sure that combofix.exe (cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

DRIVER::
10201

FILE::
C:\WINDOWS\system32\10201.sys.zzz

REGISTRY::
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54192079-8E8A-43D8-BCBC-3874916159AF}]

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe (cf.exe)
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.


3) Whether you are able to do the above or not, please run CCleaner

4) Then run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip along with the Combofix log if there is one.

Let me know how this all went?

 

Hi

I'm getting to the point of where I just want to format my PC and re-install everything, with the required antivirus apps, spyware software, and so on....

Will this fix/remove all the spyware/malware currently on my PC??....

PLz let me know if u think formatting is an option??

After I get ur opinion on this, i'll do as u said in the previous post

Thanx
NooP

 

Hi NooP,
You have one questionable file, which we can remove or leave there. I don't think it's worth reformatting your computer for that. I'm just neat-knicking a bit to keep your computer from being as vulnerable in the future. The only thing I would really recommend is to go ahead with the final cleanup instructions in the box below and be sure to set a clean restore point as per the instructions. After this download SP3 and see how your computer does with it. The instructions in the box just take off all the tools and logs we had you put on your computer so you won't have the extra weight in your system:

abri

 

Hi

So this is it, my PC is clean and the new system restore point is all set

THANX alot for all ur help and support!~

In the future if I have any problems i know where to find u! :cool

Cheers man!

NooP :wave

 

You're welcome NooP!
Let me know if you ever delete that one driver. lol
Good luck with your computer!