Cookingluck virus. Please help me!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by g481_shm, Mar 23, 2008.

  1. g481_shm

    g481_shm Private E-2

    I can't get rid of theese pop-ups. I've seen that there are other similar threads, but I'm opening a new one, because the help seems personalised for every user. So, please help in getting rid of this virus!
     
    g481_shm, Mar 23, 2008
    #1
  2. Lev

    Lev MajorGeek

    Lev, Mar 23, 2008
    #2
  3. g481_shm

    g481_shm Private E-2

    Well, this is all you asked for. I hope it is enough. Sorry for the late reply, but i wasn't expecting an answer soon:) So, thabks!
     

    Attached Files:

    g481_shm, Mar 24, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It appears that you did not follow the instructions for running MGtools properly. It looks like you did not click to Accept the license agreement for TrendMicro's HijackThis as specified in the READ ME. As a result it did not run a put a log into the MGlogs.zip file.

    What did you do to this PC on Dec 29, 2007? Many many files are showing with that date. Did you reinstall on that date or restore from a backup? Having so many new files (thousands) makes your logs almost useless.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Now we need to use ComboFix.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Make sure this time you click (twice) to accept the TrendMicro HijackThis license agreement.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 25, 2008
    #4
  5. g481_shm

    g481_shm Private E-2

    Hey! Unfortunately i can't remember what i've done on the 29th, but i could have reinstalled windows as you say. I had a problem with it, and i installed a new copy, that proved to be in Russian. I got rid of the russian version now, but i guess that could be the event you were talking about.
    About the MGTools, i didn't get any license agreement pop-up neither now, nor the first time i used it.
    The cookingluck pop-ups seem gone now, but i can't be sure quite yet.
    Here are the new logs. Thanks a lot for your help!
     

    Attached Files:

    g481_shm, Mar 26, 2008
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    HijackThis is still not installed or running to produce a log. Please do the below.
    • Right Click Start and select Explore.
    • Navigate to the C:\MGtools folder.
    • Double click on the analyse.exe file
    • Tell me what happens.
    Also you still have some of the infection. Please do the below.


    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Tell me if you get a success message about adding the above to the registry.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 26, 2008
    #6
  7. g481_shm

    g481_shm Private E-2

    when i click "analyse" in MGTools, i get the license prompt, which i have to accept. Then i have to choose between several options. I chose to scan and produce a log, which i posted here (although i don't know if you needed it).
    The fixme.reg worked just fine! I posted the mglogs also. The cookingluck popups seem finally gone (they usually appeared at startup and when i used mozilla).
    Thanks again!
     

    Attached Files:

    g481_shm, Mar 26, 2008
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay that is what we were looking for. Now I just need one more log from MGtools to verify the registry entries really got fixed.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below logs:
    • C:\MGlogs.zip
     
    chaslang, Mar 27, 2008
    #8
  9. g481_shm

    g481_shm Private E-2

    This is it! Everything seems alright now.
    Thank you for your time:) !
     

    Attached Files:

    g481_shm, Mar 27, 2008
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay while everything seems alright, it is not completely fixed. Something is blocking you from getting those bad registry entries from the malware removed. Also HijackThis does not run each time when you run the GetLogs.bat program (from MGtools) which is also troublesome. I'm not sure what is causing the problems but it may related to McAfee or another security program. Please uninstall SUPERAntispyware now since we are really finished with it anyway. Then please try shutting down or disabling as much of McAfee as possible and let's try fixing those registry entries again with ComboFix.

    Now we need to use ComboFix.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Please watch for any error messages in the command prompt window that opens and let me know if you notice any problems while GetLogs.bat runs.

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
     
    chaslang, Mar 27, 2008
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds