Stubborn Malware!

Discussion in 'Malware Help (A Specialist Will Reply)' started by PunchingBee, Nov 17, 2013.

  1. PunchingBee

    PunchingBee Private E-2

    I found this thread
    https://forums.majorgeeks.com/showthread.php?t=274660

    which led me to follow the READ & RUN ME FIRST post. After I ran that, I gave my computer a night to sleep on it, but when I booted up the next day, I found the problem files/programs still hanging around. I can't seem to get "CoolYou" and "1 Click Downloader" to get off my computer.

    I ran the previously linked thread pertaining to "CoolYou" (There isn't a whole lot of info about this that I could find, thanks for at least getting me THIS far!), but the damn programs are still there AND I'm still getting error messages about not being able to remove the programs.

    help?
     

    Attached Files:

    PunchingBee, Nov 17, 2013
    #1
  2. PunchingBee

    PunchingBee Private E-2

    and this one...
     

    Attached Files:

    PunchingBee, Nov 17, 2013
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hello there. :)

    1ClickDownloader <<< Uninstall this.



    http://img805.imageshack.us/img805/9659/rktigzy.gif Fix items using RogueKiller.

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate this detection:

    • [V1][SUSP PATH] CoolYouUpdaterTask{D4E5A609-8F48-4ED6-B4C8-AD9AC1FF88D7}.job : C:\ProgramData\Premium\CoolYou\CoolYou.exe - /schedule /profilepath "C:\ProgramData\Premium\CoolYou\profile.ini" [x][-] -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Reboot the machine.



    Please re run Hitman Pro and have it delete Malware and Potential Unwanted Programs.


    Delete this if it shows:
    C:\ProgramData\Premium\CoolYou

    How are things running?
     
    Kestrel13!, Nov 17, 2013
    #3
  4. PunchingBee

    PunchingBee Private E-2

    Ok, I got the 1ClickDownloader off.

    The Rogue Killer scan finished, but didn't show anything in the registry. There is only information in the MBR tab.
     
    PunchingBee, Nov 17, 2013
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    And how is the machine behaving now?
     
    Kestrel13!, Nov 18, 2013
    #5
  6. PunchingBee

    PunchingBee Private E-2

    Everything seems to be working fine except when I try to uninstall CoolYou Gadget and CoolYou from the uninstall or change a program screen, I get "Setup initialization error" when trying to uninstall CoolYou Gadget and "Error 2 while loading archive: The system cannot find the file specified" when trying to uninstall CoolYou

    so, I'm guessing that the inability to remove the programs means the malware is still there?
     
    PunchingBee, Nov 18, 2013
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Nov 18, 2013
    #7
  8. PunchingBee

    PunchingBee Private E-2

    Ok, so I ran the Revo Uninstaller, but the CoolYou program doesn't show up in it's list of programs. When I searched for the ending part of the file location, I found the process attached to SMCWGUTI.exe

    The name CoolYou is only seen in the listed programs I access through my Control Panel, everywhere else, it seems hidden.
     
    PunchingBee, Nov 18, 2013
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am not seeing this installed as per the latest MGlogs.zip. So what you are seeing in the uninstall list on your computer is just a dead entry I would imagine.
    ...that file is safe.
     
    Kestrel13!, Nov 18, 2013
    #9
  10. PunchingBee

    PunchingBee Private E-2

    Alright, thank you so much! I'm going to preach the good word of this place to my friends and family! You folks are great, very helpful.
     
    PunchingBee, Nov 18, 2013
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You are most welcome. :)


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

    7. After doing the above, you should work thru the below link:
     
    Kestrel13!, Nov 18, 2013
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds