TechSpot

Koolynoody downloader help

By pakileka
Jul 15, 2008
  1. this keeps popping up in my ca antispyware and wont leave. any help would be great. thanks, geoff.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please read and begin with the suggested programs and logs:
    Viruses/Spyware/Malware, preliminary removal instructions:
    http://www.techspot.com/vb/topic58138.html

    You will have multiple entries that have to be found and removed.

    There is one thing you can do now though. Kooly like to put itself in the Trusted zone, making it impossible to restrict it:
    Open IE> Tools> Internet options> Security tab> Trusted zone> Sites> if Koolynoody is here, highlight and remove, but make note of the entry. Then go to the Restricted Zone> Sites> type in the Koolynoody entry> Add.

    This does not take the place of the cleaning, so follow through with that.
     
  3. pakileka

    pakileka TS Rookie Topic Starter

    its not in the trusted zone and it tells me its in another zone when i try to add it to the restricted zone. i have gone through most of the steps you directed me to. which log files do u want?
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Follow the instructions on the site I left. There are a total of 15 steps, with instructions for posting your logs. Once they find Koolynoody and most likely other malware and you're clean, you can then add it to the Restricted Sites.
     
  5. pakileka

    pakileka TS Rookie Topic Starter

    here is my mbam log

    Malwarebytes' Anti-Malware 1.20
    Database version: 961
    Windows 5.1.2600 Service Pack 2

    03:06:13 PM 7/17/2008
    mbam-log-7-17-2008 (15-06-13).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 170686
    Time elapsed: 1 hour(s), 35 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\Downloaded Program Files\unagiuninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    attach c:\combofix.txt and hijackthis log
     
  7. pakileka

    pakileka TS Rookie Topic Starter

    here's the logs you requested, sorry it took so long. thanks again.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Question: I see HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    There are some other processes for HIPS> Host(-based) Intrusion Prevention System.. You have the Computer Associates Internet Suite. Is this an additional installation? If so, you may be doubling up on firewall.
     
  9. pakileka

    pakileka TS Rookie Topic Starter

    i have CA Security Center,i downloaded it, but that is the only firewall that i am running that i know of. do i need to get rid of this? sorry, i don't know anything about this.
     
  10. pakileka

    pakileka TS Rookie Topic Starter

    its been a few days since my last post, can anyone analyze my hijackthis and combofix logs? thank you.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...