1. Download this file - ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

If you find one of these lines in the resulting log:
"DisableRegistryTools"=dword:00000001
"DisableTaskMgr"=dword:00000001
under the header:
[HKCU\software\microsoft\windows\currentversion\policies\system]

Then download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C: ) or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• Behind the scriptline to execute field click the folder icon and select coolpics.bfu
• Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• Press exit to terminate the BFU program.

Reboot your computer and check if it worked.

This post has been edited by Metallica: Oct 21 2007, 05:54 AM

This topic has been left open to allow specific questions and comments related ONLY to this guide. It's NOT for posting HJT logs, links to your logs, or any other general malware help. Replies not following these rules will be deleted. Thanks for your cooperation.

Was just doing some reading, and noticed something...

Link to ComboFix 404's, it's changed a while back. Current CF links are:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

They are case sensitive.

This post has been edited by tetonbob: Aug 11 2007, 10:28 AM

Thanx to metallica's instruction, i was able to remove coolpics virus in my computer. it really annoys me everytime i open my yahoo messenger. By the way my friends computer is infected by a virus which is similar to coolpics. It also disables his taskmanager and pops a weird characters in his Yahoo Messenger which looks like this  and so on followed by freewebtown.com instead of coolpics.com. My question is can BFU removed this kind of thing on my friends computer? Can I apply metallica's instruction to remove this kind of virus. Please help us with our problem. Thanx and sorry for my english!!

maayongadlaw,

Please have your friend read this post then post a HijackThis Log in the Malware Forum.

Ask him/her to title the post Coolpics Clone? and I will keep an eye out for it.