Coodoosoft

patrickv · 10-26-2009, 12:52 PM

As per the title guys. I really need some help on this.
is there a definite way to remove this crap ?
Even though I disable it at startup and I would also remove its entry, it would appear again. However there's no process called herss.exe like google said.
The only way for me to know the thing is running i have to go to the user's temp directory and looks for cvas0.dll or similar or i'll end up with this

This is what happens when printing back to back on the printer. It crashes when the virus is active. I can go to temp, delete herss.exe and remove the dll, try printing and it will work.

Are there any good ways to permanently remove it ?

many thanks

patrickv · 10-26-2009, 12:54 PM

ah sorry it's Cdoosoft !! lol

linkin93 · 10-26-2009, 01:36 PM

get malwarebytes and hijack this... run them both in safemode after updating (best way is to go safemode with networking)

could you give a list of your processes when the virus is active?

patrickv · 10-26-2009, 01:50 PM

Quote:

Originally Posted by linkin93

get malwarebytes and hijack this... run them both in safemode after updating (best way is to go safemode with networking)

could you give a list of your processes when the virus is active?

Malwarebytes doesn't help in this case, tried and tested. I even updated it.Not even hijack this.
I downloaded Spybot S&D and so far it has removed the infection, I have also rebooted a couple of times. So far so good. Will see how long this last

linkin93 · 10-26-2009, 02:22 PM

perhaps try googling for the specific infection and then removal... usually works... some people are kind enough to create guides to remove a specific infection.

patrickv · 10-26-2009, 04:55 PM

Quote:

Originally Posted by linkin93

perhaps try googling for the specific infection and then removal... usually works... some people are kind enough to create guides to remove a specific infection.

Yup, Thanks.
I once was on a blog somewhere and it lead me to StopZilla. I downloaded the program and I have to admit.. It sucks major

Respital · 10-26-2009, 09:37 PM

Hello:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply i will need:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

10-26-2009, 12:52 PM	#1 (permalink)
patrickv Diamond Member Join Date: Jul 2006 Location: I wonder !!! Posts: 6,299	Coodoosoft As per the title guys. I really need some help on this. is there a definite way to remove this crap ? Even though I disable it at startup and I would also remove its entry, it would appear again. However there's no process called herss.exe like google said. The only way for me to know the thing is running i have to go to the user's temp directory and looks for cvas0.dll or similar or i'll end up with this This is what happens when printing back to back on the printer. It crashes when the virus is active. I can go to temp, delete herss.exe and remove the dll, try printing and it will work. Are there any good ways to permanently remove it ? many thanks __________________ My Blog My FlickR

10-26-2009, 12:54 PM	#2 (permalink)
patrickv Diamond Member Join Date: Jul 2006 Location: I wonder !!! Posts: 6,299	ah sorry it's Cdoosoft !! lol __________________ My Blog My FlickR

10-26-2009, 01:36 PM	#3 (permalink)
linkin93 Diamond Member Join Date: Jun 2009 Location: NSW, Australia Age: 16 Posts: 2,330	get malwarebytes and hijack this... run them both in safemode after updating (best way is to go safemode with networking) could you give a list of your processes when the virus is active? __________________ System CM Storm Scout - Asus P5N-E SLI - Core 2 Duo E4500 @ 3.02Ghz - 2x1GB Corsair XMS2 @ 900mhz - Sapphire HD 3870 - WD 250GB Caviar SE16 - SHAW 860W - Windows 7 Ultimate x64 Perhiprials Logitech G5 Mouse - Logitech R-10 Speakers - Targus Keyboard - HP L1470 17" 1280x1024 Monitor

10-26-2009, 02:22 PM	#5 (permalink)
linkin93 Diamond Member Join Date: Jun 2009 Location: NSW, Australia Age: 16 Posts: 2,330	perhaps try googling for the specific infection and then removal... usually works... some people are kind enough to create guides to remove a specific infection. __________________ System CM Storm Scout - Asus P5N-E SLI - Core 2 Duo E4500 @ 3.02Ghz - 2x1GB Corsair XMS2 @ 900mhz - Sapphire HD 3870 - WD 250GB Caviar SE16 - SHAW 860W - Windows 7 Ultimate x64 Perhiprials Logitech G5 Mouse - Logitech R-10 Speakers - Targus Keyboard - HP L1470 17" 1280x1024 Monitor

10-26-2009, 09:37 PM	#7 (permalink)
Respital Diamond Member Join Date: Aug 2007 Location: Canada Age: 15 Posts: 2,646	Hello: Download and Run ComboFix If you already have Combofix, please delete this copy and download it again as it's being updated regularly. Download this file from one of the three below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Then double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. In your next reply i will need: The ComboFix log A fresh HiJackThis log An update on how your computer is running __________________ Winner of Photo Tourney: Twilight /My Rig:/ /Case :/ Antec Sonata III /Power Supply :/ Antec Earthquake 500W /Motherboard :/ Gigabyte P35-DSR3 /Processor :/ Intel E6850@3.4Ghz /Ram :/ Consair 2x 1 Gb 800mhz /Video Card :/ Zotac 8800 GT /Monitor:/Samsung T220 w 20 000 : 1 Contrast and 2ms response time /3DMark06 Score :/ 11730

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode