HELP MY PC INFECTED BYE "MY _COOLFACE"

my flashdisk is infected bye malware named “my_coolface” than it infect my pc, it blocked everything and changes every files to folder with .scr extended, it even block the antivirus
do anyone knows how to remove it.

Can you please provide more details. A google for “my_coolface” returned nil results!?!

Ewen :slight_smile:

Hello,

What OS do you use?

What antivirus software do you use? Did it detect it?

We need more information.

I USE WIN XP SP2, i use avast free edition it was disabled bye the virus , than i change to other pc that have NOD 32 with the latest update , it detect the virus as new heur virus, but NOD32 failed to removed the virus. i haven try comodo antivirus yet, becouse it was installed in my laptop . i just can not afford to loose data anymore.

Maybe you can try “Mr_CF”, it’s a folder name that appear after the infection on my flash disk. i had tried to delete the folder but it could not be deleted.

The virus you refer to as Mr_coolface, is infact a Malware called PE_LUKGAL.A-O
Trend Micro has a sollution for this here.

trendmicro have detect it here is the link:

i have folder containing this virus but i do not know how to submit these files to comodo server without infecting my system

Don’t submit them. Just delete :slight_smile:

how bout comodo, do they have new virus database to solved it???

Hi, first I have to ask if you took other steps to get rid of this. When you boot your system, tap the F8 key to get into SAFE MODE, this way nothing is loaded. Also, once you have a plan to get rid of this, you should not connect to the internet as you are only feeding it . I would re-try Avast or Nod in safe mode to delete the ■■■■■■. If not, write down the file and path it is found in so manual deletion is possible.

Paul

ok i’ll try

Also, if you right click the My computer icon, I would go to the System Restore tab and shut off system restore as it will either infect or has infected this portion and is known to hit it very quickly. Once you try to get rid of the main body, the anti virus may be able to delete keys and files left by it. We hope. :wink: I believe this is also called the W32. ridnu or something and is also called Mr_Coolface as well as the above mentioned.

Paul

Hello,

Please send me the sample via e-mail, I will submit it to Comodo, and you won’t have to worry about infection ;).

Justin

i have tried several times to send the files but there is always return message from gmail said the files as illegal attachment, do you have another e-mail

Gmail has virus scan I believe and probably won’t allow you to send it if you show signs of infection or signatures may be the reason. You didn’t indicate if you tried in safe mode or not.

Paul

Upon your request, I have sent instructions to encrypt the file using Windows so it will not be detected.