TechSpot

Adware popups (Sagipsul)

By thumbspeak
Dec 28, 2008
  1. I've run Malaware Bytes, Adaware and various other virus scan things, which haven't seemed to get rid of the problem. Malaware bytes got rid of it temporarily, but its back now.

    I've attached my Hijackthis log.

    Thanks in advance.
     
  2. thumbspeak

    thumbspeak TS Rookie Topic Starter

    more details

    [sorry for multiple posts]

    I thought I'd post a few more details:

    I'm running firefox and every so often I'll get random pop-ups usually from the Sagipsul website, which I'll then close. Every so often I'll get an even more intrusive pop-up (resized) telling me to download a spyware remover.

    I've run an ESET nod32 antivirus scan (clean), an Adaware 2008 scan (found virtumonde, which I quarantined) and a Threatfire scan (clean). Malaware also managed to find and get rid of something, which fixed the problem temporarily.

    Also, my security centre gets disabled on occasion.

    Really appreciate any help.
     
  3. thumbspeak

    thumbspeak TS Rookie Topic Starter

    I have followed the 8 steps process.

    I've attached all the the logs.
     
  4. gillianbrown

    gillianbrown Banned Posts: 141

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: {f4be8bf6-d0ae-90f9-c304-701f3afae28d} - {d82eafa3-f107-403c-9f09-ea0d6fb8eb4f} - C:\WINDOWS\system32\oyogvi.dll

    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

    O20 - AppInit_DLLs: oyogvi.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\WINDOWS\system32\oyogvi.dll

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let us know if you're still having problems.
     
  5. thumbspeak

    thumbspeak TS Rookie Topic Starter

    Update: Reformat still necessary?

    Thanks so much for your help.

    I've attached the updated HJT file. Hopefully, I'll be good to go for now.

    I'm guessing I should find some time to completely reformat my machine before using it for online banking?
     
  6. gillianbrown

    gillianbrown Banned Posts: 141

    Your HJT log is clean.

    Yes, formatting before using your system for online banking would be the sensible thing to do as the risks of not doing so are just too great.


    Please download OTMoveIt by OldTimer OTMoveIt.exe, unzip it and place it on your desktop.

    1. Double click OTMoveIt.exe to launch it.
    2. Click on the CleanUp! button.
    3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. You will be prompted to allow the clean up procedure, click Yes
    5. When finished exit out of OTMoveIt

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...