Adware popups (Sagipsul)

[thumbspeak]

I've run Malaware Bytes, Adaware and various other virus scan things, which haven't seemed to get rid of the problem. Malaware bytes got rid of it temporarily, but its back now.

I've attached my Hijackthis log.

Thanks in advance.

 

[thumbspeak]

more details

[sorry for multiple posts]

I thought I'd post a few more details:

I'm running firefox and every so often I'll get random pop-ups usually from the Sagipsul website, which I'll then close. Every so often I'll get an even more intrusive pop-up (resized) telling me to download a spyware remover.

I've run an ESET nod32 antivirus scan (clean), an Adaware 2008 scan (found virtumonde, which I quarantined) and a Threatfire scan (clean). Malaware also managed to find and get rid of something, which fixed the problem temporarily.

Also, my security centre gets disabled on occasion.

Really appreciate any help.

 

[thumbspeak]

I have followed the 8 steps process.

I've attached all the the logs.

 

[gillianbrown]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: {f4be8bf6-d0ae-90f9-c304-701f3afae28d} - {d82eafa3-f107-403c-9f09-ea0d6fb8eb4f} - C:\WINDOWS\system32\oyogvi.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O20 - AppInit_DLLs: oyogvi.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\WINDOWS\system32\oyogvi.dll

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let us know if you're still having problems.

 

[thumbspeak]

Update: Reformat still necessary?

Thanks so much for your help.

I've attached the updated HJT file. Hopefully, I'll be good to go for now.

I'm guessing I should find some time to completely reformat my machine before using it for online banking?

 

[gillianbrown]

Your HJT log is clean.

Yes, formatting before using your system for online banking would be the sensible thing to do as the risks of not doing so are just too great.


Please download OTMoveIt by OldTimer OTMoveIt.exe, unzip it and place it on your desktop.

1. Double click OTMoveIt.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes
5. When finished exit out of OTMoveIt

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.