TechSpot

Help with sagipsul virus

By cgarmon
Jan 2, 2009
  1. I have just done the 8 steps and have sent the logs. The pop ups have stopped. Please check the logs to make sure I got everything. Thank you for your help
     

    Attached Files:

  2. rf6647

    rf6647 TS Maniac Posts: 829

    HJT scan. Tick & fix. Restart computer.
    Code:
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)  >> broken
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (file missing)  >> broken
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) >> broken (MS money)
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\2.bin\m3SrchMn.exe" /m=0
    
    Uninstall programs / delete files / delete folders
    C:\PROGRA~1\MYWEBS~2


    Code:
    Files Infected:
    C:\WINDOWS\SYSTEM32\senekafvkkyvbe.dll (Trojan.Seneka) -> Delete on reboot.
    
    HJT scan >> computer restarted?  Probably not.
    O20 - AppInit_DLLs: nydjht.dll
    
    MBAB did not handle all that it found until the computer restart.

    Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

    HJT scan informs what has not been handled (computer restart before HJT scan)
     
  3. cgarmon

    cgarmon TS Rookie Topic Starter Posts: 31

    removal

    an HJT only the 04-hklm showed up removed them , restarted computer deleted files and folders for program mywebs. Ran MBAB & SAS twice now clean. restarted computer and ran HJT. This is a log of the final HJT ran Do I need to remove the 02 files from the previous log since they are still there?
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Reference >> O20 - AppInit_DLLs: nydjht.dll qhjqrb.dll
    Verify both files are gone. It takes a week or so for tool developers to clean up this reference.

    C:\windows\system32\nydjht.dll
    C:\windows\system32\qhjqrb.dll

    The next time you update / repair / remove Yahoo tools will take care of remaining O2 items. It does not cause problems. Otherwise, Safe mode may be needed if the tick/fix did not work in normal mode.

    Establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...