Need Help

[Biklar]

OK, I am not sure what's going on with my system but in the last day both IE and Firefox have been bombarded by constant and intermittent popups that contain the address Sagipsul.com. I am a Firefox user by the way.

-I've noticed that I can no longer go to an earlier restore point

-I am not able to visit some websites through Google searches as the websites turn up blank

-My McAfee won't "fix" properly or update itself when it is prompted to do so

-I now notice that in text online, random words are highly and underlined and when I hover over them, they reveal floater popups for advertisements related to that word.

-I've done a lot of searching around online for any possible NAME to what this virus or infection might be and I don't think I have Vundo because I've searched for the related virus files and nothing shows up. Also tried Vundofix. So it must be something else which prompts this sagipsul.com popup and the other stuff that is going on.

-I've downloaded Hijackthis, I have Spybot - Search & Destroy, I am currently running an a manual scan from my McAfee security center (one without any current updated definitions due to what I mentioned above) ansd a scan from Malwarebytes.

Last night, I had to restart my computer several times because it kept crashing at the windows user login screen. Finally it rebotted and this is what's been going on since then. Before all of this, something tried to download itself earlier last night from rapidshare and then I saw a popup for a virus remover which I was careful to not click on by removing the popup through task manager. But the problems I mentioned above began anyway after this happened.

What I am curious about is what exactly it is that's infecting my computer this way? I've tried to find a name to put this by doing my own research online but haven't come up with anything that seems to fit yet. However I am noticing a lot of complaints from people in the last couple of days on various forums I've visited pertaining to this issue so it must be some virus that was released recently.

I am not able to follow the 8 steps completely because some things I am blocked from doing. I've updated Java, gotten and ran hijackthis, malwarebytes and cleaner however. I've also disabled third party cookies..

I would very much appreciate if anyone has a clue about what's going on and what I can do to solve this maddening problem.

I'll attach a .txt file as I am having problems copying and pasting my log here due to character limitations and misreading certain log info as links

Log attached

Well I seem to have found a name for this virus I have: Prunnet.exe

it installs various .dll files and just deleting the .exe file and all of its .dlls won't get rid of it. It reinstalls itself. I also found some odd programs located in my add/remove list...first one spotted was "Advertisement Services".

I am looking at ways I can completely remove this problem off of my computer.

 

[BlkHeartWolf]

you have it bad, i am checking the log

Right Click on MyComputer icon and go to properties
Turn Off system restore
open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
do a disk cleanup in your Start/accessories/system tools/ Menu

After the reboot
download malwarebytes and install
run hijackthis and malwarebytes at the same time
select / CHECK any files and or keys I posted in hijackthis
but on both maiwarebytes and hijackthis click fix / repair at the same time.
then reboot immediatly.if you forget to turn off system restore it will return no matter

reboot once complete, run hijack this and post your log here again


C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Allyson Nicole Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070822
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070822

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\geBtUoOI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {c6c58a5c-c5fd-43ce-a75d-665cad4518a8} - C:\WINDOWS\system32\botabedu.dll
O2 - BHO: {de2c7b8e-e9fc-8e2a-e224-7c20caf79f6c} - {c6f97fac-02c7-422e-a2e8-cf9ee8b7c2ed} - C:\WINDOWS\system32\vtgrga.dll
O2 - BHO: (no name) - {E4EB51B4-8E1F-449C-ADDB-AB17D10BA180} - C:\WINDOWS\system32\opnlJdbc.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKLM\..\Run: [Dwitupij] rundll32.exe "C:\WINDOWS\Czoxuwa.dll",e
O4 - HKLM\..\Run: [mituvukezo] Rundll32.exe "C:\WINDOWS\system32\bimedufo.dll",s
O4 - HKLM\..\Run: [7c6aa1a7] rundll32.exe "C:\WINDOWS\system32\kazuvuye.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Allyson Nicole Jason\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-20\..\Run: [mituvukezo] Rundll32.exe "C:\WINDOWS\system32\bimedufo.dll",s (User 'NETWORK SERVICE')

O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL vtgrga.dll,C:\WINDOWS\system32\gejiwuvu.dll
O20 - Winlogon Notify: geBtUoOI - C:\WINDOWS\SYSTEM32\geBtUoOI.dll

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

 

[Biklar]

Yesterday was a very long day...but I think the virus/trojan is gone. No more pop up and i had to run Malwarebytes several times. One scan took around 10 hours at first because what turned out to be Vundo, slowed down my computer immensely.

I am curious about one file that McAfee keeps on identifying as a trojan. It is under System Volume Information and the file extension is A0000032.exe. I don't want to restore this file if it's actually a trojan. Sometimes I am not sure about what Mcafee labels because a week ago during an update with new virus definitions, the program incorrectly labeled all of my Big Fish Games as trojans and quarantined them as a result. They were inoperable until I restored them. However there is one Big Fish Game that is now connected to that A0000032.exe file I mentioned above, which is weird.

Is this a legit system restore file or a trojan trying to get back onto my computer and install itself?

Also thanks for your suggestions earlier. They definitely helped a great deal.

 

[kimsland]

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log

 

[Biklar]

I'd like to mention if it helps that Malwarebytes has defined some of my Popcap game files as spyware. I left those notifications unchecked and did not remove them because I knew what the files were for.

I will be running Mbam again and attaching a new log later today. It should take awhile for the scan to complete.

 

[kimsland]

Biklar remove all found malicious software, or we cannot help you
There is no good, or needed malware to keep ever.

 

[Biklar]

New logs are attached