Sagipsul and gadcom combo attack on my computer

By zaxNeyda
Dec 29, 2008
  1. Hi..
    I was on the internet last week when suddenly there are pop-ups coming out. One of them is sagipsul and after i ran a spybot program, i detected gadcom.exe existing in my pc.

    I just formatted my computer before it happened and I used AVG-free and ad-aware programs, hoping that they can fix the problems, but they failed. so i followed the 8-steps viruses/spyware/malware removal as suggested.

    so here are the logfiles:

    there are 2 log files of superantispyware as i ran it twice.

    please help me on this matter and thanks in advance.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please go back and update and run Malwarebytes again: No action taken.
    This means that you did not check the line:
    # When the scan is complete, click OK, then Show Results to view the results.
    # Be sure that everything is checked, and click Remove Selected.
    Check the #11 screen shot here:

    Open ZoneAlarm and temporarily disable the firewall:
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    Please re-open HiJackThis and scan.Check the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:

    Right click on Start> Explore> Windows System32> right click> Delete on any of the following files if present:.
    Reboot into Normal mode.
    (xxywxYOF.dll is a file from Trojan.WinFixer.Process)

    Please update and scan again with Malwarebytes, ( being sure to check for removal) SuperAntispyware (also being sure to check the entry '* Make sure everything found has a checkmark next to it,*) and follow with a new HijackThis scan. Attach all three logs.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...