Sagipsul attack

By Skee
Dec 29, 2008
  1. Hi, I too have been subjected to a sagipsul attack, and would welcome any help in removing the thing.
    HJT log attached.
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. Skee

    Skee TS Rookie Topic Starter

    After 8 steps

    Hi Kimsland,
    After my 8 steps program, I am no longer getting the sagipsul popup every minute or so.
    I'm sending the log of HJT, and Malware as attachments. I could not find the quarantine log from SuperSpy, so I'll write the info from it below.

    Unclassified.Unknown Origin

    Attached Files:

  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524


    You still (I believe) have a few infections to remove
    But I'd like you to go one step further before another scan

    Using Add\Remove Programs
    Remove AVG8
    Remove Symantec (some files still starting with Windows)

    Then Restart, and run the following:
    AVG Removal Tool
    Norton Removal Tool or directly from h e r e
    Then download and update => Avira


    Then at last re-open MalwareBytes and select the Update Tab, and update the programs definitions ie "check for updates"
    Then select the Scanner Tab, and run a full scan "Perform full scan"

    During the scan, Avira may popup with found Viruses, select quarantine and make this the same action always, (actually I can't remember the exact words) so as to reduce any further popups from Avira for found Viruses


    Ideally, submit a new Malwarebytes log
    Then run a new HJT scan and log, and attach this log as well

    Pretty sure your computer will be running quite well at this point, what ever else happens. :)
  5. Skee

    Skee TS Rookie Topic Starter

    Hi Kimsland,
    I'll do all of that after I finish some "TO DO" items.
    Another person posted a question I just took off my e-mail, but I'm still trying to figure out the forum system, so I can not find where to answer directly. He wanted to know where I thought the attack came from. This is my daughters computer, she uses FireFox and spends a good deal of time on Gaia. She left the browser up while she went out of the room for awhile. The computer was infected when she came back.
  6. Skee

    Skee TS Rookie Topic Starter

    Latest scan

    Hi Kimsland,
    The Malware scan came out clean, no problems what so ever. Thanks.

    I've attached the latest HJT log.

    This is my daughters computer, and I use IE6, so I'm not sure if this is normal, or a symptom of something else, but it is painfully slow loading pages. I'm using an "N" wireless
    router for her connection, and it is reporting a 243mps speed with "Good" connection, so it seems like it should be at least as fast as my wired 100mps computer.

    Thanks for all of your help in ridding this computer of the sagipsul, I really appreciate it.

  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    This post was removed by me, as not required
    We are not interested "Where the infection came from" specifically. Unless we quote some known, stay away from, known sites. These sites include p0rn; cr@cking and similar other sites. And generally most users know to stay away, from these (or suffer the consequences) Note, I am generalizing at the possible areas of places where these infections come from, but it should also be noted, places such as:
    File Sharing (a whole range of areas, for this one)
    Email (very easy to pick up any Malware)
    Foreign media (such as burnt discs; or any external media, plugged into a computer)
    Surfing the Web (sadly just browsing "anywhere" may not always be safe; ie If I browsed for Dolls; I might get any amount of strange returns!)

    So, we can speculate all day.
    But when it comes to your "Daughter" it's just a matter of asking where she logs on to, and what she normally views or even downloads (basically being aware of what's actually happening whilst she is online)
    In saying that. Sometimes (well mostly) it's out of our hands (ie hacking; or even just surfing or reading "friends" emails) and a whole range of other endless possibilities

    Anyway, therefore the post Question, was removed :)
    Oh I haven't read the log yet! And I need to sign off soon, so unless someone else answers, please hold ;)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...