TechSpot

Sagipsul.com Virus

By maton84
Jan 2, 2009
  1. Hello,

    I had a bunch of pop-ups that kept coming up while I was online. I noticed that most of the pop-ups started with "sagipsul.com". When I looked it up online I found your numerous threads on how to fix it. The problem for me was that i believe this virus was blocking your forum because i couldn't access it via my desktop and for that matter I also couldn't access any anti-virus sites (i.e. McAfee, Symantec, etc...). Luckily i have a laptop that was not infected and i could access your site.

    I have gone thru the 8 steps for prelimanry viruses removal.

    Attached are the three logs that the thread requested i attach.

    Please review and let me know if i have to do anything else.

    Thanks in advance for your help. I was really frustrated prior to finding your site.

    Cheers!
     
  2. rf6647

    rf6647 TS Maniac Posts: 829

    The logs inform that you have handled this well.

    The HJT from safe mode keeps startup applications from running and showing in the process list. Running in normal mode without symptoms of infections is the real test of the fixes.

    HJT Scan. Tick & Fix. Restart computer
    Code:
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)  >>  broken (yahoo companion)
    Happy New Year - happy computing.

    Establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
     
  3. Tiani

    Tiani TS Rookie

    Hi, maton84!
    Like you, I have problems with the sagipsul virus.
    I've reviewed your log, but it just so happens that I am not computer savvy.
    I was wondering if you, or any other members could break this down in terms that are quite simple.

    It would be very much appreciated,
    Tiani.
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Tiani


    Tiani, please begin a new thread to discus your problem. Use the link to the start page for this forum. Upper left portion of the page displays the 'new thread' . Click it & go from there. Once there look for [​IMG]
     
  5. maton84

    maton84 TS Rookie Topic Starter

    Thanks for your help rf6647,

    I have attached the hijackthis file that I ran on normal mode.

    Can you let me know how it looks?

    Thanks in advance for your help.
     
  6. rf6647

    rf6647 TS Maniac Posts: 829

    First impression - you are running with 2 antivirus programs, Avira & McAfee. Uninstall one after you evaluate results.

    Second observation - an infection has appeared.
    Code:
    O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    [URL="http://www.systemlookup.com/lists.php?list=2&type=name&search=prunnet&s="]Reference link[/URL]
    
    It is troubling since neither AV detected it. This could signify interference or corruption. Demote one AV to demand only. Update each & re-scan.

    Following that exercise, update and scan with MBAM followed by SAS.

    Next, scan with ComboFix. See supporting information. This program also provides diagnostic information.

    HJT scan informs what has not been handled (computer restart before HJT scan)

    Post new logs and describe conditions.


    Supporting information
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...