TechSpot

Sagipsul, Darksma and System Restore

By jinscriba
Jan 1, 2009
  1. Good day. I noticed from the other threads that there really isn't a general solution for sagipsul, so I'll post the HJT log as well as the Malwarebytes log I have. Sagipsul's been coming up since yesterday.

    I was at my girlfriend's house from Sunday until New Year's Eve in the afternoon, so I do not really know the desktop activity at those days. My brother said he downloaded Veoh Beta as well as Exterminate This!, both of which have already been uninstalled.

    Also, System Restore's not working. I clicked Next multiple times in the last page, but it won't go through. What's wrong?

    Thank you very much for the help.
     
  2. rev_olie

    rev_olie TS Maniac Posts: 560

    Hi Jinscriba
    Welcome to techspot!!

    I cant see anything in your log to suggest Sagipsul but there are somethings in there im not sure about and Google hasnt returned qualified results to suggest your log is clean.

    Please download SDFIX from here
    • # Run the SDFix.exe by double clicking on it.
    • # Allow it to install into the default location which is normally c:\SDFix
    • # Now please reboot your computer into Safe Mode (see this if you don't know how: Starting your computer in Safe mode )
    • # When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    • # Type Y to begin the cleanup process.
    • # It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    • # Press any Key and it will restart the PC.
    • # When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • # Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • # Attach the Report.txt file to your next message

    Then repost with a fresh Hijackthis log and the log from SDFix
     
  3. jinscriba

    jinscriba TS Rookie Topic Starter

    I ran SDFix. The report's attached below. What exactly is wrong with the computer? Is there anything with regards to System Restore not working?

    Also, Sagipsul is still coming up, though you mentioned that there's no sign of sagipsul at the logs.
     
  4. rev_olie

    rev_olie TS Maniac Posts: 560

    I wasn't sure about a couple of files on your Hijackthis log.
    The files didn't seem to send a definite yes or no answer as to whether they were good or bad.

    Can you now attach a fresh Hijackthis log and i will be able to tell you for definite if you had an infection :).
     
  5. jinscriba

    jinscriba TS Rookie Topic Starter

    Here's the HJT log. I noticed that Sagipsul also pops up on Internet Explorer, but comes up as a 404 under Yahoo!. And my temporary solution of uninstalling Firefox then does not affect Sagipsul's existence.
     
  6. rev_olie

    rev_olie TS Maniac Posts: 560

    Ok I'm still concerned about something on your log

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    This is either a nvidia controller or a worm called GAOBOT.ZX or GAOBOT.ADV

    Do you have a nvidia card?

    Also did you know anything about this site in your trusted zone:

    www.japanhero.com

    Just need this bit of info
     
  7. jinscriba

    jinscriba TS Rookie Topic Starter

    I do have an Nvidia card. If I don't, would that be a problem?

    Also, Japan Hero is a website dedicated for Japanese tokusatsu shows. Does putting it as a trusted website causing any problems?
     
  8. rev_olie

    rev_olie TS Maniac Posts: 560

    Well with the answers you gave me i would say you were clean :)

    If you didn't have a nvidia card then that file would be classed as a worm that would need removal but that should be OK.

    Also the site just need checking by us to make sure you know its there otherwise it could be a stepping stone of something like a browser hijack etc.

    But all is well. Keep scanning with Malwarebytes and Superantispyware every 2-3 weeks and you will be fine
     
  9. jinscriba

    jinscriba TS Rookie Topic Starter

    Thank you very much for the help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...