also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot
Collaborate in the cloud with Office, Exchange, SharePoint, and Lync.
Microsoft Office 365. Pay-as-you-go starting at $8/user/month. Begin your free trial now.

Sagipsul Infection -- did the 8 step process

Discussion in 'Virus and Malware Removal' started by frhentb1, Jan 2, 2009.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. frhentb1 Newcomer, in training

    rerunning search

    kimsland and bobbye

    i will rerun search when i get home this evening (posting reply from work)...i will ensure to search hidden files which i don't remember doing the first time. will post results....thanks

    frhentb1
    frhentb1, Jan 7, 2009
    #21

  2. Bobbye Helper on the Fringe

    I have not been able to find an way for you to find and delete this file except for a regedit. But I am not recommending that for you. It would require locating and deleting the file- I can't send you to a specific file. At this point, consensus is either to get help with a regedit from an experienced person, or leave it alone.

    Try one thing for me: right click on the taskbar> Task Manager> Processes tab> double click on the frame above the process names to sort> look for anything 'sqeayo'> if you see it, click to highlight> End task.

    Then do a search again, but make sure hidden files and folders show:
    Open search> files & Folders> then go up to Tools> Folder options> View tab> check 'show hidden files and folders'> now put sqeayo in the search field and search. IF you find it, do a right click> delete.

    Go back and hide the files & folders again.
    Bobbye, Jan 7, 2009
    #22

  3. frhentb1 Newcomer, in training

    Searching 4 sqeayo

    kimsland & bobbye

    viewed all processes and did search across entire system including systems and hidden files for sqeayo and found nothing except references in all the log files from the tools we have been running. no trace outside of logfile reports for this dll.

    will watch for further advice

    many thanks

    frhentb1
    frhentb1, Jan 7, 2009
    #23

  4. kimsland Ex-TechSpotter

    Go to your User Accounts in Control Panel
    Confirm under your name states: "Computer Administrator"
    If it does not state this, you may need to do the following in Safe Mode, under the Administrator account.

    Click on Start -> Run -> Regedit
    Maximize the Registry Editor Window that opens (if not maximized already)

    From starting at the original title "My Computer" (in Registry Editor still)
    Click on each of the + signs to expand each tree on:
    HKEY_LOCAL_MACHINE
    Software
    Microsoft
    Windows NT
    CurrentVersion
    Windows     <- Make sure this last one is highlighted

    Right click on the "Windows" key (the yellow folders are called "keys")
    Select Export
    Choose Desktop as the location (for convenience)
    Give it a name such as: KeyBackup
    Ok

    In the right hand pane, search for any entry with sqeayo.dll in any field
    Right click on the found entry (if found)
    Select Delete, then click Yes

    At this stage I'd like you to Zip up the "KeyBackup.reg" file on your Desktop
    And then attach it to a New Reply (even if the sqeayo.dll entry was not found)

    Restart your computer
    If you did make any alterations (ie deletions) in Registry Editor
    Please now provide a new HJT log, in a new reply

    :)
    kimsland, Jan 7, 2009
    #24

  5. Bobbye Helper on the Fringe

    Thanks kimsland.

    frhentb1, go for it. kimsland has done a great job of laying it out for you and some of the risk element has been removed.
    Bobbye, Jan 7, 2009
    #25
Page 2 of 2
Thread Status:
Not open for further replies.