TechSpot

Sagipsul/other pop ups in Mozilla

By AcLegend
Dec 28, 2008
  1. Hi, new to the board. Followed the "8-step prelim removal instructions" and that led me here. Lately (like a day ago) i started to notice pop ups really frequently in mozilla when usually I have no issues with it. Not sure what did it but I have an idea. Sagipsul, Brain Quiz and even x-rated pop ups started coming frequently, google search led me here. If anyone can help me out i would greatly appreciate it. Logs are attached.
     
  2. gillianbrown

    gillianbrown Banned Posts: 141

    My, you have quite a nice collection of malware there.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Words
    kernel
    Dot1XCfg

    Close control panel.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCMTR.EXE
    SwingTowns.exe
    l?gonui.exe

    Words.exe
    fiqwm.exe
    kernel.exe

    Dot1XCfg.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

    O2 - BHO: mymaxisearch browser optimizer - {2d3910eb-b9c9-1ccc-7421-5b12eecc874e} - C:\WINDOWS\system32\{4892F99E-481C-0CA0-F9BE-828059028CB7}.dll (file missing)

    O2 - BHO: Helper Class - {3670A914-63C2-4E67-8C9B-370AE1922143} - C:\Program Files\BChanger\bchanger.dll (file missing)

    O2 - BHO: (no name) - {9F6A904E-5114-4B29-B416-3152EEB78CC5} - C:\WINDOWS\system32\fccbCsPj.dll (file missing)

    O2 - BHO: (no name) - {D017E63D-228C-2A57-AE49-0CA2EDE819C2} - C:\WINDOWS\system32\marmjgq.dll (file missing)

    O2 - BHO: (no name) - {D117E646-22F8-2F50-AE4E-0BA2E59B19B3} - C:\WINDOWS\system32\marmjgq.dll (file missing)

    O2 - BHO: (no name) - {EE839544-DDCF-4C18-A535-F3641AD4C5AC} - C:\WINDOWS\AppPatch\bvmig.dll (file missing)

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O4 - HKLM\..\Run: [SwingTowns] C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\15F7TXG5\SwingTowns.exe

    O4 - HKCU\..\Run: [Pqmofx] "C:\Documents and Settings\HP_Owner\My Documents\?ystem\l?gonui.exe"

    O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe

    O4 - HKCU\..\Run: [fiqw] C:\PROGRA~1\COMMON~1\fiqw\fiqwm.exe

    O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe

    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe

    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

    O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html

    Fix all 015 Trusted Zone entries no matter what they are.

    O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)

    O20 - AppInit_DLLs: nnffat.dll lmkhav.dll abgveb.dll ycwjng.dll xqwprb.dll tbkcea.dll etrugy.dll qjjpll.dll zjhkpa.dll mkzgzg.dll akfeig.dll bdguog.dll scfkaj.dll odzvcb.dll oyvxnu.dll dgbwll.dll

    O20 - Winlogon Notify: bvmig - C:\WINDOWS\AppPatch\bvmig.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\Program Files\Dot1XCfg
    C:\Program Files\kernel
    C:\PROGRA~1\COMMON~1\fiqw
    C:\Program Files\Words
    C:\Documents and Settings\HP_Owner\My Documents\?ystem
    C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\15F7TXG5

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let us know if you're still having problems.
     
  3. AcLegend

    AcLegend TS Rookie Topic Starter

    Thanks, so far so good I really havent had any issues since the "8 step" thread. But i went ahead and followed through with your directions and attached is the most recent HJT log. Thanks again
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    It surprises me how much MBAM & SAS missed. HJT shows the changes were made.

    Minor cleanup - HJT scan. Tick & Fix. Restart the computer.
    Code:
    Remove from list - 
    O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)   >> hobbled
    Annoyance - Realtek. Try to option the application to decline running at startup
    Realtek finds ways to sneak back onto the startup list.
    Code:
    [URL="http://www.systemlookup.com/lists.php?list=2&type=filename&search=ALCMTR.EXE&s="][B]beware – violates privacy[/B][/URL] O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    
    It's up to you to decide what role Symantec will play with Internet Security on the computer. I did not take the time to check for overlap with Avast.

    Establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...