TechSpot

Sagipsul popups

By IvanIsaak
Dec 26, 2008
  1. Hi,

    I'm getting random pop-ups when I open Firefox, mainly from a website called "sagipsul.com".

    I've tried getting rid of it with Malwarebytes, SuperAntiSpyware & McAfee, but it's still there. Usually 4 or 5 windows will pop-up but I can't see them (I only see the current Firefox window resizing). However when I alt-tab I can see the 4-5 pop-ups, but can't close them.

    I've attached the HJT log.

    Thanks in advance to anyone who can help me.
     

    Attached Files:

  2. gillianbrown

    gillianbrown Banned Posts: 141

    You're running an outdated version of HJT.

    Make sure you have the LATEST version of HJT (currently 2.0.0.2) from HERE.

    Double-click on the file you just downloaded.
    Click on the "Install" button to install.
    It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
    Please do not change the default install location.

    Very Important.

    You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

    Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

    Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

    You can now close the HJT directory.

    Run Hijackthis

    Next click on the "Do a system scan and save a log file" button.
    Hijackthis will scan and then a log will open in notepad.
    Attach the HJT log into your post.

    Under no circumstances, should you add anything to the HJT ignore list.
     
  3. IvanIsaak

    IvanIsaak TS Rookie Topic Starter

    Alright, done and done.

    Here's the updated log.
     

    Attached Files:

  4. gillianbrown

    gillianbrown Banned Posts: 141

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    AskBarDis

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    ASKService

    Close the services window.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    Twain.exe

    Close task manager.


    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: {d9a1a1eb-e773-1f09-96d4-4fa565ee920c} - {c029ee56-5af4-4d69-90f1-377ebe1a1a9d} - C:\windows\system32\hkfbuz.dll

    O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Max\Application Data\Twain\Twain.exe

    O20 - AppInit_DLLs: hkfbuz.dll

    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or folders(if there).

    C:\windows\system32\hkfbuz.dll
    C:\Documents and Settings\Max\Application Data\Twain\Twain.exe
    C:\Program Files\AskBarDis<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Please download Malwarebytes' Anti-Malware to your desktop use any of these links.
    Malwarebytes
    MajorGeeks

    Double-click mbam-setup.exe and follow the prompts to install the program.

    At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.
    Once the program has loaded, select Perform Quick Scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad. Please attach that log into your next reply, along with a fresh HJT log.

    Let us know if you're still having problems.
     
  5. IvanIsaak

    IvanIsaak TS Rookie Topic Starter

    Alright, so I did exactly as you suggested. The only problem I encountered was when I tried to delete the hkfbuz.dll file in safe mode. I got an error message saying :

    "Cannot delete hkfbuz: Access is denied

    Make sure the disk is not full or write-protected and that the file is not currently in use."

    Everything else went perfectly fine. If I haven't gotten pop-ups yet today, can I assume the problem's fixed or should I really try to get rid of that file ?

    Here are the HJT and Malwarebytes logs
     

    Attached Files:

  6. xydas7

    xydas7 TS Rookie

    hi gillianbrown i have exactly the same problem...i have attached the HJT log file...could you please help. thanks in advance for your time
     
  7. gillianbrown

    gillianbrown Banned Posts: 141

    xydas7: Please start your own thread in this forum.

    IvanIsaak: Your logs are now clean.

    Unless you're still having problems, you should be good to go.

    If you're not having any problems, please do the following.

    Please download OTMoveIt by OldTimer OTMoveIt.exe, unzip it and place it on your desktop.

    1. Double click OTMoveIt.exe to launch it.
    2. Click on the CleanUp! button.
    3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. You will be prompted to allow the clean up procedure, click Yes
    5. When finished exit out of OTMoveIt
     
  8. IvanIsaak

    IvanIsaak TS Rookie Topic Starter

    Thanks, you've been a great help!
     
  9. mikelamar

    mikelamar TS Rookie

    Can you help - here's my log

    I'm being overrun with pop-ups from sagipsul.com.
    Attached is my log file from HJT.

    Thanks in advance!!
     
  10. pandatinkle

    pandatinkle TS Rookie

    Another Sagipsul sufferer

    Yep another mug who has clicked on something they shouldn't have; don't know what but hey ho.

    Any help before a trip to PC World is much appreciated.

    Cheers

    Sue
     
  11. kleung13

    kleung13 TS Rookie

    my HJT log

    got the pop up thing, can't get rid of it?

    here's my log, thanks!
     
  12. kfried

    kfried TS Rookie

    Sagispul is killing me

    I cannot get rid of this one. Now it is getting worse and increasing in frequency and types of pop-ups. My log is attached too. Thanks for all of your help!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...