Sagipsul popups

Status
Not open for further replies.
Hi,

I'm getting random pop-ups when I open Firefox, mainly from a website called "sagipsul.com".

I've tried getting rid of it with Malwarebytes, SuperAntiSpyware & McAfee, but it's still there. Usually 4 or 5 windows will pop-up but I can't see them (I only see the current Firefox window resizing). However when I alt-tab I can see the 4-5 pop-ups, but can't close them.

I've attached the HJT log.

Thanks in advance to anyone who can help me.
 

Attachments

  • hijackthis.log
    7 KB · Views: 6
You're running an outdated version of HJT.

Make sure you have the LATEST version of HJT (currently 2.0.0.2) from HERE.

Double-click on the file you just downloaded.
Click on the "Install" button to install.
It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
Please do not change the default install location.

[center]Very Important.[/center]

You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.

Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

You can now close the HJT directory.

Run Hijackthis

Next click on the "Do a system scan and save a log file" button.
Hijackthis will scan and then a log will open in notepad.
Attach the HJT log into your post.

Under no circumstances, should you add anything to the HJT ignore list.
 
Go to add remove programmes in your control panel and uninstall anything to do with(if there).

AskBarDis

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

ASKService

Close the services window.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Twain.exe

Close task manager.


Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: {d9a1a1eb-e773-1f09-96d4-4fa565ee920c} - {c029ee56-5af4-4d69-90f1-377ebe1a1a9d} - C:\windows\system32\hkfbuz.dll

O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Max\Application Data\Twain\Twain.exe

O20 - AppInit_DLLs: hkfbuz.dll

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\windows\system32\hkfbuz.dll
C:\Documents and Settings\Max\Application Data\Twain\Twain.exe
C:\Program Files\AskBarDis<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Please download Malwarebytes' Anti-Malware to your desktop use any of these links.
Malwarebytes
MajorGeeks

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please attach that log into your next reply, along with a fresh HJT log.

Let us know if you're still having problems.
 
Alright, so I did exactly as you suggested. The only problem I encountered was when I tried to delete the hkfbuz.dll file in safe mode. I got an error message saying :

"Cannot delete hkfbuz: Access is denied

Make sure the disk is not full or write-protected and that the file is not currently in use."

Everything else went perfectly fine. If I haven't gotten pop-ups yet today, can I assume the problem's fixed or should I really try to get rid of that file ?

Here are the HJT and Malwarebytes logs
 

Attachments

  • hijackthis.log
    8.6 KB · Views: 5
  • mbam-log-2008-12-27 (14-29-12).txt
    887 bytes · Views: 5
hi gillianbrown i have exactly the same problem...i have attached the HJT log file...could you please help. thanks in advance for your time
 
xydas7: Please start your own thread in this forum.

IvanIsaak: Your logs are now clean.

Unless you're still having problems, you should be good to go.

If you're not having any problems, please do the following.

Please download OTMoveIt by OldTimer OTMoveIt.exe, unzip it and place it on your desktop.

1. Double click OTMoveIt.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes
5. When finished exit out of OTMoveIt
 
Can you help - here's my log

I'm being overrun with pop-ups from sagipsul.com.
Attached is my log file from HJT.

Thanks in advance!!
 
Another Sagipsul sufferer

Yep another mug who has clicked on something they shouldn't have; don't know what but hey ho.

Any help before a trip to PC World is much appreciated.

Cheers

Sue
 
Sagispul is killing me

I cannot get rid of this one. Now it is getting worse and increasing in frequency and types of pop-ups. My log is attached too. Thanks for all of your help!
 
Status
Not open for further replies.
Back