TechSpot

Sagipsul Virus please help

By glambaws
Jan 5, 2009
  1. I believe I have a Sagipsul virus. I followed the 8 steps listed in other threads, but my browser still tries to connect to a web adress such as: sagipsul.com/...
    I will try to post my recent logs with this
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Uninstall your McAfee Antivirus
    Then run the McAfee Removal Tool

    Install Avira free AntiVirus

    Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed
    By the way, your 5 other posts have been removed from someone elses Introduce yourself thread. You Do Not Need 5 Posts to get support here
     
  3. glambaws

    glambaws TS Rookie Topic Starter

    I removed McAfee, then used the removal tool.
    I installed Avira.
    Ran Malwarebytes at least 4 times. The last 2 reported no infected objects.
    Could you please have a look at my most recent logs which I have attached, I think I have removed all malicious software.
    Thank you very much for your advice Kimsland

    This is the most recent Malwarebyte log file. After updating I found 1 more infected object.
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Your almost there. Update MBAB & SAS. Your version of MBAM is about 100 updates behind the current version.

    Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

    HJT scan informs what has not been handled (computer restart before HJT scan)

    Caught by HJT.
    Code:
    O20 - AppInit_DLLs: [B]hupxmc.dll[/B][LIST]
    [*]Confirm file has been deleted. 
    [*]'Regedit' can be used to delete references to file
    [*]Or wait for updated MBAM to clean this reference.
    [/LIST]
    
    If symptoms remain, post new logs and describe conditions.


    Following clean scans, Establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
     
  5. glambaws

    glambaws TS Rookie Topic Starter

    I updated SAS and Malwarebytes.
    Ran them both at the same time. Both gave clean reports (attached)
    Restarted computer.
    Ran HJT, (log attached)

    Thanks for your help. Is my system clean now?
     
  6. rf6647

    rf6647 TS Maniac Posts: 829

    Add note - RE: O6 items


    Ok! And I need to improve my wording - run as pair - should been understood as 'back-to-back'. Run MBAN. Run SAS. Repeat sequence until clean. I have this trouble when I try to save a few words. I was trying to correct the other interpretation where repeatedly run the first until clean and then repeat for the second.

    Perhaps Kimsland will drop in on this thread. I do not recall how to control this or make it normal other than to reset the Internet Explorer settings (RIES)
    Code:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    PostScript
    HJT Tick & Fix
    Code:
    O20 - AppInit_DLLs: hupxmc.dll
    Establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
     
  7. glambaws

    glambaws TS Rookie Topic Starter

    ok cleared my restore points.
    ran SAS and malwarebytes after each other. logs attached.
    used HJT to remove 020 as instructed above.
    Reset internet Explorer.
    ran HJT again, log is below.

    Thanks for all your help. Is my sistem clean now?
     
  8. rf6647

    rf6647 TS Maniac Posts: 829

    I believe your system is clean.

    The 'toolbar restriction' is probably coming from one of them (such as Goo gle, Real, Mes senger, Java, or anything appearing as a button or menu item).

    Tick/fix of O6 entries is not a fix. It suppresses the appearance in the log (unless re-generated by some program action that is reflected here). See #O6Diag

    CCleaner has a 'registry' analyze/fix capability. Perhaps it can flag other keys that trigger the O6 toolbar restriction.

    An perhaps it is 'residue' in its own right. HJT in safe mode has remove entries that were not touchable in normal mode.

    If you have any doubts, Combo_fix scan can be used. In addition to its ability to root out stubborn infections, it picks out residue left by other scanners, and provides diagnostic information. (Combo_fix is spelled without '_' )

    Two more cosmetic changes -
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - >> mcafee installer

    Tag back with logs or other concerns.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...