Sagispul and Vundo - help a fella out please

[TTR]

Hi there,

First time poster but have found the info on this site to be so helpful.

Few days ago I picked up sagispul bug (kept getting the pop ups) and following the 8 part process on this site, malwarebytes and SAS also picked up and removed Vundo. Have re-run them (fully updated) and doesnt seem to be picking anything up and also re run mcAfee and nothing coming up. Normally use mcafee with not problems at all so a little freaked out that it did not get them.

Would be really grateful if someone could look at my logs attached and let me know if I have indeed got rif of them?

Thanks in advance and happy new year!

 

[ascot54]

Hi TTR,

I'm still learnig the log files etc,
however from experience, Mcafee stuffed my pc up big time..

Personally, i then went to Norton, all was well for a whle, then same thing happened.

now i have Avast, free updates...
its recommended on here with Avira..

Follow the 8 step guide as listed at start of forum...
I have used it again this week for 2nd time and running clean again.

worth going into "safe mode" (hit F8, before windows boot screen) and run the checks..

also ensure the databases are up to date on Malware and SAS...
if you still have probs
run ComboFix the SDFix, links available on here

I'd disable Mcafee while you do the above,

Rgds

 

[TTR]

thanks buddy.

followed the steps and everything looks clean to me. All the databased were up to date. Not sure if anything in the hijack log would indicate if there is a problem there? anyone who can have a look I would be very grateful.

 

[ascot54]

TTR,

HJT log..
i didnt see anything personally, mind you i'm comparing it to my recent attack.
although a service on 23 caught my eye..

Malware:
looked ok

SAS:
few things there which presume you selected to quarantine and then delete..!!!

rgds
Ascot

ps:

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exes

that was what caught my eye....

 

[rev_olie]

That file ascot is in fact the updater service for Apple...so you need it

 

[ascot54]

Rev,

i bow to your superior knowledge of course...

i dont recall seeing apple on my Windows pc...
hence why it caught my eye....

as i said, im learning...

still a young jedi here lol

altho was i correct on the SAS log...??

 

[rev_olie]

That's OK I'm still pretty new so i get it wrong as well.

In this game remember Google is your friend

The log with SAS has:

\Th\Cookies\

in the name thereby giving us the knowledge it is a temporary file and so Superantispyware will generally automatically delete them.

So mainly you were correct. Good first go.

If you want to learn this stuff go to geekstogo and join the Malware removal university there. I started but was a bit to busy so couldn't finish but its good.

 

[TTR]

thanks guys. I know about bonjour as I googled it myself!

the cookies sas picked up were deleted automatically.

Rev, does everything else look ok? Not having pop ups anymore but would value your thoughts on whether its ok?

 

[rev_olie]

Are you sure you are not having pop-ups any more?

You have not removed anything from your PC to suggest the infection has been removed?

Have you scanned with anything since posting that HJT log above? If so if a log was produced can you attach it here for me?

Thanks

 

[TTR]

Suprispul and Vundo Updated

hi there,

thanks for your reply. When I first got the sagispul bug I first ran malwarebytes anyway which picked it up and deleted it. I then read up on this site the 8 part process and basically did it from scratch, so I did pick the bugs up and delete them that why the malware scan attached is showing nothing.

I have done the 8 part process again today, and have attached the scans. Malware showing nothing and SAS only showing a cookie which it deleted, so looks ok to me, but I really dont know if there is anything in the hijack log that would indicate there is a problem? Any help would be great and would put my mind at ease.

Thanks a lot. TTR

 

[TTR]

Sorry, but can one of the experts have a look at my hijack log and give me the all clear please if my system is now clean?

Thanks a million.

 

[rev_olie]

Hi

Sorry i didn't get back to you quicker. You log overall seems clean.

However. just to ask did you have notepad running when you scanned with HJT?.

If you didn't then that's fine your clean. However if you did then there may be a problem. If you did then can you attach a new log. If not however your clean.

Sorry about the wait.

 

[TTR]

Hi rev,

thanks for coming back to me. You are a gentleman.

Pretty sure i did not have notepad open when I ran hijack but have done it again anyway now (definately nothing else apart from this site open) for you to check.

Looks clean but if you can confirm that would be great.

 

[rev_olie]

Yep you did have it open its not there now

Did you delete your 04 entries by the way because there are apparently no program opening on your machine when you turn it on and you don't have a web browser?

Other than that there is no processes or NT services to worry about

 

[TTR]

thats for coming back to me. You have been a real help buddy. Appriciate it.

Not sure I understand re the 04 and the browser? What exactly and how do I delete them?

 

[rev_olie]

Right well if you open both of your Hijackthis logs on the first one you will see the list of running processes at the top and then a space and there will be a set of numbers at the side with 04 on.

Now when you look at the latest scan you will find that there are no 04 entries in there...which isnt good :suspiciou

Sorry to be a pain but i think something has gone wrong somewhere. Can you re scan with Hijackthis and post another log. If it does it again something isn't right .

 

[TTR]

hi matey,

attached the latest log.

checked this latest scan and the 04's are back in there. Take it everything is normal now?


You have been a real help. Lots of good karma headed your way.

 

[rev_olie]

Yes that looks like it to me

Now every 2-3 weeks keep scanning with Malwarebytes and Superantispyware to make sure updating both before scanning.

I would then advise you to clean your system with CCleaner.

You can get the download along with my user guide HERE

Happy surfing