TechSpot

Sagispul.com pop-up

By hobermallow
Jan 3, 2009
  1. The malware infection on my computer started with fake virus alerts, prompting me to "scan." It would also create short cuts to web pages on my desktop.
    I cleaned it up best I could (running mcaffee, physically deleting all files I could find related to this new "virus scanner"). This seemed to stop most of the problems. All that was left was a consistent annoying pop-up to sagispul.com.

    I ran the 8-steps, and attached are the logs. So far so good, no pop-ups, and the computer seems to be running smooth. Just wanted to make sure it's gone. Anything more to get rid of?

    I appreciate any help that may be provided! :)
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. hobermallow

    hobermallow TS Rookie Topic Starter

    is McAfee no good? I take it Avira is a better replacement...
     
  4. rf6647

    rf6647 TS Maniac Posts: 829

    Kimsland is a straightshooter. McAfee is a well-respected product that is just a bit behind the competition. Periodic scans with MBAB & SAS can give assurances that McAfee is being effective - or not.
    Code:
    Memory Modules Infected:
    C:\WINDOWS\system32\btctwadc.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ssqomkKd.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\mnnhpy.dll (Trojan.Vundo) -> Delete on reboot.
    
    HJT residue - no computer restart?
    O20 - AppInit_DLLs: mnnhpy.dll
    MBAB did not handle all that it found until the computer restart.

    Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

    HJT scan informs what has not been handled (computer restart before HJT scan).
     
  5. hobermallow

    hobermallow TS Rookie Topic Starter

    thanks, really appreciate the help!
    just finished running both mbab and sas - they reported the computer is clean, no found malware
     
  6. rf6647

    rf6647 TS Maniac Posts: 829

    Establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...