Sagispul infection - logs posted

Status
Not open for further replies.
hello everyone..another victim of the sagispul virus..logs are attached below...the popups have seemed to disappear, but not sure if my system is cleaned...thank you so much for your help in advance..i would have had no idea what to do if it weren't for this board and your expertise...thanks!

forgot to mention that i've done the 8-steps as well
 
Frequently I need to point this out. Computer restart was a required user action.
Code:
C:\WINDOWS\system32\senekaqqltoqvp.dll (Trojan.Seneka)
 -> Delete on reboot

Since you report popups are gone, we will conclude with routine steps.

MBAB did not handle all that it found until the computer restart.

It appears that the infection is mostly handled.

Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

HJT scan informs what has not been handled (computer restart before HJT scan)

HJT scan. Tick & fix. Restart computer.
Code:
O2 - BHO: {b9ddd8ce-952c-0398-cd04-5e61060787d0} - {0d787060-16e5-40dc-8930-c259ec8ddd9b} - (no file)  >> broken (malware)
O2 - BHO: (no name) - {5274AE39-C7C2-4965-82B9-BB3D9765A39D} - (no file)  >> not listed
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)  >> broken (mcafee virus scan)
O20 - AppInit_DLLs: wcgnhc.dll  >> not listed 
O20 - Winlogon Notify: khfEVOfE - khfEVOfE.dll (file missing)
Confirm file does not exist -
C:\windows\system32\wcgnhc.dll


If symptoms remain, post new logs and describe conditions.


Following clean scans, Establish a new clean restore point and Clear your existing System Restore points:
  • New
    • Go to Start > All Programs > Accessories > System Tools > System Restore>
    • Select Create a restore point> OK.
  • Clear Old
    • go to Start > Run > cleanmgr > Select the More options tab >
    • Choose the option to clean up System Restore > OK

      • This will remove all restore points except the new one you just created.
 
hey everyone...thought I was in the clear...this morning I received another pop-up, ran SAS and MBAM side by side, MBAM was clear, SAS found 12 infected items, deleted them, rebooted, than ran HJT. HJT log posted below..thanks guys
 
HJT is normal.

If the opportunity presents itself, report these sites to any organization monitoring for abuse. I was recently bit following a Google search, so I posted the report with Google.

"Run as pairs" is my express notation that causes confusion when I should have used a few more words to say ... scan with MBAM followed with a SAS scan. Repeat until clean.
 
Status
Not open for further replies.
Back