Sagispul infection - logs posted

By lolita
Jan 3, 2009
  1. hello everyone..another victim of the sagispul virus..logs are attached below...the popups have seemed to disappear, but not sure if my system is cleaned...thank you so much for your help in advance..i would have had no idea what to do if it weren't for this board and your expertise...thanks!

    forgot to mention that i've done the 8-steps as well
  2. rf6647

    rf6647 TS Maniac Posts: 829

    Frequently I need to point this out. Computer restart was a required user action.
    C:\WINDOWS\system32\senekaqqltoqvp.dll (Trojan.Seneka)
     -> Delete on reboot
    Since you report popups are gone, we will conclude with routine steps.

    MBAB did not handle all that it found until the computer restart.

    It appears that the infection is mostly handled.

    Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

    HJT scan informs what has not been handled (computer restart before HJT scan)

    HJT scan. Tick & fix. Restart computer.
    O2 - BHO: {b9ddd8ce-952c-0398-cd04-5e61060787d0} - {0d787060-16e5-40dc-8930-c259ec8ddd9b} - (no file)  >> broken (malware)
    O2 - BHO: (no name) - {5274AE39-C7C2-4965-82B9-BB3D9765A39D} - (no file)  >> not listed
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)  >> broken (mcafee virus scan)
    O20 - AppInit_DLLs: wcgnhc.dll  >> not listed 
    O20 - Winlogon Notify: khfEVOfE - khfEVOfE.dll (file missing)
    Confirm file does not exist -

    If symptoms remain, post new logs and describe conditions.

    Following clean scans, Establish a new clean restore point and Clear your existing System Restore points:
    • New
      • Go to Start > All Programs > Accessories > System Tools > System Restore>
      • Select Create a restore point> OK.
    • Clear Old
      • go to Start > Run > cleanmgr > Select the More options tab >
      • Choose the option to clean up System Restore > OK

        • This will remove all restore points except the new one you just created.
  3. lolita

    lolita TS Rookie Topic Starter

    hey everyone...thought I was in the clear...this morning I received another pop-up, ran SAS and MBAM side by side, MBAM was clear, SAS found 12 infected items, deleted them, rebooted, than ran HJT. HJT log posted below..thanks guys
  4. rf6647

    rf6647 TS Maniac Posts: 829

    HJT is normal.

    If the opportunity presents itself, report these sites to any organization monitoring for abuse. I was recently bit following a Google search, so I posted the report with Google.

    "Run as pairs" is my express notation that causes confusion when I should have used a few more words to say ... scan with MBAM followed with a SAS scan. Repeat until clean.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...