TechSpot

Sagispul infection, logs

By OldGREGORY
Jan 2, 2009
  1. followed the steps, here are the logs
     
  2. rf6647

    rf6647 TS Maniac Posts: 829

    Code:
    Memory Modules Infected:
    C:\WINDOWS\system32\khfDvssT.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\ndmknyhl.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\cokrzn.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\yayyWQJb.dll (Trojan.Vundo) -> Delete on reboot.
    
    HJT scan >> computer restarted?  Probably not.
    O20 - AppInit_DLLs: cokrzn.dll
    
    MBAB did not handle all that it found until the computer restart.

    Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

    HJT scan informs what has not been handled (computer restart before HJT scan)
     
  3. OldGREGORY

    OldGREGORY TS Rookie Topic Starter Posts: 34

    So after that i should be good right?
    im performing the scans now
     
  4. orendk

    orendk TS Rookie

    infected w sagispul.com can't access spyware

    I am infected with sagispul.com. When I try to download antispyware.com or hijackthis.com I get a cannot load page error. How can I get around this to download a fix?
     
  5. OldGREGORY

    OldGREGORY TS Rookie Topic Starter Posts: 34

  6. rf6647

    rf6647 TS Maniac Posts: 829

    OldGregory, no warranties tonight. I just issued the third overcall to run combo_fix. If the scans are clean and no symptoms remain or reappear, then we are done. HJT catches things that were not handled - but it has its limits too.
     
  7. OldGREGORY

    OldGREGORY TS Rookie Topic Starter Posts: 34

    when i ran the scans, some things showed up, do you want the logs?
     
  8. rf6647

    rf6647 TS Maniac Posts: 829

    Logs are easy to review. What is important is what you are experiencing for symptoms. Ordinarily, MBAM is clean by the third scan. If there is significant amount of browsing between scans, SAS finds cookies. If SAS keeps reporting traces, that is unusual. HJT is the sweeper - reports what was not handled.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...