Step 8 of 8-step Removal Instructions

By bigpianist
Jan 5, 2009
  1. Hello,
    I just wanted to check with you guys to make sure that I've successfully removed this virus from my computer. I did Step 1 with Symantec Antivirus. I couldn't find any monitoring programs in Step 3, so I did nothing. I ran CCleaner twice, as well as Malwarebytes twice. I've attached the logs as requested. Thanks a bunch!
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Good Morning! We have a few thing to deal with. I would have like you to tell us what "this virus" was!

    First, you have Vundo malware in the restore points. We will remove the old restore points when your system is clean. In the meantime, do NOT use System Restore.
    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Start> Run> msconfig> enter> Selective Startup> Startup tan> UNCHECK any Viewpoint entries> Apply> OK

    Start> Run> services.msc> double click on the Viewpoint Service> change the Startup type to Disabled

    Control Panel> Add/Remove Programs> UNINSTALL Viewpoint entries.

    Reboot into Normal Mode. Ignore the nag entry and close it after checking 'don't show this message again.' Stay in Selective Startup.

    Please verify that the following entries are for your corporate network. I cannot identify the CLSID and the only URL I can get is:
    IF these are indeed your domain, leave. If not, check for Hijackthis to remove.

    Please download ComboFix.:

    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    Also disable your internet connection.

    When through, rescan with HijackThis. Attach logs for that and Combofix.
  3. bigpianist

    bigpianist TS Rookie Topic Starter

    Thanks bobbye! This post was for the Sagipsul virus- I had assumed that this 8-step guide was for that virus specifically, since that's how i found the guide- sorry! I've followed your instructions up to the Combofix part. Viewpoint Manager has been successfully removed from my computer- is the Combofix part still necessary? I understand that Combofix may be the tool that removes the bugs from the restores, so if it is still necessary, I'll do it.
    Also, classifiedventures is my corporate url. I've attached a new hijackthis.log file after having followed the viewpoint manager removal instructions- please take a gander!

    Thanks again
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No, it is the beginning-and if we're lucky-the end of the malware cleaning. We can determine if additional programs need to be run by viewing the entries in the logs.

    The HijackThis logs is clean and the O20 - AppInit_DLLs: dcngzx.dll did not reappear. However, it is not uncommon to have other malware files with a bad AppInit entry. I would be more comfortable of you ran either SDFix or ComboFix to make sure we haven't missed any of those files.

    Please download SDFix and follow the direction on Post #7 here:

    1. Download and Install SDFix
    * Download SDFix and save it to your Desktop.
    * Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)
    2. Boot into Safe Mode
    * Restart your computer and start pressing the F8 key on your keyboard.
    * Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    3. Run SDFix
    If this handles it, we'll remove the cleaning programs and old restore points.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...