also @ TechSpot: Microsoft's Indian online store hacked, passwords and user data exposed
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Tech Support > Virus and Malware Removal
Reload this Page Help with sagipsul virus

Collaborate in the cloud with Office, Exchange, SharePoint, and Lync

Help with sagipsul virus
Thread Tools Search this Thread
  #1  
Old 01-02-2009
TechSpot Member
  
Location: alabama
Member since: Jan 2009, 31 posts
Help with sagipsul virus
I have just done the 8 steps and have sent the logs. The pop ups have stopped. Please check the logs to make sure I got everything. Thank you for your help
Attached Files
File Type: txt mbam-log-2009-01-02 (15-41-14).txt (16.2 KB, 5 views)
File Type: log hijackthis.log (17.1 KB, 3 views)
File Type: log SUPERAntiSpyware Scan Log - 01-02-2009 - 16-40-54.log (465 Bytes, 1 views)
Last edited by cgarmon; 01-02-2009 at 08:32 PM..
  #2  
Old 01-03-2009
TechSpot Addict
  
Location: Illinois, USA
Member since: Feb 2007, 931 posts
System specs
HJT scan. Tick & fix. Restart computer.
Code:
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)  >> broken
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (file missing)  >> broken
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) >> broken (MS money)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\2.bin\m3SrchMn.exe" /m=0
Uninstall programs / delete files / delete folders
C:\PROGRA~1\MYWEBS~2


Code:
Files Infected:
C:\WINDOWS\SYSTEM32\senekafvkkyvbe.dll (Trojan.Seneka) -> Delete on reboot.

HJT scan >> computer restarted?  Probably not.
O20 - AppInit_DLLs: nydjht.dll
MBAB did not handle all that it found until the computer restart.

Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

HJT scan informs what has not been handled (computer restart before HJT scan)
  #3  
Old 01-05-2009
TechSpot Member
  
Location: alabama
Member since: Jan 2009, 31 posts
removal
an HJT only the 04-hklm showed up removed them , restarted computer deleted files and folders for program mywebs. Ran MBAB & SAS twice now clean. restarted computer and ran HJT. This is a log of the final HJT ran Do I need to remove the 02 files from the previous log since they are still there?
Attached Files
File Type: log hijackthis.log (16.8 KB, 2 views)
  #4  
Old 01-05-2009
TechSpot Addict
  
Location: Illinois, USA
Member since: Feb 2007, 931 posts
System specs
Reference >> O20 - AppInit_DLLs: nydjht.dll qhjqrb.dll
Verify both files are gone. It takes a week or so for tool developers to clean up this reference.

C:\windows\system32\nydjht.dll
C:\windows\system32\qhjqrb.dll

The next time you update / repair / remove Yahoo tools will take care of remaining O2 items. It does not cause problems. Otherwise, Safe mode may be needed if the tick/fix did not work in normal mode.

Establish a new clean restore point and Clear your existing System Restore points:
  • New
    • Go to Start > All Programs > Accessories > System Tools > System Restore>
    • Select Create a restore point> OK.
  • Clear Old
    • go to Start > Run > cleanmgr > Select the More options tab >
    • Choose the option to clean up System Restore > OK
      • This will remove all restore points except the new one you just created.
Closed Thread

Similar Topics
Topic Replies Forum
Sagipsul.com Virus 5 Virus and Malware Removal
Sagipsul virus 0 Virus and Malware Removal
Sagipsul Virus 0 Virus and Malware Removal
Sagipsul.com Virus 5 Virus and Malware Removal
Sagipsul Virus 4 Virus and Malware Removal

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 02:07 PM.