also @ TechSpot: Tech Tip: Unlock Hidden Region-Specific Themes in Windows 7
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
Go Back   TechSpot OpenBoards > Operating Systems & Software > Virus & Malware removal
Reload this Page Sagipsul help

Sagipsul help

Closed Thread
Bookmark Thread Tools
  #1  
Old 01-02-2009
Newcomer, in training
  
Member since: Jan 2009, 2 posts
Sagipsul help
Hi, I started getting this sagipsul popups yesterday, and I have AVG free antivirus and Malwarebytes' antimalware. So, I scanned my computer with those and it found some trojans like vundo and virtumonde and stuff like that. I also installed the latest version of spyware doctor and when I scanned with it, it caught similar infections and removed. But everytime I scan, the infections are still there. So, after that I followed the 8 steps. However, I missed step 3 because I didn't know how to temporarily disable AVG free antivirus as well as malwarebytes' antimalware. After scanning my computer with superantispyware (step 5), I have not gotten any sagipsul popups since 5 minutes or so while I am writing this message. Anyways, here I have attached the 3 logs requested. Any help will be greatly appreciated.
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 01-02-2009 - 19-47-24.log (10.1 KB, 3 views)
File Type: txt mbam-log-2009-01-02 (18-02-36).txt (2.3 KB, 3 views)
File Type: log hijackthis.log (12.0 KB, 2 views)
  #2  
Old 01-03-2009
TechSpot Member
  
Member since: Dec 2008, 169 posts
System specs
delete these and give it a whirl

O4 - HKLM\..\Run: [a783nfo9ewofmdejgywf] C:\WINDOWS\TEMP\winlogun.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\WINDOWS\TEMP\winlogin.exe
O4 - HKUS\S-1-5-18\..\Run: [a783nfo9ewofmdejgywf] C:\WINDOWS\TEMP\winlogun.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xsjfn83jkemfofght] C:\WINDOWS\TEMP\winlogin.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [a783nfo9ewofmdejgywf] C:\WINDOWS\TEMP\winlogun.exe (User 'Default user')

Afterwward make sure these are gone
C:\WINDOWS\TEMP\winlogun.exe
C:\WINDOWS\TEMP\winlogin.exe
To remove this ad, sign in. To register for a new account, click here.
  
  #3  
Old 01-03-2009
Newcomer, in training
  
Member since: Jan 2009, 2 posts
how do I delete these? Do you mean I will have to again run the scans today, and if any of these are found, I delete them?
  #4  
Old 01-03-2009
TechSpot Booster
  
Location: Illinois, USA
Member since: Feb 2007, 908 posts
System specs
Code:
Memory Modules Infected:
C:\WINDOWS\system32\boswuy.dll (Trojan.Vundo) -> No action taken.
When logs show this, I am left to conclude MBAM fixed nothing because you declined the choice to remove.

Therefore, brucethetech gave you HJT items for tick & fix. The files noted for deletion can be handled from Windows Explorer (enabled to view system and hidden files).

And yes, then invest 2 hours for a full scan with MBAM & SAS.

HJT informs of items not handled by the scans.
Closed Thread

Tip: Download Advanced SystemCare 3 Freeware - 1 Click A Day to Clean, Repair, Protect & Optimize your PC.

Thread Tools


Similar Topics
Topic Category Replies Last Post
Sagipsul Help Virus & Malware removal 3 01-02-2009 06:31 PM
Thanks for help - Sagipsul.com Virus & Malware removal 1 01-01-2009 03:46 PM
Help with Sagipsul please Virus & Malware removal 1 12-31-2008 07:19 AM
Sagipsul.. Please Help Virus & Malware removal 7 12-30-2008 05:46 PM
Sagipsul, etc Virus & Malware removal 1 12-29-2008 08:55 PM


All times are GMT -4. The time now is 11:19 AM.