also @ TechSpot: Microsoft's Indian online store hacked, passwords and user data exposed
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Tech Support > Virus and Malware Removal
Reload this Page Sagipsul help

Begin your free trial now Pay-as-you-go options starting at $10/user/month

Sagipsul help
Thread Tools Search this Thread
  #1  
Old 01-02-2009
Newcomer, in training
  
Member since: Jan 2009, 2 posts
Sagipsul help
Hi, I started getting this sagipsul popups yesterday, and I have AVG free antivirus and Malwarebytes' antimalware. So, I scanned my computer with those and it found some trojans like vundo and virtumonde and stuff like that. I also installed the latest version of spyware doctor and when I scanned with it, it caught similar infections and removed. But everytime I scan, the infections are still there. So, after that I followed the 8 steps. However, I missed step 3 because I didn't know how to temporarily disable AVG free antivirus as well as malwarebytes' antimalware. After scanning my computer with superantispyware (step 5), I have not gotten any sagipsul popups since 5 minutes or so while I am writing this message. Anyways, here I have attached the 3 logs requested. Any help will be greatly appreciated.
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 01-02-2009 - 19-47-24.log (10.1 KB, 3 views)
File Type: txt mbam-log-2009-01-02 (18-02-36).txt (2.3 KB, 3 views)
File Type: log hijackthis.log (12.0 KB, 2 views)
  #2  
Old 01-03-2009
TechSpot Enthusiast
  
Member since: Dec 2008, 296 posts
System specs
delete these and give it a whirl

O4 - HKLM\..\Run: [a783nfo9ewofmdejgywf] C:\WINDOWS\TEMP\winlogun.exe
O4 - HKLM\..\Run: [xsjfn83jkemfofght] C:\WINDOWS\TEMP\winlogin.exe
O4 - HKUS\S-1-5-18\..\Run: [a783nfo9ewofmdejgywf] C:\WINDOWS\TEMP\winlogun.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xsjfn83jkemfofght] C:\WINDOWS\TEMP\winlogin.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [a783nfo9ewofmdejgywf] C:\WINDOWS\TEMP\winlogun.exe (User 'Default user')

Afterwward make sure these are gone
C:\WINDOWS\TEMP\winlogun.exe
C:\WINDOWS\TEMP\winlogin.exe
  #3  
Old 01-03-2009
Newcomer, in training
  
Member since: Jan 2009, 2 posts
how do I delete these? Do you mean I will have to again run the scans today, and if any of these are found, I delete them?
  #4  
Old 01-03-2009
TechSpot Addict
  
Location: Illinois, USA
Member since: Feb 2007, 931 posts
System specs
Code:
Memory Modules Infected:
C:\WINDOWS\system32\boswuy.dll (Trojan.Vundo) -> No action taken.
When logs show this, I am left to conclude MBAM fixed nothing because you declined the choice to remove.

Therefore, brucethetech gave you HJT items for tick & fix. The files noted for deletion can be handled from Windows Explorer (enabled to view system and hidden files).

And yes, then invest 2 hours for a full scan with MBAM & SAS.

HJT informs of items not handled by the scans.
Closed Thread

Similar Topics
Topic Replies Forum
Sagipsul help please 12 Virus and Malware Removal
Need Help with Sagipsul Pop up 0 Virus and Malware Removal
Sagipsul.. Please Help 7 Virus and Malware Removal
Sagipsul, etc 1 Virus and Malware Removal

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 02:23 PM.