also @ TechSpot: Fair Labor Association begins inspections of Foxconn at Apple's request
Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Sign up or Login to participate.
Go Back   TechSpot OpenBoards > Tech Support > Virus and Malware Removal
Reload this Page Sagipsul, et cetera.

Download Now:

Sagipsul, et cetera.
Thread Tools Search this Thread
  #1  
Old 01-03-2009
Newcomer, in training
  
Member since: Jan 2009, 1 posts
Sagipsul, et cetera.
My computer's been infected since Jan. 1 (happy new year, right?), and searching around for fixes led me to techspot.

Random popups when not online, or on webpages that shouldn't have popups started occurring, mostly from sagipsul. Before the attacks happened, I had AVG and AdAware free versions on my computer (albeit outdated). Installing the most recent versions and multiple scans with both failed to fix the problems, so I discovered + followed the 8-step virus removal thread. Logs are attached.

Things are looking MUCH better since following the instructions, and I haven't gotten popups every few minutes since completing them. Still, I want to be sure I've got everything cleared up, so please let me know if there is anything else I need to do or be aware of.

Thanks a bunch!

[edit] Oh, by the way, of the list of recommended anti-virus and firewall programs in the 8-steps, I installed Avast! and Comodo.
Attached Files
File Type: txt mbam-log-2009-01-03 (18-34-24).txt (3.3 KB, 1 views)
File Type: txt mbam-log-2009-01-03 (18-36-27).txt (3.8 KB, 1 views)
File Type: log SUPERAntiSpyware Scan Log - 01-03-2009 - 20-14-42.log (861 Bytes, 1 views)
File Type: log hijackthis.log (9.9 KB, 1 views)
Last edited by ilymandias; 01-03-2009 at 11:06 PM..
  #2  
Old 01-06-2009
TechSpot Addict
  
Location: Illinois, USA
Member since: Feb 2007, 931 posts
System specs
Uninstall AVG using Removal Tool

Frequently I need to point this out. Computer restart was a required user action.
Code:
Memory Modules Infected:
C:\WINDOWS\system32\cndqiolt.dll (Trojan.Vundo.H) -> Delete on reboot.
Since you report popups are gone, we will conclude with routine steps.

MBAB did not handle all that it found until the computer restart.

It appears that the infection is mostly handled.

Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

HJT scan informs what has not been handled (computer restart before HJT scan)

HJT scan. Tick & fix. Restart computer.
Code:
O2 - BHO: (no name) - {8FFE8FDE-9A5D-4908-BE37-A76AAD7D088E} - C:\WINDOWS\system32\khfCvWOI.dll (file missing)  >> broken (not listed)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777}
 - c:\Program Files\BAE\BAE.dll  >> objectionable ((see here)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)  >> broken (Realcom)
If symptoms remain, post new logs and describe conditions.


Following clean scans, Establish a new clean restore point and Clear your existing System Restore points:
  • New
    • Go to Start > All Programs > Accessories > System Tools > System Restore>
    • Select Create a restore point> OK.
  • Clear Old
    • go to Start > Run > cleanmgr > Select the More options tab >
    • Choose the option to clean up System Restore > OK
      • This will remove all restore points except the new one you just created.
Closed Thread

Similar Topics
Topic Replies Forum
Sagipsul help 3 Virus and Malware Removal
Need Help with Sagipsul Pop up 0 Virus and Malware Removal
Help with Sagipsul please 1 Virus and Malware Removal
Arachnophilia 5.3 Help Et cetera 0 Introduce yourself

Thread Tools Search this Thread
Search this Thread:

Advanced Search
All times are GMT -4. The time now is 03:22 PM.