TechSpot

yohyoh · #1 01-04-2009

I just want to make sure that my computer has been cleaned of the sagipsul.com pop up thing since I have been having those annoying pop ups for the past couple of days. The 3 logs have been attached. Thanks.

adweston · #2 01-04-2009

No, it's still there. Download and run [URL="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]combofix[/URL].

Then post the Combofix log.

Those 8 Steps need to be updated.

adweston · #3 01-04-2009

Delete this one:

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wcgnhc.dll

Not sure about:

2009-01-05 c:\windows\Tasks\AE3D9E9891860F94.job
- c:\docume~1\nelson\applic~1\coolco~1\elseboltmeta.exe

2009-01-05 c:\windows\Tasks\fksxhedb.job
- c:\windows\system32\rundll32.exe [2004-08-03 17:56]

Me thinkst you wanna kill those. Something just added those scheduled tasks.

yohyoh · #4 01-04-2009

I just ran combofix and have attached the log

adweston · #5 01-05-2009

Instructions to delete Rapid Antivirus, a rogue malware application you have installed:

Delete registry values:
HKEY_CURRENT_USER\Software\Rapid Antivirus
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run ieupdate

Delete files:
%UserProfile%\\Application Data\\install_511_MHw0MXwwfHx8fHx8fHw_\\base2.dat
%UserProfile%\\Application Data\\install_511_MHw0MXwwfHx8fHx8fHw_\\base.dat
%UserProfile%\\Application Data\\install_511_MHw0MXwwfHx8fHx8fHw_\\spline.dat
%UserProfile%\\Application Data\\install_511_MHw0MXwwfHx8fHx8fHw_\\Desc.dat
%UserProfile%\\Application Data\\Rapid Antivirus\\Rapid Antivirus.ini
%profile%\\application data\\Rapid Antivirus\\base.dat
%profile%\\application data\\Rapid Antivirus\\base2.dat
%profile%\\application data\\Rapid Antivirus\\desc.dat
%profile%\\application data\\Rapid Antivirus\\Rapid Antivirus.ini
%profile%\\application data\\Rapid Antivirus\\spline.dat
%program_files%\\Rapid Antivirus\\howtobuy.txt
%program_files%\\Rapid Antivirus\\id.dat
%program_files%\\Rapid Antivirus\\license.txt

Delete directories:
c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM0MDQ4ODN8_
%UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_
%UserProfile%\Application Data\Rapid Antivirus

[url]http://www.2-spyware.com/remove-rapid-antivirus.html[/url]

yohyoh · #6 01-10-2009

I used the link you provided me with but I was unable to find values in my registry so I could get rid of it.

Also i cannot find the files in my computer that I need to delete

kimsland · #7 01-10-2009

Well Malwarebytes has updated the program revision and definitions since last you used it. So this may be a good idea to run it again

But personally I'd say remove McAfee (just a resource hog, and it didn't help you this time anyhow ! )

-------------------------

Uninstall your McAfee Antivirus
Then run the McAfee Removal Tool

Un-install: Viewpoint (Removal Tool: http://prm753.bchea.org/viewpointkiller.zip)

Install Avira free AntiVirus

Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed

Then it may work better

Similar Topics
Topic	Replies	Forum
Problems with computer. Completed 8-step removal instructions	9	Virus and Malware Removal
8-step removal instructions completed, help	10	Virus and Malware Removal
Followed the 8-step Removal Instructions	1	Virus and Malware Removal
Step 8 of the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions	1	Virus and Malware Removal
completed the removal instructions but...	6	Virus and Malware Removal

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

TechSpot

Completed 8-step Removal Instructions

Follow TechSpot

Subscribe to our Newsletter