1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Completed 8-step Removal Instructions

By yohyoh ยท 6 replies
Jan 4, 2009
  1. I just want to make sure that my computer has been cleaned of the sagipsul.com pop up thing since I have been having those annoying pop ups for the past couple of days. The 3 logs have been attached. Thanks.
  2. adweston

    adweston Banned Posts: 242

    No, it's still there. Download and run combofix.

    Then post the Combofix log.

    Those 8 Steps need to be updated. :)
  3. adweston

    adweston Banned Posts: 242

    Delete this one:

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    Not sure about:

    2009-01-05 c:\windows\Tasks\AE3D9E9891860F94.job
    - c:\docume~1\nelson\applic~1\coolco~1\elseboltmeta.exe

    2009-01-05 c:\windows\Tasks\fksxhedb.job
    - c:\windows\system32\rundll32.exe [2004-08-03 17:56]

    Me thinkst you wanna kill those. Something just added those scheduled tasks.
  4. yohyoh

    yohyoh TS Rookie Topic Starter

    Ran combofix

    I just ran combofix and have attached the log
  5. adweston

    adweston Banned Posts: 242

    Instructions to delete Rapid Antivirus, a rogue malware application you have installed:

    Delete registry values:
    HKEY_CURRENT_USER\Software\Rapid Antivirus
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run ieupdate

    Delete files:
    %UserProfile%\\Application Data\\install_511_MHw0MXwwfHx8fHx8fHw_\\base2.dat
    %UserProfile%\\Application Data\\install_511_MHw0MXwwfHx8fHx8fHw_\\base.dat
    %UserProfile%\\Application Data\\install_511_MHw0MXwwfHx8fHx8fHw_\\spline.dat
    %UserProfile%\\Application Data\\install_511_MHw0MXwwfHx8fHx8fHw_\\Desc.dat
    %UserProfile%\\Application Data\\Rapid Antivirus\\Rapid Antivirus.ini
    %profile%\\application data\\Rapid Antivirus\\base.dat
    %profile%\\application data\\Rapid Antivirus\\base2.dat
    %profile%\\application data\\Rapid Antivirus\\desc.dat
    %profile%\\application data\\Rapid Antivirus\\Rapid Antivirus.ini
    %profile%\\application data\\Rapid Antivirus\\spline.dat
    %program_files%\\Rapid Antivirus\\howtobuy.txt
    %program_files%\\Rapid Antivirus\\id.dat
    %program_files%\\Rapid Antivirus\\license.txt

    Delete directories:
    c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDM0MDQ4ODN8_
    %UserProfile%\Application Data\install_511_MHw0MXwwfHx8fHx8fHw_
    %UserProfile%\Application Data\Rapid Antivirus

  6. yohyoh

    yohyoh TS Rookie Topic Starter

    Cant Find Registry Values

    I used the link you provided me with but I was unable to find values in my registry so I could get rid of it.

    Also i cannot find the files in my computer that I need to delete
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well Malwarebytes has updated the program revision and definitions since last you used it. So this may be a good idea to run it again

    But personally I'd say remove McAfee (just a resource hog, and it didn't help you this time anyhow ! )


    Uninstall your McAfee Antivirus
    Then run the McAfee Removal Tool

    Un-install: Viewpoint (Removal Tool: http://prm753.bchea.org/viewpointkiller.zip)

    Install Avira free AntiVirus

    Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed

    Then it may work better ;)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...