I've recently been getting popups from sagipsul and various other sites and I found this forum after some searching. I've done the 8 step virus etc removal instructions and I think it has solved the problem. But I will post the logs just incase:
Help with popups
- Thread starter jedimullet
- Start date
Drowsiness
Posts: 37 +0
Where these logs pre or post 8-step Program(tm)?
they are post
BlkHeartWolf
Posts: 151 +0
Right Click on MyComputer icon and go to properties
Turn Off system restore
open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
do a disk cleanup in your Start/accessories/system tools/ Menu
Download VUNDO and save it to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click YES
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
Click ok
After the reboot
download malwarebytes www.malwarebytes.org and install
run hijackthis and malwarebytes at the same time
select any files and or keys in the list posted in Hijackthis
but on both maiwarebytes and hijackthis click fix at the same time.then reboot immediatly.
if you forget to turn off system restore it will return no matter
reboot once complete, run hijack this and post your log here again.
When we are finished remember to turn on system restore once clean
C:\DOCUME~1\Matt\LOCALS~1\Temp\ose00000.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl7bd.cab
O20 - AppInit_DLLs: avgrsstx.dll urtxok.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
Turn Off system restore
open IE and go to TOOLS OPTIONS delete temporary internet files and cookies
do a disk cleanup in your Start/accessories/system tools/ Menu
Download VUNDO and save it to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click YES
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
Click ok
After the reboot
download malwarebytes www.malwarebytes.org and install
run hijackthis and malwarebytes at the same time
select any files and or keys in the list posted in Hijackthis
but on both maiwarebytes and hijackthis click fix at the same time.then reboot immediatly.
if you forget to turn off system restore it will return no matter
reboot once complete, run hijack this and post your log here again.
When we are finished remember to turn on system restore once clean
C:\DOCUME~1\Matt\LOCALS~1\Temp\ose00000.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
O15 - Trusted Zone: http://update.randhi.com (HKLM)
O16 - DPF: NTLSignup - https://register.tesco.net/tesco/NTLSignup.cab
O16 - DPF: {33331111-1234-1111-1111-615111193427} - http://www.www2.p0rt2.com/files/epl7bd.cab
O20 - AppInit_DLLs: avgrsstx.dll urtxok.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
ok I've done that and here's the new log:
BlkHeartWolf
Posts: 151 +0
Looks clean tom me how is it working
WOLF
WOLF
I haven't had any popups since the step guide so I think all is well, thanks.
Latest posts
-
AMD Ryzen CPUs continue to crush Intel processors on Amazon best-seller list- Squid Surprise replied
-
Greek man sentenced to prison for running a private torrent site 10 years ago
- Squid Surprise replied
-
US surgeons complete first-ever heart transplant using robotics- RudyBob replied
