My 3 logs - Finished the 8 steps for sagispul virus

By danccc · 5 replies
Dec 31, 2008
  1. what is mbam and sas, im not familiar at all. ive been infected with this virus too and found a link to a thead here off google search, so signed up. have used hijack this in the past. here is log.
  2. rev_olie

    rev_olie TS Guru Posts: 560

    MBAM is an acronym for Malwarebytes anti malware

    SAS is an acronym for Super Anti Spyware.

    Both of these should be run and the logs posted ALONG WITH the Hijackthis log as rf6647 said above. Its just make our job easier but again SAGIPSUL is usually dealt with by following the 8 step removal process.
  3. danccc

    danccc TS Rookie Topic Starter

    thanks, i cant download sas from the 8 step link thread above. says failed to connect, temporary error? on the malw anti-m, ive run it twice and my computer was bombarded with popups and froze and had to restart. im sitting here now waiting for the scan to end, generally how long do these scans take? (since it seems i have to manually close every pop up that appears). its on 30 minutes and still on my c drive
  4. rf6647

    rf6647 TS Maniac Posts: 829


    We try to establish a unique thread for each member. While you struggle with the infection, here is some info.

    • Without supporting logs, anything caught by HJT is used to suggest changes.
    • However, the MBAM and/or SAS logs will improve diagnosis of this thrreat.

    • Scan with HJT. Tick & Fix. Restart the computer.
    O3 - Toolbar: test - {5F1B5857-818C-11DB-AED8-001485F68029} - C:\Program Files\Default Company Name\SBRToolbar\test.dll
    O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
    O4 - HKLM\..\Run: [78a791a1] rundll32.exe "C:\WINDOWS\system32\uhhhnixb.dll",b
    O4 - HKLM\..\Run: [Ryigebevamikum] rundll32.exe "C:\WINDOWS\Efizi.dll",e
    O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
    O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
    If the HJT scan catches things not cleaned by MBAM & SAS, this type of information will lead to adapting to changes.

    Other Considerations
    Sagipsul malware may be extending the runtimes for MBAB. Please try to disconnect from the Internet while scanning with MBAB.
  5. danccc

    danccc TS Rookie Topic Starter

    here are my 3 logs from hj, mbam, and sas

    says i cant attach the hj long b/c i already attached it in another thread: "sagispul spyware".
  6. rf6647

    rf6647 TS Maniac Posts: 829

    Thanks to KImsland for moving things to straighten this out.

    • Your logs show found but unanswered items - React to unanswered items appearing in MBAM scan logs
      • 'Delete on Reboot’ - Restart the computer after concluding the scan
    • Update MBAM
    • Re-run scans with MBAM & SAS.
      • Repeat scans until clean or finding something that cannot be cleaned
    • Restart the computer.
    • Scan with HJT,
    • Post logs & inform of progress and changes.
    Note: Naming HJT log with a sequence number satisfies the check for posting redundant files.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...