Sagipsul.com Virus

[maton84]

Hello,

I had a bunch of pop-ups that kept coming up while I was online. I noticed that most of the pop-ups started with "sagipsul.com". When I looked it up online I found your numerous threads on how to fix it. The problem for me was that i believe this virus was blocking your forum because i couldn't access it via my desktop and for that matter I also couldn't access any anti-virus sites (i.e. McAfee, Symantec, etc...). Luckily i have a laptop that was not infected and i could access your site.

I have gone thru the 8 steps for prelimanry viruses removal.

Attached are the three logs that the thread requested i attach.

Please review and let me know if i have to do anything else.

Thanks in advance for your help. I was really frustrated prior to finding your site.

Cheers!

 

[rf6647]

The logs inform that you have handled this well.

The HJT from safe mode keeps startup applications from running and showing in the process list. Running in normal mode without symptoms of infections is the real test of the fixes.

HJT Scan. Tick & Fix. Restart computer

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)  >>  broken (yahoo companion)

Happy New Year - happy computing.

Establish a new clean restore point and Clear your existing System Restore points:

• New
  • Go to Start > All Programs > Accessories > System Tools > System Restore>
  • Select Create a restore point> OK.
• Clear Old
  • go to Start > Run > cleanmgr > Select the More options tab >
  • Choose the option to clean up System Restore > OK
    • 
      This will remove all restore points except the new one you just created.

 

[Tiani]

Hi, maton84!
Like you, I have problems with the sagipsul virus.
I've reviewed your log, but it just so happens that I am not computer savvy.
I was wondering if you, or any other members could break this down in terms that are quite simple.

It would be very much appreciated,
Tiani.

 

[rf6647]

Tiani

• Following the Guide: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions creates a common beginning for an initial assessment.
  
  
• Just a few key symptoms can better focus the efforts.
  
  
• Complaining of no access to websites with tools -
  • Highlight that among the symptoms
    

Tiani, please begin a new thread to discus your problem. Use the link to the start page for this forum. Upper left portion of the page displays the 'new thread' . Click it & go from there. Once there look for

 

[maton84]

Thanks for your help rf6647,

I have attached the hijackthis file that I ran on normal mode.

Can you let me know how it looks?

Thanks in advance for your help.

 

[rf6647]

First impression - you are running with 2 antivirus programs, Avira & McAfee. Uninstall one after you evaluate results.

Second observation - an infection has appeared.

O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
[URL="http://www.systemlookup.com/lists.php?list=2&type=name&search=prunnet&s="]Reference link[/URL]

It is troubling since neither AV detected it. This could signify interference or corruption. Demote one AV to demand only. Update each & re-scan.

Following that exercise, update and scan with MBAM followed by SAS.

Next, scan with ComboFix. See supporting information. This program also provides diagnostic information.

HJT scan informs what has not been handled (computer restart before HJT scan)

Post new logs and describe conditions.


Supporting information

Uninstall Combofix

Simplified Instructions for ComboFix + link to download
How-to-use instructions - full version

Please see this for instructions:
:Temporarily Disable Real Time Monitoring Programs

• 1 Spybot S&D (Teatimer)
• 2 Ad-Aware Ad-Watch
• 3 Spywareguard
• 4 Windows Defender
• 5 TrojanHunter Guard
• 6 Disable SpySweeper
• 7 WinPatrol
• 8 CounterSpy
• 9 AVG Anti-Spyware (formerly ewido)
• 10 Spyware Doctor
• 11 Prevx
• 12 ProcessGuard
• 13 ZoneAlarm's OS Firewall
• 14 Ad-Aware 2007 Service