Sagipsul, Darksma and System Restore

[jinscriba]

Good day. I noticed from the other threads that there really isn't a general solution for sagipsul, so I'll post the HJT log as well as the Malwarebytes log I have. Sagipsul's been coming up since yesterday.

I was at my girlfriend's house from Sunday until New Year's Eve in the afternoon, so I do not really know the desktop activity at those days. My brother said he downloaded Veoh Beta as well as Exterminate This!, both of which have already been uninstalled.

Also, System Restore's not working. I clicked Next multiple times in the last page, but it won't go through. What's wrong?

Thank you very much for the help.

 

[rev_olie]

Hi Jinscriba
Welcome to techspot!!

I cant see anything in your log to suggest Sagipsul but there are somethings in there im not sure about and Google hasnt returned qualified results to suggest your log is clean.

Please download SDFIX from here

• # Run the SDFix.exe by double clicking on it.
  
• # Allow it to install into the default location which is normally c:\SDFix
  
• # Now please reboot your computer into Safe Mode (see this if you don't know how: Starting your computer in Safe mode )
  
• # When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
  
• # Type Y to begin the cleanup process.
  
• # It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
  
• # Press any Key and it will restart the PC.
  
• # When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• # Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• # Attach the Report.txt file to your next message

Then repost with a fresh Hijackthis log and the log from SDFix

 

[jinscriba]

I ran SDFix. The report's attached below. What exactly is wrong with the computer? Is there anything with regards to System Restore not working?

Also, Sagipsul is still coming up, though you mentioned that there's no sign of sagipsul at the logs.

 

[rev_olie]

I wasn't sure about a couple of files on your Hijackthis log.
The files didn't seem to send a definite yes or no answer as to whether they were good or bad.

Can you now attach a fresh Hijackthis log and i will be able to tell you for definite if you had an infection .

 

[jinscriba]

Here's the HJT log. I noticed that Sagipsul also pops up on Internet Explorer, but comes up as a 404 under Yahoo!. And my temporary solution of uninstalling Firefox then does not affect Sagipsul's existence.

 

[rev_olie]

Ok I'm still concerned about something on your log

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

This is either a nvidia controller or a worm called GAOBOT.ZX or GAOBOT.ADV

Do you have a nvidia card?

Also did you know anything about this site in your trusted zone:

www.japanhero.com

Just need this bit of info

 

[jinscriba]

I do have an Nvidia card. If I don't, would that be a problem?

Also, Japan Hero is a website dedicated for Japanese tokusatsu shows. Does putting it as a trusted website causing any problems?

 

[rev_olie]

Well with the answers you gave me i would say you were clean

If you didn't have a nvidia card then that file would be classed as a worm that would need removal but that should be OK.

Also the site just need checking by us to make sure you know its there otherwise it could be a stepping stone of something like a browser hijack etc.

But all is well. Keep scanning with Malwarebytes and Superantispyware every 2-3 weeks and you will be fine

 

[jinscriba]

Thank you very much for the help.