Sagipsul Virus please help
- Thread starter glambaws
- Start date
- Status
Uninstall your McAfee Antivirus
Then run the McAfee Removal Tool
Install Avira free AntiVirus
Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed
By the way, your 5 other posts have been removed from someone elses Introduce yourself thread. You Do Not Need 5 Posts to get support here
Then run the McAfee Removal Tool
Install Avira free AntiVirus
Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
You need to run this multiple times, until all hidden Malwares are uncovered and removed
By the way, your 5 other posts have been removed from someone elses Introduce yourself thread. You Do Not Need 5 Posts to get support here
I removed McAfee, then used the removal tool.
I installed Avira.
Ran Malwarebytes at least 4 times. The last 2 reported no infected objects.
Could you please have a look at my most recent logs which I have attached, I think I have removed all malicious software.
Thank you very much for your advice Kimsland
This is the most recent Malwarebyte log file. After updating I found 1 more infected object.
I installed Avira.
Ran Malwarebytes at least 4 times. The last 2 reported no infected objects.
Could you please have a look at my most recent logs which I have attached, I think I have removed all malicious software.
Thank you very much for your advice Kimsland
This is the most recent Malwarebyte log file. After updating I found 1 more infected object.
Your almost there. Update MBAB & SAS. Your version of MBAM is about 100 updates behind the current version.
Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.
HJT scan informs what has not been handled (computer restart before HJT scan)
Caught by HJT.
If symptoms remain, post new logs and describe conditions.
Following clean scans, Establish a new clean restore point and Clear your existing System Restore points:
Rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.
HJT scan informs what has not been handled (computer restart before HJT scan)
Caught by HJT.
Code:
O20 - AppInit_DLLs: [B]hupxmc.dll[/B][LIST]
[*]Confirm file has been deleted.
[*]'Regedit' can be used to delete references to file
[*]Or wait for updated MBAM to clean this reference.
[/LIST]Following clean scans, Establish a new clean restore point and Clear your existing System Restore points:
- New
- Go to Start > All Programs > Accessories > System Tools > System Restore>
- Select Create a restore point> OK.
- Clear Old
- go to Start > Run > cleanmgr > Select the More options tab >
- Choose the option to clean up System Restore > OK
This will remove all restore points except the new one you just created.
Add note - RE: O6 items
Ok! And I need to improve my wording - run as pair - should been understood as 'back-to-back'. Run MBAN. Run SAS. Repeat sequence until clean. I have this trouble when I try to save a few words. I was trying to correct the other interpretation where repeatedly run the first until clean and then repeat for the second.
Perhaps Kimsland will drop in on this thread. I do not recall how to control this or make it normal other than to reset the Internet Explorer settings (RIES)
PostScript
HJT Tick & Fix
Establish a new clean restore point and Clear your existing System Restore points:
kimsland said:I agree with IE Reset
I've had users (and even support) argue with me that this will reset all IE settings, even settings that the user may want!
My answer is: Well we are presently removing Malware. Any BHOs or restrictions that sites may require, will need to be put back in, just as it was done before (ie they got them somewhere) Note: most of these edititions (or additions) to IE are automatic anyway !
Just quote IE Reset at will :grinthumb
Ok! And I need to improve my wording - run as pair - should been understood as 'back-to-back'. Run MBAN. Run SAS. Repeat sequence until clean. I have this trouble when I try to save a few words. I was trying to correct the other interpretation where repeatedly run the first until clean and then repeat for the second.
Perhaps Kimsland will drop in on this thread. I do not recall how to control this or make it normal other than to reset the Internet Explorer settings (RIES)
Code:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentPostScript
HJT Tick & Fix
Code:
O20 - AppInit_DLLs: hupxmc.dllEstablish a new clean restore point and Clear your existing System Restore points:
- New
- Go to Start > All Programs > Accessories > System Tools > System Restore>
- Select Create a restore point> OK.
- Clear Old
- go to Start > Run > cleanmgr > Select the More options tab >
- Choose the option to clean up System Restore > OK
This will remove all restore points except the new one you just created.
I believe your system is clean.
The 'toolbar restriction' is probably coming from one of them (such as Goo gle, Real, Mes senger, Java, or anything appearing as a button or menu item).
Tick/fix of O6 entries is not a fix. It suppresses the appearance in the log (unless re-generated by some program action that is reflected here). See #O6Diag
CCleaner has a 'registry' analyze/fix capability. Perhaps it can flag other keys that trigger the O6 toolbar restriction.
An perhaps it is 'residue' in its own right. HJT in safe mode has remove entries that were not touchable in normal mode.
If you have any doubts, Combo_fix scan can be used. In addition to its ability to root out stubborn infections, it picks out residue left by other scanners, and provides diagnostic information. (Combo_fix is spelled without '_' )
Two more cosmetic changes -
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - >> mcafee installer
Tag back with logs or other concerns.
The 'toolbar restriction' is probably coming from one of them (such as Goo gle, Real, Mes senger, Java, or anything appearing as a button or menu item).
Tick/fix of O6 entries is not a fix. It suppresses the appearance in the log (unless re-generated by some program action that is reflected here). See #O6Diag
CCleaner has a 'registry' analyze/fix capability. Perhaps it can flag other keys that trigger the O6 toolbar restriction.
An perhaps it is 'residue' in its own right. HJT in safe mode has remove entries that were not touchable in normal mode.
If you have any doubts, Combo_fix scan can be used. In addition to its ability to root out stubborn infections, it picks out residue left by other scanners, and provides diagnostic information. (Combo_fix is spelled without '_' )
Two more cosmetic changes -
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - >> mcafee installer
Tag back with logs or other concerns.
- Status
Similar threads
Latest posts
-
Gamers hack classic Tetris on NES to run custom code without altering cartridges- GodisanAtheist replied