Sagispul and probably other viruses

Status
Not open for further replies.
S

Smarch Weather

I deleted some bad things with Malwarebytes and spyware programs, but sagispul and I'm assuming more things remain.

Any help is appreciated.
Here are my logs:
 
I have CA Security Center from my internet provider. It finds two Vundo things and something else, but whenever I try to quarantine them, the program freezes. Any advice?
 
Except for your last post, things have been handle with 2 questionable findings.

HJT scan. Tick & fix. Restart computer.
Code: 
O2 - BHO: {7c0e3507-2645-d75b-86d4-abaceb9187c2} - {2c7819be-caba-4d68-b57d-54627053e0c7} - C:\WINDOWS\system32\eaxsed.dll  >> not listed
O4 - HKLM\..\Run: [Tjinoqevoy] rundll32.exe "C:\WINDOWS\etogurinazobes.dll",e  >> not listed

Before reacting to CA, I suggest rescan with MBAB & SAS (run as pairs) until clean or something that cannot be cleaned.

HJT scan informs what has not been handled (computer restart before HJT scan)

Also, if CA is complaining about quarantined files, then

Establish a new clean restore point and Clear your existing System Restore points:
  • New
    • Go to Start > All Programs > Accessories > System Tools > System Restore>
    • Select Create a restore point> OK.
  • Clear Old
    • go to Start > Run > cleanmgr > Select the More options tab >
    • Choose the option to clean up System Restore > OK

      • This will remove all restore points except the new one you just created.
 
MBAB doesn't find anything anymore. When I try to delete this:
O4 - HKLM\..\Run: [Tjinoqevoy] rundll32.exe "C:\WINDOWS\etogurinazobes.dll",e >>

in HJT, it just reappears the next time I do a scan. How do I find the file in the registry and delete it?

Thanks.
 
This is the third time today to call out the big gun! If ComboFix passes on fixing the O4, then it is undocumented for one of the O23 items.

Please run ComboFix & HJT. ComboFix cleans & provides diagnostic information that is used to find enabling infection that remain or just residue. As with most scans, the repeat scan looks for any infection that is now unmasked or a clean run. Always assess if symptoms remain.

Supporting information
Blind Dragon said:
Uninstall Combofix
Click to expand...

Blind Dragon said:
Simplified Instructions for ComboFix + link to download
How-to-use instructions - full version
Click to expand...
Bobbye said:
Please see this for instructions:
:Temporarily Disable Real Time Monitoring Programs
  • 1 Spybot S&D (Teatimer)
  • 2 Ad-Aware Ad-Watch
  • 3 Spywareguard
  • 4 Windows Defender
  • 5 TrojanHunter Guard
  • 6 Disable SpySweeper
  • 7 WinPatrol
  • 8 CounterSpy
  • 9 AVG Anti-Spyware (formerly ewido)
  • 10 Spyware Doctor
  • 11 Prevx
  • 12 ProcessGuard
  • 13 ZoneAlarm's OS Firewall
  • 14 Ad-Aware 2007 Service
Click to expand...
 
Status
Not open for further replies.

Similar threads

losdavos
Malware removal help, please and thank you!
Replies
1
Views
821
losdavos
losdavos
M
Virus warning popup
Replies
1
Views
538
Mark Fuller
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
474
eriksnyman1
E

Latest posts

Back