Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

http://sagipsul.com/go


  • Please log in to reply

#1
GetRidOfMalware

GetRidOfMalware

    New Member

  • Member
  • Pip
  • 4 posts
Over the past 2 weeks I have been getting multiple unwanted sagipsul advertisement, and sagipsul pop-ups ( about one every minute and sometimes more often). I have tried to remove the virus using Malwarebytes Anti-Malware, Spybot and others but to no avail. Occasionally I will receive a blank page linked to a site starting with

Appreciate any help you could provide.

Thanks in advance ...

Here is the HJT file I just ran ....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:19 AM, on 12/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\eHome\ehRecvr.exe
E:\WINDOWS\eHome\ehSched.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\system32\dllhost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\ehome\ehtray.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\eHome\ehmsas.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
E:\Program Files\Search Settings\SearchSettings.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\RALINK\Common\RaUI.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.exe
E:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\Program Files\Temp_Files_2_Delete\HiJackThis.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {39f45bb4-bb6c-475d-93c2-91605035ed83} - E:\WINDOWS\system32\reziguge.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - E:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: {8d50592b-73e9-c06a-70a4-e1181ac0ec5c} - {c5ce0ca1-811e-4a07-a60c-9e37b29505d8} - E:\WINDOWS\system32\wtmnqm.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - E:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [ehTray] E:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] E:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [au] E:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] E:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPM7b0a8457] Rundll32.exe "E:\WINDOWS\system32\memovovo.dll",a
O4 - HKLM\..\Run: [farafuhuki] Rundll32.exe "E:\WINDOWS\system32\riyakuge.dll",s
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [farafuhuki] Rundll32.exe "E:\WINDOWS\system32\riyakuge.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [farafuhuki] Rundll32.exe "E:\WINDOWS\system32\riyakuge.dll",s (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 2.3.lnk = E:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: OpenOffice.org 2.4.lnk = E:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: DualCoreCenter.lnk = E:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: Forget Me Not.lnk = E:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = E:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Compare Prices with &Dealio - E:\Documents and Settings\Julie\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - E:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - E:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1208133478680
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: wtmnqm.dll E:\WINDOWS\system32\zewewegi.dll e:\windows\system32\duzemibe.dll e:\windows\system32\memovovo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - e:\windows\system32\memovovo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - e:\windows\system32\memovovo.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11134 bytes
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello GetRidOfMalware

Welcome to G2Go. :)

Let's see if we can get rid of sagipsul...
=====================

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
GetRidOfMalware

GetRidOfMalware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I attached the Info.txt and Log.txt files as requested ... I also attached a copy of the MalwareBytes log that was generated today, in case it is useful .....

Thx for the feedback !

Attached File  info.txt   26.44KB   464 downloads
Attached File  log.txt   30.26KB   367 downloads
Attached File  mbam_log_2008_12_25__13_27_10_.txt   4.19KB   261 downloads
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi you are welcome.
All of the items found by Malware bytes Antimalware are marked with (No Action Taken)
You will need to re-run MalwareBytes and choose Remove Selected when the scan has completed.

Let me know if you have already done this and we will do something else.
If you haven't done this then please do so and post or attach the Malwarebytes log and a new Rsit log after that has been done.
  • 0

#5
GetRidOfMalware

GetRidOfMalware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Sorry about that ... I actually saved the MalwareBytes file twice with the one I sent before being just prior to Removing the Files found. The attached file was saved after removing the selected files found by MalwareBytes. After this scan file was generated I rebooted as well ( as recommended by MalwarBytes) .... The RSIT Log files should still be valid as they were run just after the attached Malwarebytes file was saved ...

Thx for the timely response ...

Attached File  mbam_log_2008_12_25__13_27_59_.txt   4.71KB   391 downloads
  • 0

#6
GetRidOfMalware

GetRidOfMalware

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I am in the process of running some additional AV and Anti-Bot s/w and have had some success. When I complete the process if I am still having a major issue with pop-ups I will plan to send you updated log files or close the Topic ...

Thanks for the great assistance ....
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP