minx

Wetlook World Forum

Current time: Fri 26/04/24 17:35:16 GMT

Translate page FROM gb -> TO de fr it nl es pt jp

Translate page TO gb <- FROM de fr it nl es pt jp

Wetlook-Online
Wetlook-Online

Message # 38561.1

Subject: Hello Re: OT - infected with @#$. sagipsul.com popups

Date: Sun 04/01/09 23:33:08 GMT

Name: Hobie ch

Email:

Website:

Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help
with running costs: Make Donation (you can change amount)

Previous Reply
Next New Message
Active List Archive

This seems to be quite new.

I googled for sagipsul.com and found no solutions. First Infections seem to have occurde around 30 December 2008.

 

This kind of malware can mostly be eliminated with the following steps (You should know, how to work with the windows registry):

Startup in protected mode.

Check the 'Run' commands in your registry and search for commands starting files you don't know. (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)

Write down the path and filename that is in the command and rename the file in the path.

Example: For Adobe reader this would be "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe", you'd have to delete 'Reader_sl.exe' which you would find in 'C:\Program Files\Adobe\Reader 9.0\Reader\'

Mark and export the command to a *.reg-file, just in case you delete something, you still need.

Delete the command

Check the 'RunOnce' commands, they sould be empty (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce)

Do so for every command, you don't know. If you have any doubts, google for the filename that is in the command and you'll soon know, what it is for.

Delete all your temp files in the windows-dir and in all the users dirs.

Restart your PC. If we're lucky (that means, the malware used this structure), the problem should be solved.

 

If not, post again and I'll try to find a solution.

 

Hobie

In reply to Message (38561) Danger OT - infected with @#$. sagipsul.com popups

By Waterspaniel - us Sun 04/01/09 22:59:09 GMT

Website:

Repeatedly generates new blank Firefox window every couple of minutes with the above in the address window and won't let me access the Mcafee or numerous other sites relating to virus/spyware removal. No idea how this got past my anti-virus software or how I picked it up, but the big laugh is, I ran the antivirus scan this morning and it says I'm protected! It did find a trojan, which it supposedly removed. Anybody else run into this? Thanks. Depressed

Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help with running costs: Make Donation (you can change amount)

All WAM Drunk Sex Orgy WetLooker.com
WetlookPOV.com

Minx Movies - M12 - Dressed in Wet is now in the Download Store
Download Store

Minx Movies - M15 - Wet Me Now is now in the Download Store
Download Store

Minx Movies - M14 - Get Wet With Me is now in the Download Store
2ipmd65.jpg2ipmdg2.jpgckfbj77.jpgjapgs25.jpgzgjbt99.jpg Download Store 2fpbs94.jpgkijws74.jpgrlsps97.jpglasbjg7.jpg2fptg96.jpg2gpdde7.jpg

Minx Movies - M8 - Mask Of Wetness is now in the Download Store
Download Store


[ This page took 0.002 seconds to generate ]