minx

Wetlook World Forum

Current time: Fri 29/03/24 16:53:46 GMT

Translate page FROM gb -> TO de fr it nl es pt jp

Translate page TO gb <- FROM de fr it nl es pt jp

MyWetloook

Message # 38561.1.1.1.1.1.2

Subject: Hello Re: No need to get a new PC....

Date: Mon 05/01/09 23:43:41 GMT

Name: Waterspaniel us

Email:

Website:

Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help
with running costs: Make Donation (you can change amount)

Previous Reply
Next New Message
Active List Archive

Thanks again for the input, and ytsen too. I'm not sure where I picked this up, it appears to have happened Saturday, from one of the celebrity sites I visited, but I can't remember exactly which one. The first thing that happened was some supposed antivirus program I'd never heard of (not Mcafee) jumped in and started scanning, then the sagispul started showing up after that happened several times. Yes, I could continue to play with this, but I have neither the time nor the patience. I won't be surprised if it crashes any time now.  I estimate that it would cost at least $100 to get this thing fixed, it's pushing 4 years old, and it's been annoying me for awhile now with its anemic RAM. I was toying with the idea of replacing it this summer anyway. For a couple of hundred more than it would cost me to fix it, I can get a new one, which I have ordered, much faster and without the headaches. Hopefully it'll be here by the end of the week. I have seen Mcafee Stinger, a free download, mentioned as an effective remedy for Sagispul, so you might want to check on that. Thanks again.
In reply to Message (38561.1.1.1.1.1) Hello No need to get a new PC....

By Hobie - ch Mon 05/01/09 14:00:53 GMT

Website:


unless you want a new one anyway.

 

MK is right, its easy to mess up your computer doing the wrong things in the registry. That's why i mentioned, that you should know, how to work with it.

On the other hand, what ist there to loose? Your computer has been messed up already. So you can either win, or still have a messed up computer.

 

Like MK says, you can allways have your system set up from scratch. You'd have to save your data on a separate disk or partition first.

Then formatting the system partition will get rid of the malware. Allthough it is unlikely, that it has replicated in your 'my files' folder, you should scan this folder before you use the files again.

 

I'm not surprised, system restore is not working, because most malware will switch this off.

As you have experienced, they also keep you from accessing the known security sites, so no online scans can be done.

McAfee is not the best, but quite good. The problem is not with mcAfee though, it has been switched off also.

You may try to reinstall mcAfee, but I'm afraid the malware won't let you.

 

If you're not easy with changeing your registry, then don't.

Reading your registry is secure, as long as you don't delete anything or change any values.

 

What you can try, is read the registry and proceed as follows (its the same as I wrote in my previous post, only without changing the registry):

Again, start in protected mode.

Check the 'Run' commands in your registry and search for commands starting files you don't know. (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)

Write down the path and filename that is in the command and rename the file in the path.

Example: For Adobe reader this would be "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe", you'd have to rename 'Reader_sl.exe' which you would find in 'C:\Program Files\Adobe\Reader 9.0\Reader\' in 'Reader_sl.exe.xxx'

Changing the file-extension by adding '.xxx' (dotxxx) will prevent the run-command from finding the file and thus it will not start and can do no harm.

(If you cannot see most of the file-extensions, let me know.)

The only thing, that can occur here, is that the malware has locked the file an so prevent it from beeing renamed. There is a workaround for that situattion too, but I wait with explaining, until it really occurs.

Check the 'RunOnce' commands, they sould be empty (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce)

Do so for every command, you don't know. If you have any doubts, google for the filename that is in the command and you'll soon know, what it is for.

Delete all your temp files in the windows-dir and in all the users dirs.

 

If you don't know, which files to rename, I can give you a mailadress and you can send me screenshots of your Run-commands,

 

Where did you get infected? I could go ther and infect a system, so that I can analyse the malware. Its no big deal, I'd do it on a copy of a virtual machine.

I'm interested in this, 'cause this might happen to my customers also....

 

Hobie

In reply to Message (38561.1.1.1.1) Hello P.S.

By Waterspaniel - us Mon 05/01/09 08:58:55 GMT

Website:


From what I read about this thing, it's pretty hard to get rid of. And I'd still like to know how it got past the Mcafee. Either whoever wrote this knew their stuff, or Mcafee isn't worth much.
In reply to Message (38561.1.1.1) Hello Thanks a lot guys

By Waterspaniel - us Mon 05/01/09 08:29:14 GMT

Website:


Thanks, Hobie, for taking the time to relate that info. As MK says, I'm not the computer guru you are, and although I do have some computer training, I'm a bit uneasy about playing around in the registry. And thanks for the input, MK, sounds like good advice. So far the Ad-Aware doesn't seem to be taking care of it, and I can't get System Restore to work. I click the Next button in the System Restore window and nothing happens. I'm not putting any money into this thing, it's pushing 4 years old, and is seriously RAM challenged. Plus Dell is advertising them dirt cheap right now, with some pretty respectable specs. If I can't straighten this out, I'm getting a new one. Thanks again.
In reply to Message (38561.1.1) Hello ...fyi

By MK - wamtec@comcast.net ex Mon 05/01/09 01:31:06 GMT

Website:


If you if you are not a technical person (as I am not one myself)...then those instructions are all greek to me, and I do not like to mess with the registry if I do not know what I am doing....cos you know the old saying

 

  "To err is humnan - to really screw things up, you need a personal computer".

 

...cos messing with registry stuff is for technical people only....so whenever I get infected...I normally find these 2 simple low tech methods cure most of the problems I encounter with malware being in my pc....

 

1) Run the free software called AD AWARE....the free edition. This free software normally does a pretty decent job at removing malware and viruses from your pc...and it cures most of my problems....you can download this free software here...

 

http://www.download.com/Ad-Aware-2008/3000-8022_4-10045910.html

 

FYI most free spyware/adware remover softwares trick you...i.e. they will scan your pc for free...but not actually remove any viruses unless you register and pay for their software. But Ad Aware is totally free...and will scan as well aas remove your viruses too.

 

If that does not remove the offending virus, then the next step is...

 

2) Do a system restore on your PC...and go to your system tools in windows and set windows to do a full restore of your registry settings to one day ago, before you got infected. I find this normally cures everything and sets your pc back to normal.

 

If the virus is very sophisticated and is buried too deep in your registry to be removed, that is when you need technical help from somebody who knows how to edit your registry and or re-build your entire pc (my brother, who is more more adept than I am....normally rebuilds the entire pc at that point...and offloads the data to a 2nd hard drive, formats the drive, and then re-installs windows from scratch....but hopefully you will not have to do that).

 

Just try steps 1 and 2 first...cos I find most of the infections I get are either cured by Step 1...or..they are almost always cured if you go to Step 2.

 

Good luck

MK

In reply to Message (38561.1) Hello Re: OT - infected with @#$. sagipsul.com popups

By Hobie - ch Sun 04/01/09 23:33:08 GMT

Website:


This seems to be quite new.

I googled for sagipsul.com and found no solutions. First Infections seem to have occurde around 30 December 2008.

 

This kind of malware can mostly be eliminated with the following steps (You should know, how to work with the windows registry):

Startup in protected mode.

Check the 'Run' commands in your registry and search for commands starting files you don't know. (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run)

Write down the path and filename that is in the command and rename the file in the path.

Example: For Adobe reader this would be "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe", you'd have to delete 'Reader_sl.exe' which you would find in 'C:\Program Files\Adobe\Reader 9.0\Reader\'

Mark and export the command to a *.reg-file, just in case you delete something, you still need.

Delete the command

Check the 'RunOnce' commands, they sould be empty (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce)

Do so for every command, you don't know. If you have any doubts, google for the filename that is in the command and you'll soon know, what it is for.

Delete all your temp files in the windows-dir and in all the users dirs.

Restart your PC. If we're lucky (that means, the malware used this structure), the problem should be solved.

 

If not, post again and I'll try to find a solution.

 

Hobie

In reply to Message (38561) Danger OT - infected with @#$. sagipsul.com popups

By Waterspaniel - us Sun 04/01/09 22:59:09 GMT

Website:


Repeatedly generates new blank Firefox window every couple of minutes with the above in the address window and won't let me access the Mcafee or numerous other sites relating to virus/spyware removal. No idea how this got past my anti-virus software or how I picked it up, but the big laugh is, I ran the antivirus scan this morning and it says I'm protected! It did find a trojan, which it supposedly removed. Anybody else run into this? Thanks. Depressed

Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help with running costs: Make Donation (you can change amount)

All WAM Drunk Sex Orgy Wetlook-Online
Clips4Sale

Minx Movies - M12 - Dressed in Wet is now in the Download Store
Download Store

Minx Movies - M15 - Wet Me Now is now in the Download Store
Download Store

Minx Movies - M14 - Get Wet With Me is now in the Download Store
2ipmd65.jpg2ipmdg2.jpgckfbj77.jpgjapgs25.jpgzgjbt99.jpg Download Store 2fpbs94.jpgkijws74.jpgrlsps97.jpglasbjg7.jpg2fptg96.jpg2gpdde7.jpg


Minx Movies - M8 - Mask Of Wetness is now in the Download Store
Download Store



[ This page took 0.018 seconds to generate ]