Enter your Keyword, Search here,

Manual Removal of Sagate.exe

Sagate.exe (GAOBOT.BOW WORM)
Sagate Security Firewall should not be running at startup. It is likely a virus, spyware, trojan, or some other sort of malicious program. Use a virus scanner, and/or spyware removal tool to remove it. Added by the GAOBOT.BOW WORM
Level of Danger: High
Distribution Level: Medium

Removal Tools:
Killbox
KillBox is a tool to delete in-use files, if the file is running, KillBox will attempt to end the process (close the running file) and delete it.

Download KillBox
Download KillBox Beta

Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
When turning on the pc/Restart your Computer, repeatedly Press F8 key when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names
  • WINDOWS\System32\awtsr.dll
  • WINDOWS\System32\mljii.dll
  • WINDOWS\System32\sagate.exe
  • WINDOWS\System32\dflnl.exe
  • Program Files\MediaGateway\MediaGateway.exe
  • WINDOWS\fwnet64.exe
Download the program KillBox and decompress.
Starting the KillBox.exe and select the "Delete on reboot" (Delete to reboot).
In the box labeled "Full path of file to delete" (Full path of the file to delete).
There put the name of the file you want to delete and the path of where you are eg: if we want to delete the file
sagate.exe and is located in the System32 folder put:
C:\WINDOWS\System32\sagate.exe
Then press the button that looks like a red circle with a white X. When asked whether you want to reboot now ( "Reboot now"), which put Yes (SI).


If we have more than one file or folder to eliminate, this time we are going to use the following steps:
Run Killbox and select:
"Delete on reboot" (Delete to reboot)
"All Files" (All Files)
Copy all the files that are going to be to eliminate, for example:
C:\WINDOWS\System32\sagate.exe
C:\WINDOWS\System32\sagate2.exe
C:\WINDOWS\System32\sagate3.exe
and paste it into the "Full Path of File to Delete"
Go to menu "File" and select "Paste from Clipboard" to add the rest of the files.
Clicking the button with a red circle and white X  ( "Delete File"), wait a moment and then accepts the message that appears (Your system will be rebooted)
After rebooting, a log.txt file located in C:\! Killbox\Logs, where you can check the results.

Manually Remove From Registry
Click Start; Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.
Navigate to the subkey:
Here, These are windows Startup Folders, Remove the entry of the file you untrust, Delete from Right Side only.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
In the right pane, delete the value:
"Sagate Security Firewall" = "sagate.exe"


Search Registry for More Entries, by using Find option in Edit Menu
Ctrl+F, Enter Keyword "sagate.exe" , then click Find. Remove all Entries that given above.


Exit the Registry Editor.
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)

1 comment :

  1. Very Helpfull information provided by you. Thanks for sharing it.

    ReplyDelete

Comment on this Post!!

More Posts that you may be interested...