Unsolved
This post is more than 5 years old
13 Posts
0
14914
Adware Virus
There is a severe problem with the adware Lop. I can't delete or move the icons that it has it put on my desktop. Ive gotten Lop before and Ive been able to delete the icons. The icons that are next to files are also messed up. For example, HTML files have the WinZip icon next to them. My system is also starting to die. Music is stuttering when I'm doing stuff and it was stuttering when I was typing this. The search bar at the bottom has also shown up again and it's harder to get rid of it this time. I found the .exe file and got rid of it, but it autoloaded. After it autoloaded, it had created a random name with lower case letters. I ran Ad-Aware but when I tried to delete it, Ad-Aware froze. I ran Ad-Aware again and pressed cancel after it had found it.
This is what the Ad-Aware scan summary window looked like:
Objects Scanned: 1234567890
Objects Ignored: 4
Objects Identified: 99999
Total New Objects: 99
Total New Objects: 99
It isnt supposed to look like it.
This is what the Ad-Aware scan summary window looked like:
Objects Scanned: 1234567890
Objects Ignored: 4
Objects Identified: 99999
Total New Objects: 99
Total New Objects: 99
It isnt supposed to look like it.
The FBI and Symantec already know about this. I emailed the FBI and Symantec because Lop would now qualify as a virus because you can't get rid of the icons and it messed up a program that could get rid of it.
Summary:
I cant delete and move the Lop desktop icons like before. The icons next to files are messed up. The search bar is harder to get rid of. When it autoloaded, it created a random file name. Ad-Aware can't delete it and it messed up a program that would get rid of it. Because of this, Lop would now qualify as a virus.
Please help.
Texruss
3.4K Posts
0
December 31st, 2004 01:00
Run Adaware and Spybot in SAFE Mode:
Download this freeware cleanup program which works much better than Windows Disk Cleanup. Don't give up on it when it stalls on a file...it will pick back up after a couple of minutes. Wait until it asks to log off to clean remaining files. I have seen this program run for hours on machines really loaded down with temp files. After the first time, run it daily to keep your machine running well.
http://cleanup.stevengould.org/
Run it and clean all temporary files and if you have XP also the prefetch files (a PC may harbor downloaded trojans waiting to get activated). Look in the custom cleaning options. I also check the box to fully erase files. You will like the sound it makes while cleaning your system. *;-)
Next...download and run these two programs (Spybot S&D and Adaware) at the link below. Use Spybot first.
Most of the Internet baddies can be killed by a one-two punch with Spybot and Adaware assuming these three factors are achieved:
1. Latest version
2. Configured correctly for running options
3. New definitions from update feature
Please download the latest Adaware which is called SE edition and Spybot 1.3. Graphic tutorials at:
http://russelltexas.com/malware/spybot13/spybot13.htm
http://russelltexas.com/malware/adawarese/adawarese.htm
Follow the directions for proper use of those excellent products.
When you complete these steps submit a Hijackthis log:
http://www.richardthelionhearted.com/~merijn/ HJT 1.99 download site
After downloading, and unzipping the hijackthis file into a safe folder you create (preferably a folder named HJT in the first level of the C: drive)...run Hijackthis, click on the 'scan' button and then 'save log' button.
Copy and paste the contents of the text file you save into a reply to this message.
Special Notice! Hijackthis is a powerful tool that edits the brains of Windows (the Registry). DO NOT FIX anything in the Hijackthis log screen without assistance. Most of the line items in the scanned log are normal for Windows operation. Hijackthis should identify the vast majority of your problems and enable us to help you clean them off your system.
Stay in this thread for continuity. Reply to this message.
HTH,
Texruss
Borgfan
13 Posts
0
December 31st, 2004 10:00
Borgfan
13 Posts
0
December 31st, 2004 10:00
Borgfan
13 Posts
0
December 31st, 2004 10:00
Message Edited by Borgfan on 12-31-2004 09:01 AM
Borgfan
13 Posts
0
December 31st, 2004 10:00
Midnight Star
4.8K Posts
0
December 31st, 2004 12:00
I've seen another case like this before, where every effort to help is redirected back to a destructive or uncertain outcome; usually the latter - That appears to be the new psychology of spyware. It seems the beginning of the year was an interesting time ... :) for some.
You know what they say ... When it rains, it pours! ... :(
In reading through your posts, i'm not quite sure what your asking or what statement your trying to make? And your making quite alot. Would you like us to contact the FBI for you? I've worked with them in the past. If so, we'll need alot more information than your providing us? Specifically, where you came across this infection? They'll need that information to trace it back.
The FBI knows about this and all of the other details so if theres a Trojan on my computer and your reading this : P
Is there something we can help you with, in checking out your system, or trying to get that *VIRUS* cleaned off? Or are you saying that the FBI put this on your system to track down the person, or persons, causing the problem. If so, we wouldn't want to remove it until their investigation is complete.
Remember these types of infections almost never come alone. I'm sure there might be more, just waiting to take advantage of this.
I feel like i'm getting caught up in something that has nothing to do with getting your system cleaned off, but I still dropped in to see if I could help?
Mike.
Borgfan
13 Posts
0
December 31st, 2004 15:00
Midnight Star
4.8K Posts
0
December 31st, 2004 15:00
Midnight Star
4.8K Posts
0
December 31st, 2004 15:00
Borgfan,
They won't unless they need further information from you, or information that's contained on your system.
-
I think it'll be safe to remove the problem (or we'll give it our best try), since they already have the information they need to replicate what's happened to your system.
Here's what I need you to do...
I need to see what's running on your system to 'pick' out the problem files. You need to download, install and run HiJackThis and post up a log that it produces. We're trying to standardize instructions on this, so if you can, follow the instructions posted at the top of this forum. If your still having problems, go ahead and post back and i'll see if I can help you get one posted.
I know it's frustrating, so just hang in there and we'll see if we can help.
Mike.
Borgfan
13 Posts
0
December 31st, 2004 15:00
Message Edited by Borgfan on 12-31-2004 01:16 PM
Borgfan
13 Posts
0
December 31st, 2004 15:00
Message Edited by Borgfan on 12-31-2004 01:21 PM
Borgfan
13 Posts
0
January 1st, 2005 10:00
Scan saved at 8:05:26 AM, on 1/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HUB GUARD\EMERGENCY GUARD\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
O2 - BHO: (no name) - {20FA6A79-8073-1DD1-8757-6D5508A57B3D} - (no file)
O2 - BHO: (no name) - {FBFC0BA4-9943-74F6-C4B9-73EB9A78DCD2} - C:\WINDOWS\APPLICATION DATA\HOPE BORE\THISANTE.EXE
O4 - HKCU\..\Run: [SizeItch] C:\WINDOWS\APPLIC~1\ABOUTF~1\deaffrag.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
Message Edited by Borgfan on 01-01-2005 09:00 AM
Borgfan
13 Posts
0
January 1st, 2005 11:00
Borgfan
13 Posts
0
January 1st, 2005 12:00
Midnight Star
4.8K Posts
0
January 1st, 2005 12:00
Borgfan,
Also try these instructions from Chris and see if they can help. There's another download link provided:
-----
That looks like lop. Canned lop fix - for the future.
Close IE and run the uninstaller; click OK>it will then ask you to type in a number that it supplies, do so and click 'uninstall'>yes>OK>OK.