Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Borgfan

13 Posts

14914

December 31st, 2004 01:00

Adware Virus

There is a severe problem with the adware Lop. I can't delete or move the icons that it has it put on my desktop. Ive gotten Lop before and Ive been able to delete the icons. The icons that are next to files are also messed up. For example, HTML files have the WinZip icon next to them.  My system is also starting to die.  Music is stuttering when I'm doing  stuff and it was stuttering when I was typing this. The search bar at the bottom has also shown up again and it's harder to get rid of it this time. I found the .exe file and got rid of it, but it autoloaded. After it autoloaded, it had created a random name with lower case letters. I ran Ad-Aware but when I tried to delete it, Ad-Aware froze. I ran Ad-Aware again and pressed cancel after it had found it.

This is what the Ad-Aware scan summary window looked like:

Objects Scanned: 1234567890
Objects Ignored: 4
Objects Identified: 99999
Total New Objects: 99
Total New Objects: 99

It isnt supposed to look like it.

The FBI and Symantec already know about this. I emailed the FBI and Symantec because Lop would now qualify as a virus because you can't get rid of the icons and it messed up a program that could get rid of it.

Summary:
I cant delete and move the Lop desktop icons like before. The icons next to files are messed up. The search bar is harder to get rid of. When it autoloaded, it created a random file name. Ad-Aware can't delete it and it messed up a program that would get rid of it. Because of this, Lop would now qualify as a virus.

Please help.

Texruss

3.4K Posts

December 31st, 2004 01:00

Run Adaware and Spybot in SAFE Mode:

Download this freeware cleanup program which works much better than Windows Disk Cleanup. Don't give up on it when it stalls on a file...it will pick back up after a couple of minutes. Wait until it asks to log off to clean remaining files. I have seen this program run for hours on machines really loaded down with temp files. After the first time, run it daily to keep your machine running well.

http://cleanup.stevengould.org/

Run it and clean all temporary files and if you have XP also the prefetch files (a PC may harbor downloaded trojans waiting to get activated). Look in the custom cleaning options. I also check the box to fully erase files. You will like the sound it makes while cleaning your system. *;-)

Next...download and run these two programs (Spybot S&D and Adaware) at the link below. Use Spybot first.

Most of the Internet baddies can be killed by a one-two punch with Spybot and Adaware assuming these three factors are achieved:

1. Latest version
2. Configured correctly for running options
3. New definitions from update feature

Please download the latest Adaware which is called SE edition and Spybot 1.3. Graphic tutorials at:

http://russelltexas.com/malware/spybot13/spybot13.htm

http://russelltexas.com/malware/adawarese/adawarese.htm

Follow the directions for proper use of those excellent products.

When you complete these steps submit a Hijackthis log:

http://www.richardthelionhearted.com/~merijn/   HJT 1.99 download site


After downloading, and unzipping the hijackthis file into a safe folder you create (preferably a folder named HJT in the first level of the C: drive)...run Hijackthis, click on the 'scan' button and then 'save log' button.

Copy and paste the contents of the text file you save into a reply to this message.

Special Notice! Hijackthis is a powerful tool that edits the brains of Windows (the Registry). DO NOT FIX anything in the Hijackthis log screen without assistance. Most of the line items in the scanned log are normal for Windows operation. Hijackthis should identify the vast majority of your problems and enable us to help you clean them off your system.

Stay in this thread for continuity. Reply to this message. 

HTH,

Texruss

Borgfan

13 Posts

December 31st, 2004 10:00

Wouldn't Lop just autoload again?

Borgfan

13 Posts

December 31st, 2004 10:00

It messed up Ad-Aware when I tried to remove it.  Lop now hurts a program that can remove it.

Borgfan

13 Posts

December 31st, 2004 10:00

When I tried to use the Hijack This Delete File At Reboot, when the computer was about to reboot, I got the Windows Password message with my name in it!
 
Im going insane because this is not supposed to be happening.  Spyware isnt supposed to protect itself like that or hurt programs that can get rid of it.  Its also not supposed to be things on your desktop that you are locked out from editing.
 
The FBI knows about this and all of the other details so if theres a Trojan on my computer and your reading this : P .

Message Edited by Borgfan on 12-31-2004 09:01 AM

Borgfan

13 Posts

December 31st, 2004 10:00

*VIRUS*
 
CleanUp didnt work, it just autoloaded.  I found the actual .exe, I tried to put it into the recycle bin but my comp messed up.  This isn't Spyware. this is a VIRUS
 
It puts stuff on your computer that you cannot edit
It protects itself when you try to delete it
It hurts program*S* that can get rid of it
 
*VIRUS*

Midnight Star

4.8K Posts

December 31st, 2004 12:00

Borgfan,

I've seen another case like this before, where every effort to help is redirected back to a destructive or uncertain outcome; usually the latter - That appears to be the new psychology of spyware. It seems the beginning of the year was an interesting time ... :) for some.

You know what they say ... When it rains, it pours! ... :(

In reading through your posts, i'm not quite sure what your asking or what statement your trying to make? And your making quite alot. Would you like us to contact the FBI for you? I've worked with them in the past. If so, we'll need alot more information than your providing us? Specifically, where you came across this infection? They'll need that information to trace it back.

The FBI knows about this and all of the other details so if theres a Trojan on my computer and your reading this : P

Is there something we can help you with, in checking out your system, or trying to get that *VIRUS* cleaned off? Or are you saying that the FBI put this on your system to track down the person, or persons, causing the problem. If so, we wouldn't want to remove it until their investigation is complete.

Remember these types of infections almost never come alone. I'm sure there might be more, just waiting to take advantage of this.


I feel like i'm getting caught up in something that has nothing to do with getting your system cleaned off, but I still dropped in to see if I could help?

Mike.

Borgfan

13 Posts

December 31st, 2004 15:00

I have already sent emails to the FBI, so Ive already contacted them.  They havent emailed me back yet.  I emailed them because it is acting like a virus and they will be able to get the company who coded this.
 
You don't need to contact them and their isnt an investigation.  I sent them information about how it gets installed, how the icons cant be deleted, and how it protects itself.  I also sent them one of the .exes.  I gave them all of the information.
 
Yes, I do need help in getting rid of this Spyware.  How can I get rid of it if it autoloads and protects itself from being deleted?
 
 

Midnight Star

4.8K Posts

December 31st, 2004 15:00

Borgfan,
 
I know. These types of programs (the ones that infected your system), are written by people who have no concern for you or your system - cleanup is beyond the average person, not because they're not intelligent enough to remove it on their own, be simply because they use 'tricks' that are beyond the average user's pc experience.
 
Post up the log and we'll see what you've got.
 
Mike.
 

Midnight Star

4.8K Posts

December 31st, 2004 15:00

Borgfan,

They won't unless they need further information from you, or information that's contained on your system.

-

I think it'll be safe to remove the problem (or we'll give it our best try), since they already have the information they need to replicate what's happened to your system.

Here's what I need you to do...

I need to see what's running on your system to 'pick' out the problem files. You need to download, install and run HiJackThis and post up a log that it produces. We're trying to standardize instructions on this, so if you can, follow the instructions posted at the top of this forum. If your still having problems, go ahead and post back and i'll see if I can help you get one posted.

I know it's frustrating, so just hang in there and we'll see if we can help.

Mike.

 

Borgfan

13 Posts

December 31st, 2004 15:00

Sorry, I accidently posted this before I put the message in.

Message Edited by Borgfan on 12-31-2004 01:16 PM

Borgfan

13 Posts

December 31st, 2004 15:00

I think I know how to temporarily get rid of the desktop icons.  The spyware launches Internet Explorer without having the browser window come up.  I closed them and the icons went away.  Whenever I open a browser, though, they come back. 
 
The spyware is still on the machine and the other problems are still going on.

Message Edited by Borgfan on 12-31-2004 01:21 PM

Borgfan

13 Posts

January 1st, 2005 10:00

Logfile of HijackThis v1.98.2
Scan saved at 8:05:26 AM, on 1/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HUB GUARD\EMERGENCY GUARD\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cgcviveopesdfzc.org/5QI4jgWPpReaOohXMetkC/Ks7n2HdIVuW3mx4mkBJm3n6d0aFyKhBBOFSghMtJNG.html
O2 - BHO: (no name) - {20FA6A79-8073-1DD1-8757-6D5508A57B3D} - (no file)
O2 - BHO: (no name) - {FBFC0BA4-9943-74F6-C4B9-73EB9A78DCD2} - C:\WINDOWS\APPLICATION DATA\HOPE BORE\THISANTE.EXE
O4 - HKCU\..\Run: [SizeItch] C:\WINDOWS\APPLIC~1\ABOUTF~1\deaffrag.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
 
 
Lop isnt in the running proccesses in the Close Program Box.  Other spyware that Ad-Aware doesnt find start running after I close the browers that Lop has opened, but Lop is never there.
 

Message Edited by Borgfan on 01-01-2005 09:00 AM

Borgfan

13 Posts

January 1st, 2005 11:00

How do I undo the destructiont that's been done?

Borgfan

13 Posts

January 1st, 2005 12:00

Please hurry, its destroying my computer.  It might be downloading more Spyware.  Soon I wont be able to open Internet Explorer

Midnight Star

4.8K Posts

January 1st, 2005 12:00

Borgfan,

Also try these instructions from Chris and see if they can help. There's another download link provided:

-----

That looks like lop. Canned lop fix - for the future.

=========================
Download the LOP uninstaller from http://members.rogers.com/rjmac/new_uninstall.exe
Close IE and run the uninstaller; click OK>it will then ask you to type in a number that it supplies, do so and click 'uninstall'>yes>OK>OK.
 
-----
 
I'll still need to see a complete log to know the extent of what we're dealing wth.
 
Mike.
 

View More

View All

No Events found!

Top