Help with viewpoint mgr pop ups
- Thread starter tr1
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Your sysytem is infected with at least the lop trojan.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx
Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, the C:\NoLop.log and an AVG Antispyware logs as attachments into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Your sysytem is infected with at least the lop trojan.
Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.
If after reading the above, you wish to clean your system, do the following.
Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx
Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, the C:\NoLop.log and an AVG Antispyware logs as attachments into this thread, only after doing the above.
Regards Howard :wave: :wave:
This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
EXIT TEST.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [SHIM BEEP] C:\DOCUME~1\TR\APPLIC~1\DOGTIM~1\EXIT TEST.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=eb9bd6a7 9bd90545629244b92d314bf2&url=http%3A%2F%2Fd.69.25.47.79.downloads.estara.com.%2F as%2FOneCCDM.php&template=12825&sessionid=361889031_69.25.47.79_41696&=&req=1123 717287632OneCC.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/GeneralMills/Coupon s.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\DOCUME~1\TR\APPLIC~1\DOGTIM~1<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Can you tell me what this programme is? IMLogic\IM Detector\detector.exe
Go HERE and follow the instructions for the CCleaner programme.
Then, run a fresh AVG Antispyware scan. Attach the AVG Antispyware log as well as a fresh HJT log and the Nolop log I requested.
Regards Howard
This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
EXIT TEST.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O4 - HKCU\..\Run: [SHIM BEEP] C:\DOCUME~1\TR\APPLIC~1\DOGTIM~1\EXIT TEST.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - https://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=eb9bd6a7 9bd90545629244b92d314bf2&url=http%3A%2F%2Fd.69.25.47.79.downloads.estara.com.%2F as%2FOneCCDM.php&template=12825&sessionid=361889031_69.25.47.79_41696&=&req=1123 717287632OneCC.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/GeneralMills/Coupon s.cab
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\DOCUME~1\TR\APPLIC~1\DOGTIM~1<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
Can you tell me what this programme is? IMLogic\IM Detector\detector.exe
Go HERE and follow the instructions for the CCleaner programme.
Then, run a fresh AVG Antispyware scan. Attach the AVG Antispyware log as well as a fresh HJT log and the Nolop log I requested.
Regards Howard
This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Task Completed
Hey,
Ihave completed all tasks, when I run the avg spyware program it incurs multiple errors when trying to delete some infected files. Also I cannot find a way to get a NO LOp log, but I ran the program and it says no infection found. I googled IM LOGIC and it is either a synatec file or an IM worm, either way we can get rid of it because I no longer use NOrton and have deleted it from my system. Here are the new logs.
Once again thanks for your help. You are one smart dude.
TR
Hey,
Ihave completed all tasks, when I run the avg spyware program it incurs multiple errors when trying to delete some infected files. Also I cannot find a way to get a NO LOp log, but I ran the program and it says no infection found. I googled IM LOGIC and it is either a synatec file or an IM worm, either way we can get rid of it because I no longer use NOrton and have deleted it from my system. Here are the new logs.
Once again thanks for your help. You are one smart dude.
TR
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
IMLogic
IM Detector
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
IM Detector (imdetector)
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
detector.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: IM Detector (imdetector) - Unknown owner - C:\Program Files\IMLogic\IM Detector\detector.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\IMLogic<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
According to your AVG Antispyware log, your system has or is infected with a rootkit. It says it has cleaned it, but I would like to make absolutely sure. Therefore I`d like you to do the following.
Go HERE and follow the instructions exactly, for removing the Rustock rootkit
Then, go HERE and follow the instructions for running the Ccleaner programme.
Post a fresh HJT log and let me know the results of the rootkit scan. Also, let me know if you`re having any problems.
Regards Howard
This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
IMLogic
IM Detector
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
IM Detector (imdetector)
Close the services window.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
detector.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O23 - Service: IM Detector (imdetector) - Unknown owner - C:\Program Files\IMLogic\IM Detector\detector.exe
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\IMLogic<Delete the entire folder.
Reboot into normal mode and rehide your protected OS files.
According to your AVG Antispyware log, your system has or is infected with a rootkit. It says it has cleaned it, but I would like to make absolutely sure. Therefore I`d like you to do the following.
Go HERE and follow the instructions exactly, for removing the Rustock rootkit
Then, go HERE and follow the instructions for running the Ccleaner programme.
Post a fresh HJT log and let me know the results of the rootkit scan. Also, let me know if you`re having any problems.
Regards Howard
This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Task Completed
Hey Howard,
Thanks again for the help.
I ran all the tasks that you specified, the only one that I could not get to work was from the Add Remove programs,the IM Detector program would not uninstall. I got the following error message (Error extracting support files. The system cannot find the file specified). All else seemed to work. I ran the root kill program and it found and deleted the file. Here is my updated HJT file.
You DA MAN!
Thanks
TR
Hey Howard,
Thanks again for the help.
I ran all the tasks that you specified, the only one that I could not get to work was from the Add Remove programs,the IM Detector program would not uninstall. I got the following error message (Error extracting support files. The system cannot find the file specified). All else seemed to work. I ran the root kill program and it found and deleted the file. Here is my updated HJT file.
You DA MAN!
Thanks
TR
howard_hopkinso
Posts: 21,238 +17
Your HJT log is now clean.
In order to remove the IM Detector entry from your add remove programmes list, do the following.
Run the Ccleaner programme as per the instructions in step9 of this thread HERE.
With the Ccleaner programme still open, click on the Tools button. Locate the IM Detector entry in the list and highlight it. Click the Delete entry button and click ok. Close Ccleaner.
The entry should now have gone from your add remove programmes list in your control panel.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
In order to remove the IM Detector entry from your add remove programmes list, do the following.
Run the Ccleaner programme as per the instructions in step9 of this thread HERE.
With the Ccleaner programme still open, click on the Tools button. Locate the IM Detector entry in the list and highlight it. Click the Delete entry button and click ok. Close Ccleaner.
The entry should now have gone from your add remove programmes list in your control panel.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of tr1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Latest posts
-
Boston Dynamics unveils impressive all-electric Atlas robot- Zsoltblabla replied
-
Russia-backed hacking group suspected of attack on US water system- Uncle Al replied
-
Pioneer's latest Blu-ray drive caters to disc diehards- ZedRM replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- WhiteLeaff replied
