TechSpot

HTTP lop toolbar activity, HELP!

By emza80
Aug 1, 2007
Topic Status:
Not open for further replies.
  1. Hey guys, its my first post and all so :eek:

    My nortons detects the HTTP lop toolbar activity as an incoming high threat like 3 times a minutes, ive scanned my pc with various things and nothing has been detected. Is this thing putting my laptop at risk??? if so how do i remove it??

    Sorry for my lack of technical terms, compters are not really my strong point.
    Any advice would be greatly appreciated many thanks in advance!
  2. jobeard

    jobeard TS Ambassador Posts: 13,406   +314

    here's one reference

  3. momok

    momok TS Rookie Posts: 2,272

    Hi,

    It is also likely that such infections do not come alone. I recommend the following:

    Very Important: Malware infections may possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to read this thread HERE before deciding what course of action to take regarding your infection.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of emza80 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  4. emza80

    emza80 TS Rookie Topic Starter

    Here is what you have requested :cool:
    Thanks!

    Attached Files:

  5. momok

    momok TS Rookie Posts: 2,272

    Hi,

    I noticed that your AVG log displays 'Ignored' for one of the entries detected.
    I require you to run AVG again and quarantine the files. Pictorial instructions HERE.

    Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE
    Next turn on "Show all files and folders, including hidden and system". See how HERE

    1. Go to start > run and type msconfig. Press the enter key.
      Search for the following services and disable them by unchecking the box beside the entries.

      Alcmtr
      TRANS ANTE


      Press OK but do not restart your system yet.

    2. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKCU\..\Run: [TRANS ANTE] C:\DOCUME~1\emza80\APPLIC~1\ERROR1~1\Ping Locks Five.exe

      Close HJT.

    3. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

      [​IMG]

      This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    4. Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of emza80 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  6. emza80

    emza80 TS Rookie Topic Starter

    Hey!
    The stupid thing is still coming up! :evil:
    I done what you asked, find attached all of the logs!


    Many thanks in advance, freindly emza80!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.