TechSpot

HTTP LOP Toolbar Activity Intrusion

By JJ_Joey
Mar 2, 2007
  1. I have been getting a Norton security alert saying it has blocked an intrusion, it is an HTTP LOP Toolbar Activity intrusion. It pops up every so often and as a result internet explorer is loading pages extremely slowly, and it seems like a huge effort for my computer to run anything. I have run several anti-virus and spyware programs and deleted my internet cache, which cured the slow ie problem for about 3 days but then the intrusion alert is back and the internet is back to running slowly. So i ran all the same anti-virus and spyware programs again but this time it is not fixing it. I have read your instructions about removing malware before posting and followed them through to no avail. my hjt report and ad aware report are attached

    Thank you in advance
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system is infected with the lop trojan.

    Delete all files in AVG Antispyware quarantine.

    Please Download NoLop to your desktop from one of the links below...
    http://www.spywareedge.net/nolop/NoLop.exe
    http://www.thespykiller.co.uk/forum/...pmod;dl=item16

    First close any other programs you have running as this will require a reboot
    Double click NoLop.exe to run it
    Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    When scanning is finished you will be prompted to reboot only if infected, Click OK
    Now click the "REBOOT" Button.
    A Message should popup from NoLop.
    If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HJT log

    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

    Regards Howard :wave: :wave:

    This thread is for the use of JJ_Joey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. jobeard

    jobeard TS Ambassador Posts: 13,515   +336

    extra protection ...

    To help protect IE from know bad ActiveX programs, install Spywareblaster
     
  4. JJ_Joey

    JJ_Joey TS Rookie Topic Starter

    I ran Nolop and it says there was no infection, my computer is running even slower now when internet explorer is open it is taking 5 minutes at least to load one webpage.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ActiveBits.exe
    Trans Logo.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKLM\..\Run: [bind42ref] C:\Documents and Settings\All Users\Application Data\bits creative bind 4\ActiveBits.exe

    O4 - HKCU\..\Run: [CAST4] C:\DOCUME~1\Simon\APPLIC~1\MPEGCO~1\Trans Logo.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\Simon\APPLIC~1\MPEGCO~1<Delete the entire folder.
    C:\Documents and Settings\All Users\Application Data\bits creative bind 4<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of JJ_Joey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. JJ_Joey

    JJ_Joey TS Rookie Topic Starter

    Its still pretty slow although not as bad as before thanks. Haven't had the pop up saying blocked an intrusion though, which must be good!
    here's the new hjt
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean.

    Go and read this thread HERE and see if it helps to speed up your system.

    Regards Howard :)

    This thread is for the use of JJ_Joey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. lidieyu

    lidieyu TS Rookie

    JJ_Joey, please be aware the NIS & NAV products have excellent heuristics that can detect new variants of exisiting threats. Thats why no else was able to detect this. Its good you had Norton installed. LOP appears to be changing multiple times a day, thats why most AVs dont detect it.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.