TechSpot

lop.as trojan on my PC, log attached

By neogeo1
Jan 19, 2007
  1. Hi all, a friend of mine highly recommended this forum to me.

    I have the lop.as trojan on my PC and AVG free edition keeps detecting it. I have posted a HJT log, please someone help me to fix this problem. I have read and followed advice in the sticky.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You need to rename the HijckThis.exe file to Analyze.exe and also place HJT in it`s own directory. Instructions for this can be found in this thread HERE.

    Then, post a fresh HJT log.

    I would also like to see an AVG Antispyware log, instructions are also in the above link.

    Regards Howard :wave: :wave:

    This thread is for the use of neogeo1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. neogeo1

    neogeo1 TS Rookie Topic Starter Posts: 21

    Please find attached a new HJT log. I have renamed HJT.exe to analyze.exe as per your request. Also attached is a AVGAS log.

    Thanks alot in advance Howard.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    CNNIC
    Cdn

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    cdnup.exe
    ~az14y98.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\khffcyw.dll (file missing)

    O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\CNNIC<Delete the entire folder.
    C:\Documents and Settings\Administrator\Local Settings\Temp\9<Delete the entire folder.
    C:\Documents and Settings\Administrator\Local Settings\Temp\~az14y98.exe

    Reboot into normal mode and rehide your protected OS files.

    Post fresh HJT and AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of neogeo1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. neogeo1

    neogeo1 TS Rookie Topic Starter Posts: 21

    Hi Howard,

    Followed your instructions to the letter. Here are my new AVGAS and HJT logs.

    Regards,

    Aaron
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Turn off system restore.(XP/ME only) See how HERE.

    Now turn system restore back on. This will delete all your restore points and the nasties that are hiding in them. It will also create a new and clean restore point.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\CNNIC<Delete the entire folder(if there).

    Other than the above, your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of neogeo1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. neogeo1

    neogeo1 TS Rookie Topic Starter Posts: 21

    Howards, I just wanted to say thanks for your help on clearing this of my PC. I have only had this PC for 4 weeks and already it accululated so much spyware.

    Looking forwards, what software should I install to make sure this doesn't happen again? I have AVG free edition and now AVG AntiSpyware installed and running. I also have SuperAntiSpyware installed but not running all the time. Is this enough? And do you recommend posting HJT logs to this forum periodically even if there are no apparent signs of spyware just to make sure there are none that I don't know about?

    Once again, thanks.

    Aaron
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...