TechSpot

Online Casino/Find a Date/Cellphone Ringtones - LOP?

By littlejones
Sep 13, 2005
  1. Hi,

    I regularly get these icons on my desktop which I proceed to delete, and my laptop is also running slowly despite having more RAM than usual. I did a google search and it said the problem was LOP and came from messenger plus but I uninstalled this, and I even reinstalled the new version and uninstalled the sponsor then uninstalled the new messenger plus but my computer is still slow and I can't use IE without a hundred thousand pop ups - so I use Firefox, but would like to clean up IE (not just get a pop up blocker).

    Here is my hijackthis log file, can anyone spot anything as I do not have the knowledge to know what is good and evil, but I do know I have tried about 8 spyware programs with no joy, they only end up destroying programs like my limewire because they think they are evil (perhaps they are :stickout: )

    Thanks in advance.
     

    Attached Files:

  2. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    sounds like the aurora virus or a variant.
    what soes spybot and adaware say?

    is your anti-vrius set on the highest heuristics?
     
  3. littlejones

    littlejones TS Rookie Topic Starter

    They don't seem to have any effect, unless they remove it and it comes back but I doubt it. I have those you mentioned and xoftspy, noadware, hijackthis, registry mechanic and avast antivirus.

    Not sure if avast is set to high, not sure how to do it either but I'll open avast and see if I can find the setting.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    C:\Documents and Settings\PJ\Desktop\HijackThis.exe
    put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.


    Boot in Safe Mode, see how here.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.

    Next, open Windows Task Manager by pressing CTRL+ALT+DELETE.
    Click the Processes tab, select the process (if there) and click End Process for:
    Bird More.exe
    Locks Keep.exe
    if you can find it: ènŒ

    Next, click Start/Control Panel/Add/Remove Programs. If there, UNinstall anything to do with:
    C:\DOCUME~1\PJ\APPLIC~1\SPAMSK~1\Bird More.exe
    C:\Documents and Settings\All Users\Application Data\manager4nurbvc\Locks Keep.exe
    if you can find it: [ChkMail] ènŒ

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    O2 - BHO: (no name) - {09CF0D86-D59D-6D79-3EBD-031C309FAF23} - C:\DOCUME~1\PJ\APPLIC~1\SPAMSK~1\Bird More.exe
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O4 - HKLM\..\Run: [nurbvceachplay] C:\Documents and Settings\All Users\Application Data\manager4nurbvc\Locks Keep.exe
    O4 - HKCU\..\Run: [ChkMail] ènŒ
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    ...................................................................................................
    Now click on the Fix Checked button in HJT. Exit HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Rightclick IE on the desktop, select Properties, click on Delete Cookies, and Delete Files.
    Delete ALL files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    XP only: Delete ALL files from C:\WINDOWS\Prefetch.
    Boot normal. When all OK, switch System Restore back on.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...