TechSpot

Trojan Horse Lop.AS & Generic2.ONZ

By Trojans Bad!
Jan 9, 2007
  1. Hello Howard and friends at TechSpot,

    It seems you all have had some experience with trojans. I have had this Lop.AS as well as Generic2.ONZ trojan on my PC for a couple days now. I have AVG, Symantec, ZoneAlarm, and have recently aquired McAfee. AVG alerted me to this trojan. I do not use IE, I use Firefox, and have seen this Lo1 file create folders for itself and jump around. Quite annoying.

    I've read the instructions and though a reformat will be done in the near future, I would like to clean these files for the meantime.

    I've downloaded HJT and run the program as instructed and posted my log file. Sad to say that there are a lot of entries and though I recognize most of them, some of them are just gibberish. I'd appreciate it if you took a look at it and let me know what you think.

    I've also downloaded and run NoLop with nothing detected.

    I am eagerly awaiting your reply, and many thanks.

    Ted
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Please uninstall all antivirus programmes, except for AVG. This is because it`s not recommended to run more than one antivirus programme at the same time. Apart from slowing your system down, it can cause serious confilcts.

    Then, post a fresh HJT log as well as an AVG Antispyware log, as per the instructions in the link.

    Regards Howard :wave: :wave:

    This thread is for the use of Trojans Bad! only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Trojans Bad!

    Trojans Bad! TS Rookie Topic Starter

    Removed all antivirus except AVG

    And let me tell you, Symantec didnt want to go. Couldn't find any uninstall files or couldn't get rid of it in add/remove software. :p

    Attached is a fresh HJT log. Much appreciated :)

    Ted
     
  4. Rik

    Rik Banned Posts: 3,814

    This may possibly help with removing Norton.

    Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - http://www.techspot.com/vb/topic58138.html

    Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - http://www.techspot.com/vb/topic57112.html

    Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.



    This thread is for the use of Trojans Bad! only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Trojans Bad!

    Trojans Bad! TS Rookie Topic Starter

    Though there are many resources that describe how to rid the system of Symantec, so far they haven't worked entirely. Though I was able to get rid of McAfee. I've gotten two more alerts from AVG about this trojan, make that four. I've attached a fresh HJT log.

    In my attempts to get rid of symantec anti virus I've tried disabling services in the services.msc & msconfig, then add/remove programs. Still unable to take care of it completely. Any other thoughts?

    Your assistance is much appreciated! You guys have been a great help so far.

    Ted
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.

    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    This is the filepath you need to enter into Vundofix.

    C:\WINDOWS\system32\iifgdcd.dll

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    McAfee
    Symantec AntiVirus

    Close control panel.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    McAfee Real-time Scanner
    SAVRoam

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    SavRoam.exe
    mcshield.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {B4A062B6-F310-475C-9483-FABA4F8300BF} - C:\WINDOWS\system32\iifgdcd.dll

    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

    O20 - Winlogon Notify: iifgdcd - C:\WINDOWS\SYSTEM32\iifgdcd.dll

    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

    O20 - Winlogon Notify: winosz32 - winosz32.dll (file missing)

    O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)

    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\PROGRA~1\McAfee<Delete the entire folder.
    C:\Program Files\Symantec AntiVirus<Delete the entire folder.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and don`t forget to post an AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of Trojans Bad! only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Trojans Bad!

    Trojans Bad! TS Rookie Topic Starter

    Having done what you suggested, I still was unable to get rid of symantec all together. Though the file folder is gone, in the add/remove programs area, it is still present. I dont worry about McAfee being in the HJT, though it is still present, on the other hand most of the other lines I was able to get rid of.

    So attached is a fresh HJT with an AVG AS log. I hadn't known AVG had an antispyware, thanks for that too :)

    Once again, your collaborative assistance is much appreciated!

    Ted
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    However, you really need to get rid of McAfee and then install a firewall programme as I can`t find any evidence of an active firewall on your system. You can find some good free firewall software HERE and HERE.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Trojans Bad! only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...