TechSpot

TROJAN HORSE Lop.AS

By kramer1113
Jan 1, 2007
  1. Hello!
    I have been reading many posts for help and fixes for Lop.A?
    I found none for Lop.AS
    So, Here goes... HELP!

    Trojan Horse found in:

    C:\Documents and Settings\David Kramer\Local Settings\Temporary Internet Files\Content.IE5\****Different set of letters and numbers***lo1[1]

    HELP!!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.


    If after reading the above you decide you want to clean your system, do the following.


    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. kramer1113

    kramer1113 TS Rookie Topic Starter

    Thanks,
    OK, I think I did everything, and I think I have attached logs...
    I think I Did, I think I Did, I think I did..
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. However, I`d like you to do the following, just in case.

    Thanks goes to dahli for this.

    Regards Howard :)

    This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. kramer1113

    kramer1113 TS Rookie Topic Starter

    As Requested!
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.atlantic.net/~leem/David

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab

    Click on the fix checked button.

    Close HJT and reboot your computer.

    Post a fresh HJT log and let me know if you`re still having any problems.

    Regards Howard :)

    This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. kramer1113

    kramer1113 TS Rookie Topic Starter

    All Seems Well, Thanks Be To All!
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It seems your lop infection is still there.

    Download the following three files ( rmparite.exe, rmparite.nt, rmparite.dos) and run the rmparite.exe file.

    You can also specify the disks (or partitions) to heal as a command parameters, e.g.: "rmparite C: D:". If the command is used without parameters, it heals all disks (partitions) on computer.

    Note:
    Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmparite.nt and rmparite.dos into the same folder as rmparite.exe. After the healing process please run the AVG Complete Test to make sure your computer is virus-free.

    Let me know the results please.

    Regards Howard :)

    This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. kramer1113

    kramer1113 TS Rookie Topic Starter

    I have had No Anti-virus warning that I am infected.

    Posting log:
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, but there are 2 entires in your HJT log that shouldn`t be there.

    We need to temporarily disable Spybot search & Destroy`s tea time, as it may interfere with any fix we are trying to run.

    Disable Spybot's TeaTimer. This is a two step process.
    First:
    - Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
    - Choose Exit Spybot S&D Resident
    Second:
    - Open Spybot S&D
    - Click Mode, check Advanced Mode
    - Go To Left Panel, Click Tools, then also in left panel, click Resident
    - If your firewall raises a question, say OK
    - Uncheck the box labeled Resident Tea-Timer and OK any prompts.
    - Use File, Exit to terminate Spybot
    - Reboot your machine for the changes to take effect.

    Then, run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.atlantic.net/~leem/David

    O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. kramer1113

    kramer1113 TS Rookie Topic Starter

    Hows This!
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    You can now re-enable SS&D.

    Let me know if you`re still having problems.

    Regards Howard :)

    Edit: According to mikedude456 in this thread HERE The free Spysweeper scanner can get rid of the lop.AS infection. Please give it a try and let me know the results please.


    This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. Trojans Bad!

    Trojans Bad! TS Rookie

    <post removed and new thread created> -ted
     
  14. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,715   +397

    Apparently you didn't see the RED text all through this page saying:
    This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

    I think you should do that.

    Edit: He's now created a new thread as requested, it is found here: http://www.techspot.com/vb/topic67225.html
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...