TROJAN HORSE Lop.AS

Status
Not open for further replies.
K

kramer1113

Posts: 6   +0
Hello!
I have been reading many posts for help and fixes for Lop.A?
I found none for Lop.AS
So, Here goes... HELP!

Trojan Horse found in:

C:\Documents and Settings\David Kramer\Local Settings\Temporary Internet Files\Content.IE5\****Different set of letters and numbers***lo1[1]

HELP!!
 
Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.


If after reading the above you decide you want to clean your system, do the following.


Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks,
OK, I think I did everything, and I think I have attached logs...
I think I Did, I think I Did, I think I did..
 
Your HJT log is clean. However, I`d like you to do the following, just in case.

Thanks goes to dahli for this.

dahli said:
Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx
Click to expand...

Regards Howard :)

This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.atlantic.net/~leem/David

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab

Click on the fix checked button.

Close HJT and reboot your computer.

Post a fresh HJT log and let me know if you`re still having any problems.

Regards Howard :)

This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
It seems your lop infection is still there.

Download the following three files ( rmparite.exe, rmparite.nt, rmparite.dos) and run the rmparite.exe file.

You can also specify the disks (or partitions) to heal as a command parameters, e.g.: "rmparite C: D:". If the command is used without parameters, it heals all disks (partitions) on computer.

Note:
Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmparite.nt and rmparite.dos into the same folder as rmparite.exe. After the healing process please run the AVG Complete Test to make sure your computer is virus-free.

Let me know the results please.

Regards Howard :)

This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok, but there are 2 entires in your HJT log that shouldn`t be there.

We need to temporarily disable Spybot search & Destroy`s tea time, as it may interfere with any fix we are trying to run.

Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
- Reboot your machine for the changes to take effect.

Then, run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://members.atlantic.net/~leem/David

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is now clean.

You can now re-enable SS&D.

Let me know if you`re still having problems.

Regards Howard :)

Edit: According to mikedude456 in this thread HERE The free Spysweeper scanner can get rid of the lop.AS infection. Please give it a try and let me know the results please.


This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Apparently you didn't see the RED text all through this page saying:
This thread is for the use of kramer1113 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I think you should do that.

Edit: He's now created a new thread as requested, it is found here: https://www.techspot.com/vb/topic67225.html
 
Status
Not open for further replies.

Similar threads

Senius
What would my FPS be low with 4090?
Replies
1
Views
862
Nelson28
N
Cal Jeffrey
Researchers find backdoor in thousands of generic Android set-top boxes
Replies
23
Views
702
wizardB
wizardB
C
Facebook stubbornly refuses to load pictures
Replies
0
Views
1K
catc01
C

Latest posts

Back