Trojan Lop.AS

[gfu fydfyd]

Sorry,I read the entire thread through,saw you covered dodgy cracks etc,mine was a foolish keygen moment,which i blocked from leaving.also admit I checked it out on his thread on my long ( I had this a day or two )journey to kill it.I know the frustration of trying fix after fix,only to see it pop back up again time after time.
I repeat .... d/l http://www.msgpluslive.net/download/ install sponsor program (very important) ... go to add/remove programs and run uninstaller.(same as the lop universal uninstaller) -- Reboot to complete uninstall.

A friend also carried this theory on and returned to the crakz site he got his and allowed it to install.... then removed all the inserted spyware/adware after.He says lop.AS is gone this way too.

All I can say is ... worked for me,my symptom was AVG spotting a temp file lop.AS .... regularly..... not a sound outta it since ...includes reboot.

As a side note .... i saw the change of firewall to zonealarm ... good luck with that,its not the most stable in the world,in my opinion. I think sygate free firewall is sweet.

Try it you might like it ... i'm outta here ..... I only posted this here (exclusive) as its the first to come up in google... you deserve it.

jesus_ate_my_underpants ... catch me on yahoo.....still lop free over 12 hours later ..... WHEN IT CAME BACK for no reason .... i give up ..... sigh

I ended up using http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx It saved itself as a randomly-named DLL and added itself as an AutoRun all over the place.
I saw somewhere that investigation showed it can cause WINLOGON.EXE to run some routine inside the DLL file every second!

shows on my system as mljkijk c:\windows\system32\mljkijk.dll in many places

 

[howard_hopkinso]

Edit: According to mikedude456 in this thread HERE The free Spysweeper scanner can get rid of the lop.AS infection. Please give it a try and let me know the results please.

Regards Howard

This thread is for the use of Plap only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Fancirae]

I have had this lop.as for about five days now. I ran spy sweeper after updating it to no avail. It didn't pick it up on my computer. This is so frustrating.

 

[gfu fydfyd]

iI can confirm it has gone using http://www.microsoft.com/technet/sysinternals/utilities/Autoruns.mspx

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

Obviously be careful what you disable/delete,but its pretty straight forward,you can get it to mask microsoft autoruns and concentrate on 3rd party.

as you say yourself ........... try and let me know the results please.shows on my system as mljkijk c:\windows\system32\mljkijk.dll in many places

my home site is back up now at http://www.illicit-concepts.com

O.K ... the F**k*r showed up again and shows tagged to winlogon again despite removal ....... trying spysweeper 5.0 and other rootkit scans .... this sux donkey

I can confirm it shows back in 39 locations with spysweeper ... it appears if you miss an autorun it regenerates in all locations ... my advice .. subscribe and be rid of or find alternative means ... i found the 2 locations i missed

running trojanhunter now ... which i can tell you does not see it all

I ran spysweepers latest definitions and the only trojan it found and probably our lop was Trojan-Backdoor-us15info

I rechecked autoruns i had disabled and they were all file not found. Thanks for the tip Howard ... although "free trial" wont remove .... catch me at my home site and i might share some help .. Pants http://www.illicit-concepts.com

If I am right,I think I can continue unmolested by my lop.as alerts It is easy to see how granmas p.c ends up spamming the world etc.

Thanks for the help

 

[Plap]

Sorry I've been busy setting up a new PC here (without Lop.AS on it heh) but I still have it on the wifes laptop and I have tried everything now and the little bugger still pops up whatever.

Person who wrote this one = complete git!

Plap.

 

[Fancirae]

I am pretty sure I got rid of it using Spyhunter. It cost me 30 bucks but was worth it as it picked up lots of stuff that my other proggies didn't get. I have been 48 hours with no sign of it and I have six programs that are all scanning clean as a whistle so I am feeling pretty good about it now.

 

[Plap]

Hi,

OK I ran SpySweeper (demo) not that it picked much up anyway so I did'nt bother with full reg version.

Then I ran http://www.microsoft.com/technet/sys.../Autoruns.mspx and deleted an offending 'random-named'.dll that looked odd.

Then finally I deleted a firewall exception for 'Toredo' whatever that was and rebooted and scanned with ALL...after 12hrs I've not seen anything further and full scans with ALL show nothing.

I think and hope it is gone from this machine.

Edit: I did all this with System Restore turned OFF else the root .dll will reinstall itself from the restore point somehow it seems and require net access through the firewall although AVG did pick this up. Then I turned it back on after a reboot and have still not seen it... yet!?

If it comes back I will be first to report have no fear!

Cheers for everyones help to date.

May the Trojan Lop.AS NOT be with you!

Plap.

 

[gfu fydfyd]

12 days later this sucker is still a distant memory

 

[Plap]

Not seen it since either so I guess it has gone - all scans using everything report clean.

Cool!

 

[howard_hopkinso]

That`s good news mate.

Thanks for letting us know.

Regards Howard

This thread is for the use of Plap only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.