HTTP LOP Toolbar Activity Intrusion

Status
Not open for further replies.
J

JJ_Joey

I have been getting a Norton security alert saying it has blocked an intrusion, it is an HTTP LOP Toolbar Activity intrusion. It pops up every so often and as a result internet explorer is loading pages extremely slowly, and it seems like a huge effort for my computer to run anything. I have run several anti-virus and spyware programs and deleted my internet cache, which cured the slow ie problem for about 3 days but then the intrusion alert is back and the internet is back to running slowly. So i ran all the same anti-virus and spyware programs again but this time it is not fixing it. I have read your instructions about removing malware before posting and followed them through to no avail. my hjt report and ad aware report are attached

Thank you in advance
 
Hello and welcome to Techspot.

Your system is infected with the lop trojan.

Delete all files in AVG Antispyware quarantine.

Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/...pmod;dl=item16

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop.
If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HJT log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.-- http://www.boletrice.com/downloads/mscomctl.ocx

Regards Howard :wave: :wave:

This thread is for the use of JJ_Joey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I ran Nolop and it says there was no infection, my computer is running even slower now when internet explorer is open it is taking 5 minutes at least to load one webpage.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ActiveBits.exe
Trans Logo.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [bind42ref] C:\Documents and Settings\All Users\Application Data\bits creative bind 4\ActiveBits.exe

O4 - HKCU\..\Run: [CAST4] C:\DOCUME~1\Simon\APPLIC~1\MPEGCO~1\Trans Logo.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\Simon\APPLIC~1\MPEGCO~1<Delete the entire folder.
C:\Documents and Settings\All Users\Application Data\bits creative bind 4<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard :)

This thread is for the use of JJ_Joey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Its still pretty slow although not as bad as before thanks. Haven't had the pop up saying blocked an intrusion though, which must be good!
here's the new hjt
 
Your HJT log is now clean.

Go and read this thread HERE and see if it helps to speed up your system.

Regards Howard :)

This thread is for the use of JJ_Joey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
howard_hopkinso said:
Your HJT log is now clean.

Go and read this thread HERE and see if it helps to speed up your system.

Regards Howard :)

This thread is for the use of JJ_Joey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Click to expand...

JJ_Joey, please be aware the NIS & NAV products have excellent heuristics that can detect new variants of exisiting threats. Thats why no else was able to detect this. Its good you had Norton installed. LOP appears to be changing multiple times a day, thats why most AVs dont detect it.
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Pentagon website now accepts UFO "activity" submissions from government employees
Replies
4
Views
257
Thatsdisgusting
T
midian182
Ad for a cheap BMW was used as Trojan horse in Russian cyberattack on Ukrainian diplomats
Replies
1
Views
334
Jaabaaar
Jaabaaar
Cal Jeffrey
Millions of US military emails have leaked to the domain of a Russian ally for nearly...
Replies
8
Views
435
VitalyT
VitalyT

Latest posts

Back