adware LOP attacking my computer

Status
Not open for further replies.
RomulusJ

RomulusJ

Posts: 21   +0
Okay my computer is suffering the same problems posted here. Basically every 5-20 seconds symantec is reporting its prevented a hijack attempt on my computer. Fomr HTTP LOP TOOLBAR Activity.

Symantec & AVG fail to see the problem.
the program NOLOP saw it removed it but still getting the issues.

The registry issues listed in the above link DO NOT EXIST in my HJT. Please help . This is getting annoying. I've done over 2 hours work on this biatch and I'm near the format the HD start over stage.

RomJ
 
Thanks will try is but with Symantec and AVG both saying they see nothing wrong this is driving my to debate format and restart.

Arrghhh. I hate this dumb silly moment of nonthinking and I get HOURS of annoyance. If you never heard of the program don't install it.. Simple I live with that mantra ussually.

:eek:

WTF I tried to create a limited account after reading the reasons for not always using a admin account. WinXP is only allowing me to make an admin account. Oh bloody hell. Further the anti virus sweep I did following the above instructions found 4 adware cookies and a motherboard monitor I had installed. GRRRR Now I am getting alot more worried.
 
you need to follow the instructions that Spyder_1386 gave you to the letter.

Symantec is absolute rubbish and should be removed, AVG will only pick up cretain things depending on if its AVG antivirus or AVG antispyware.



This thread is for the use of RomulusJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hard to do it to the letter when

a) you have much of the programs already installed.
b) Windows won't let you make a Limited account. (pondering a reboot after the 2nd scan by Trend Micro is finished THAT might solve it. Was using Admin account as every day account and it was not password protected. (Now is) but now I need to make the limited account limited, get the virus out then change passwords all over again.

I love computers sometimes.

As for Symantec being rubbish.. I'm torn on that gives me lots of grief but it was the one noticing the attempts from my computer to contact another.
 
Try to get combofix to run. That has more chance of making an improvement than just about anything else.



This thread is for the use of RomulusJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
As I said I'll reboot - probally in safe mode to do it as that is a great idea - after I finish the Trend Micro Online Virus scan part 2.

I'll try and get EVERYTHING listed (Well one more firewall won't hurt to much) in the above link working but will work hard to get combofix working. I'm an A+ Computer Tech and this is making me spin my head and go WTF do I know.

Harry
 
Panic Factor increasing

Okay I rebooted after another system scan and I have to wonder if the programs I just installed (Zone Alarm among others) is not he cause of the NEW warnings. Notibly the monitor of Internet program (IE a Firewall)

But the most panic inducing issue one that got me to get out my XP Disk and get ready for a format and reinstal.

The Administrator account DISAPPEARED from the login once I made my 2nd account. It appeared in the safe mode but the standard login no Administrator account PANIC MODE!!!

I've all but decided a full wipe and reinstall, but I have to say I want to know how to solve this and how badily my data was compromised. I think its not compromised after all it was blocked but why is Administrator disappearing. Why can I not make the 2nd account login a limited user.

I wonder if this is windows doing or a virus. After all Administrator is a very generic default name maybe Windows ignores it an makes it go away after a proper named account. But if that is the case why did it show up in Safe Mode.

Also to note I can not change the Administator name from Administrator.

This is going to be a LOOOONG day. I've not even gotten to work yet.
 
To get to admin account in normal boot mode, hold ctrl+alt and press delete twice at the login screen, that may help.

If you can, post a new HJT log and i will see if i can make an improvement in order to get everything else to work better.

Don't let it beat you.


This thread is for the use of RomulusJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
You all know I feel like a ***** all I wanted to do was watch Heroes as I missed the episode. :blackeye:

Here's the new HijackThis.

Thanks for you help. I will never be defeated, I just might beat my computer into submission with a format C: :D

You will also notice is HijackThis not all the programs where installed in the above forum. I had to wait to reboot my computer so did not get past 8 or 9. Now I'm getting late going to a clients. ARG.. Got to git.
 
IMHO you can make all worse by having too many anti-this and anti-thats running. One firewall, one anti-virus, etc to keep it simple.
 
AlbertLionheart said:
IMHO you can make all worse by having too many anti-this and anti-thats running. One firewall, one anti-virus, etc to keep it simple.
Click to expand...

Totally Agreed.. If I solve this without a format c:/ I just might format C: and install only 1 of each.. But I've not been looking at Security as much as I should and simply advising AVG or Nortons. Typically I hate Nortons but it got a big boost by being the only program that noticed my computer trying to talk to another one. But Firewalls are another issue. I had in the past HATED Nortons for having a firewall in anti-virus and not clearly telling people that. (Love that feature ATM) My Router has a Firewall so there is 2 now I put in Zone Alarm that is three. I'll have to read up on firewall / Virus Scanner discussions some more and poke Rik at to why his is founder of LAN. but right now other then needing to get going to make my money I need this damn thing solved and then I'll break it down and find out the why's how fors of solving it. Cause I'm going to see it in my work.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ALCMTR.EXE
enc lite.exe

Close task manager.


Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Norton/ Symantec
If you have any problems in uninstalling the programme, take a look at this thread - https://www.techspot.com/vb/topic57112.html

Flashget, unless it`s the paid for version.


Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\enc lite.exe
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll, again, only if it's not the paid for version.

Click on the fix checked button.

Close HJT.

Turn off system restore.(XP/ME only)[/b] See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

With a bit of luck your pc should be a lot healthier after all that.

Please post all of the requested after this to ensure that no nasties remain.

Id just like to add, thanks Howard for some guidance there.


This thread is for the use of RomulusJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks Rik.

*snicker* Can't help but notice the remove Symantec is on the list.

As this won't happen for 8+ hours I'll post the results then.

Then I'll start to bug you as to how you selected

ALCMTR.EXE
enc lite.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\enc lite.exe
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll, again, only if it's not the paid for version.


Now why is Flashget on the list? Is the a forum I can read on this removal?

RomJ
 
Flashget is only a problem if it is the free version as it can let malware in.

It should uninstall easily enough in add/remove programs, let me know how it all goes.

To get your pc's speed up, you could remove symantec/ norton first if you want.



This thread is for the use of RomulusJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
No pop ups every 5 seconds.. but wait no Norton's to alert me of these popups LOL.

Norton's would not allow me to remove it in Safe mode. Had to goto regular mode.

Had a "Fatal Error" During removal of Symantec Live Update. Maybe due to the fact the core program was gone. But Live Update no longe shows in the the program list.

Here's the latest HighjackThis log.

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll,

Was not visible when I did hijackthis in safe mode. I'm thinking it was deleted when I removed the program (It was the free version)
 
The only minor problem you have left is this entry.

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

Have a look to see if that file is still in that location.

If not, have HJT fix that entry any you are all done.

Let me know if you have any further problems and i will be only too happy to help.:)



This thread is for the use of RomulusJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Norton's removed..

Pop up saying my system under attack gone. Program that gave said warning gone. :D Zone Alarm installed no reporting attacks though its reported everything else that has connected or tried to connect to the internet.

Job successful (After offline defrag. Geezus 731 fragments in pagesys. I blame Nortons)

Rik for your help you get Beanies!

jellybeans500-02434.jpg
]

Now can you explain how you decided what programs where malicious using HJT?
 
knowing which are bad comes with practice. but the way to start learning is by googling the suspected offenders, error codes and messages etc. you can also visit sites from trendmicro, norton and avg etc, or simply follow the techspot technicians on here. you will learn lots. dont be afraid to ask.

there is also this :THIS but it is advised not to attempt fixes, as it is only a guide
 
tomrca said:
knowing which are bad comes with practice. but the way to start learning is by googling the suspected offenders, error codes and messages etc.
Click to expand...


Googling brought me here! Not like Symantec helpped at all.
 
Tomrca hit the nail on the head there. Practice and also research are whats needed with malware removal.

But it's not just HJT logs that tell us everything we need to know, combofix logs are equally as important these days too.

If you should have any further problems the post them in this thread and we will sort it out for you.



This thread is for the use of RomulusJ only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

midian182
Tesla factory robot attack on employee highlights company's worker safety issues
2
Replies
30
Views
861
Bobbydpue
Bobbydpue
Steve
Gamers are ditching Radeon graphics cards over driver issues
10 11 12
Replies
289
Views
43K
TRMat
T
N
Apple Silicon Macs review roundup: So it begins
Replies
12
Views
3K
sreams
S

Latest posts

Back