HTTP lop toolbar activity, HELP!

[emza80]

Hey guys, its my first post and all so

My nortons detects the HTTP lop toolbar activity as an incoming high threat like 3 times a minutes, ive scanned my pc with various things and nothing has been detected. Is this thing putting my laptop at risk??? if so how do i remove it??

Sorry for my lack of technical terms, compters are not really my strong point.
Any advice would be greatly appreciated many thanks in advance!

 

[DelJo63]

here's one reference

Spybot S&D also target and remove lop.com software. Ad-aware and Spybot both updated recently to target xupiter.com's software as well. Although we used to provide manual removal instructions for lop.com, we now recommend that you simply use Spybot to remove both lop.com and xupiter.

 

[momok]

Hi,

It is also likely that such infections do not come alone. I recommend the following:

Very Important: Malware infections may possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to read this thread HERE before deciding what course of action to take regarding your infection.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of emza80 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[emza80]

Here is what you have requested
Thanks!

 

[momok]

Hi,

I noticed that your AVG log displays 'Ignored' for one of the entries detected.
I require you to run AVG again and quarantine the files. Pictorial instructions HERE.

Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE

1. Go to start > run and type msconfig. Press the enter key.
   Search for the following services and disable them by unchecking the box beside the entries.
   
   Alcmtr
   TRANS ANTE
   
   Press OK but do not restart your system yet.
   
   
2. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
   
   R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
   O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
   O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
   O4 - HKCU\..\Run: [TRANS ANTE] C:\DOCUME~1\emza80\APPLIC~1\ERROR1~1\Ping Locks Five.exe
   
   Close HJT.
   
   
3. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.
   
   
   
   
   
   This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.
   
   
4. Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of emza80 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[emza80]

Hey!
The stupid thing is still coming up! :evil:
I done what you asked, find attached all of the logs!


Many thanks in advance, freindly emza80!