LOP advertising Trojan

By flinty
Sep 5, 2007
  1. Similar to other threads I've read, I've believe I've got the HTTP LOP Toolbar Activity/LOP advertising Trojan.

    I have the Norton intrusion blocker constantly popping up and my PC is terribly slow/some applications won't start.

    I've run some recommended anti-spyware/anti-trojan programmes to not much avail before finding this excellent forum.

    I have now run HJT and attach the log. I did look at other posts, but wasn't confident about trying some initial fixes from the log unsupervised.

    Your help would be much appreciated.:)
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of flinty only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. flinty

    flinty TS Rookie Topic Starter

    Quest completed

    Many thanks for your reply, Howard.

    With my near-dead computer it's taken me some time to complete the many tasks you set before me.

    The Norton pop-up alert for the LOP advertising trojan disappeared after I ran the Norton scan in safe mode (step 13). Nevertheless, I performed the remaining tasks.

    I attach HJT, AVG-Antispyware and Combo-fix logs, as requested. AVG Anti-root kit returned "nothing found" after performing the in-depth search.

    I'd be grateful if you'd let me know if I need to do anything further.

    Thanks again. You rule!
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`d like you to have some files checked out over at Jotti`s, unless you knwo for a fact they`re safe.

    Please visit this link http://virusscan.jotti.org/
    * Click the Browse... button
    * Navigate to the following file C:\DOCUME~1\Dom\GoToAssist_phone__317_en.exe
    * Click Open
    * Please let me know the results.

    Do the same for the following files.

    C:\AY Mail 2\AYTRACK.exe

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)

    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm

    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)

    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)

    O15 - Trusted Zone: *.od2.com

    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen9.exe

    O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco/app/opcuploader.cab

    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/ install3.5/installer.exe

    Click on the fix checked button.

    Close HJT and reboot your system.

    Post a fresh HJT log as well as the Jotti results.

    Regards Howard :)

    This thread is for the use of flinty only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...