lop.as trojan on my PC, log attached

Status
Not open for further replies.

neogeo1

Posts: 21   +0
Hi all, a friend of mine highly recommended this forum to me.

I have the lop.as trojan on my PC and AVG free edition keeps detecting it. I have posted a HJT log, please someone help me to fix this problem. I have read and followed advice in the sticky.
 
Hello and welcome to Techspot.

You need to rename the HijckThis.exe file to Analyze.exe and also place HJT in it`s own directory. Instructions for this can be found in this thread HERE.

Then, post a fresh HJT log.

I would also like to see an AVG Antispyware log, instructions are also in the above link.

Regards Howard :wave: :wave:

This thread is for the use of neogeo1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Please find attached a new HJT log. I have renamed HJT.exe to analyze.exe as per your request. Also attached is a AVGAS log.

Thanks alot in advance Howard.
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

CNNIC
Cdn

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

cdnup.exe
~az14y98.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {664A7BBA-92C4-4086-8B63-D029A149629E} - C:\WINDOWS\system32\khffcyw.dll (file missing)

O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\CNNIC<Delete the entire folder.
C:\Documents and Settings\Administrator\Local Settings\Temp\9<Delete the entire folder.
C:\Documents and Settings\Administrator\Local Settings\Temp\~az14y98.exe

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and AVG Antispyware logs.

Regards Howard :)

This thread is for the use of neogeo1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi Howard,

Followed your instructions to the letter. Here are my new AVGAS and HJT logs.

Regards,

Aaron
 
Turn off system restore.(XP/ME only) See how HERE.

Now turn system restore back on. This will delete all your restore points and the nasties that are hiding in them. It will also create a new and clean restore point.

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\CNNIC<Delete the entire folder(if there).

Other than the above, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of neogeo1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Howards, I just wanted to say thanks for your help on clearing this of my PC. I have only had this PC for 4 weeks and already it accululated so much spyware.

Looking forwards, what software should I install to make sure this doesn't happen again? I have AVG free edition and now AVG AntiSpyware installed and running. I also have SuperAntiSpyware installed but not running all the time. Is this enough? And do you recommend posting HJT logs to this forum periodically even if there are no apparent signs of spyware just to make sure there are none that I don't know about?

Once again, thanks.

Aaron
 
Status
Not open for further replies.
Back