trojan horse lop.as infection no cure

Status
Not open for further replies.
M

mikedude456

hi i have avg anti virus and it keeps popping up saying i have a virus which is a trojan lop.as
i either put it in the virus vault and delete it later or heal it at that point but whatever i do i cant seem to get rid of it. i have run many virus checking program scans but none seem to be able to get rid of it. could anybody please help me as i am worried about the safety of my hard drive
regards
mike
 
Welcome to TechSpot!

Please read this thread here: Deciding whether to clean or reformat.

If after reading the above thread you decide to clean, please read the Viruses/spyware/trojans preliminary removal instructions and follow the instructions exactly. Then post fresh HJT and AVG logs as attachments into this thread.

Cheers :)

This thread is for the use of mikedude456 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
 
Hello and welcome to Techspot.

I have been searching endlessly for a solution to this variant of the lop infection and so far I have drawn a blank.

By all means follow the instructions given by kitty500cat, but it won`t get rid of the lop.AS infection.

Until a specific fix is found, your stuck with it.

Regards Howard :wave: :wave:

This thread is for the use of mikedude456 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
lop.as solution?

I recently installed AVG antivirus and anti-spyware and started getting the Lop.as threat warnings. After a lot of internet searching and downloading and trying a few different things, it seems to be gone (fingers crossed!).

I downloaded and installed spysweeper trial version, which informed me that the computer was repeatedly trying to connect to IP 82.98.235.63, apparently a known spyware site. Spyware sweeper also found a I suspected that lop.as was being repeatedly downloaded as fast as AVG put it into the virus vault.

When I ran hijackthis, one item that seemed suspect was a Browser Helper (BHO) which on my machine was called vtuvtu.dll. This appears to be a randomly generated file name, because I couldn't find it anywhere on the internet, but I've noticed similar files in some of the hijack.this logs that people have been putting on the internet about lop.as. When I went into the system32 folder, the properties for this file suggested that it had been created very recently. Unfortunately I couldn't delete it, because windows told me the file was being used by a running process. I used a program called Unlocker, which told me that the file was tied in to winlogon.exe, explorer.exe, and Apoint.exe. Because it was stuck to winlogon.exe safe mode wouldn't work to delete it.

After a bit more reading on the internet (http://www.aquezada.com/staff/julian/journal/?p=109) I used my windows XP setup CD to boot into the recovery console and delete the bastard. Since then, I've had no further messages from AVG about lop.as, and my computer seems to be running quite a lot faster.

HopefullyI've killed the right dll & not something vital, but things seem to be fine so far...

Hope this is helpful!
 
Status
Not open for further replies.
Back