Computing.Net > Forums > Security and Virus > lop.com & other problems

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

lop.com & other problems

Reply to Message Icon

Original Message
Name: Juggalo1702
Date: February 11, 2004 at 22:54:44 Pacific
Subject: lop.com & other problems
OS: Windows 98 SE
CPU/Ram: pentium 2 192 mb ram
Comment:

Somehow lop had gotten into my computer but I ran adaware and spybot s & d and it seems to be gone . However, everytime I start my computer there are a bunch of weird programs running. When I press alt ctrl delete some times there are random letters and numbers and cometimes things like mmod....the very weird part is it doesn't show explorer.exe running.I also can't open msn instant messenger for some reason.

so plz help me out


Report Offensive Message For Removal


Response Number 1
Name: iceblue
Date: February 13, 2004 at 03:23:26 Pacific
Reply:


http://www.wilderssecurity.com/index.php?board=21;action=display;threadid=7487

lop makes numerous changes throughout the system; update the AA6 & SSD;

and run a HijackThis scan,
download from http://www.lurkhere.com/~nicefiles
and post the log.


Report Offensive Follow Up For Removal

Response Number 2
Name: Juggalo1702
Date: February 13, 2004 at 12:13:51 Pacific
Reply:

Logfile of HijackThis v1.97.3
Scan saved at 1:04:17 PM, on 2/13/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SYSCONF.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\NIF8V486.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\PICTURES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\system32\search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.101
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://search.xrenoder.com
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {B7C982E0-5E24-11D8-8DDC-0050BACCA46D} - C:\WINDOWS\SYSTEM\PSTOREBC.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: brddaglgchg - {41c71901-5cb6-11d8-8ddc-0050bacca46d} - C:\WINDOWS\APPLICATION DATA\SHCRHWQUCHY.DLL (file missing)
O3 - Toolbar: ez Search Bar - {CCE83E45-30B2-4BAE-B1F5-25D128D27A43} - C:\WINDOWS\SYSTEM\EZSEARCH.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Microsoft Conf Ldr] sysconf.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [version] C:\WINDOWS\SYSTEM\VERSION.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\SYSTEM\KEYHOST.exe
O4 - HKLM\..\Run: [YahooStock] C:\WINDOWS\NIF8V486.EXE
O4 - HKLM\..\Run: [PGStub.exe] C:\DP-B23011805.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Microsoft Conf Ldr] sysconf.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Trace (HKLM)
O9 - Extra 'Tools' menuitem: VisualRoute Trace (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37909.7414583333
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://www.reallusion.com/Stuff/CrazyTalk.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O19 - User stylesheet: c:\windows\java\my.css



Report Offensive Follow Up For Removal

Response Number 3
Name: Juggalo1702
Date: February 14, 2004 at 19:53:50 Pacific
Reply:

thanks for the help but I fixed it myself. Turns out It was a nasty variation for look2me that hides your explorer


Report Offensive Follow Up For Removal







Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home



Results for: lop.com & other problems

Google.com and other search engine
    Summary: Yesturday, my brother found out that google.com, yahoo.com, and other search engines wouldn't load anymore. Every other site seems to load fine, so I'm assuming it's virus related. Upon going to any o...
www.computing.net/answers/security/googlecom-and-other-search-engine/6477.html

lop.com and Alcatel touch modem/rou
    Summary: Does any body how to remove lop.com from my Alcatel Speedtouch hence is rerouting my traffic everytimeI open a webprowser or anything else that connect to the net? ...
www.computing.net/answers/security/lopcom-and-alcatel-touch-modemrou/3470.html

Concerning LOP.com
    Summary: hey all, some questions concerning LOP.com 1) Are O17 hits in HJT always LOP? Every one that i have personally encoutered has been so far, but i was looking through the posts last night and found a ...
www.computing.net/answers/security/concerning-lopcom/8048.html








Which MP3 player do you have?

iPod/iPhone
Zune
Something Else
None


View Results

Poll Finishes Today.
Discuss in The Lounge
Poll History






Data Recovery Software