Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lop Virus


  • Please log in to reply
8 replies to this topic

#1 Micallen

Micallen

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S. C.
  • Local time:11:32 AM

Posted 24 February 2008 - 01:11 PM

I have been infested with all kinds of problems for about 10 days. I run AVG anti virus and have tried a host of anti-spyware programs. I have stuck with SpyBot. Long story short, I've eliminated maybe half my problems. I still have web pages pop up out of the blue, and every so often I can CTRL ALT DEL and see IE running in the background.

The one thing that keeps re-occuring is my antivirus program keeps finding the LOP virus. Sometimes I'm surfing and sometimes I can be doing something else. It gets rid of it, but later it will come back.

How can I stop this?

________________

Micallen


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:32 PM

Posted 24 February 2008 - 01:37 PM

Hi Micallen

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
Netpumper
BitRoll
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Zone Media


Be sure to reboot when done.

Btw you haven't got Messeger plus installed have you?
If so.... did you install the sponser program?
If you have this installed, i'd recommend that you remove that as well.

Please download NoLop and save it to your desktop.
alternate download link 1
alternate download link 2
  • First close any other programs you have running as this will require a reboot.
  • Double click NoLop.exe to run it.
  • Now click the button labeled "Search and Destroy"
    <>
  • When scanning is finished you will be prompted to reboot only if infected. Click OK.
  • Now click the "REBOOT" button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..

See if this helps at all.

BBPP6nz.png


#3 Micallen

Micallen
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S. C.
  • Local time:11:32 AM

Posted 24 February 2008 - 03:46 PM

Starbuck,

None of those programs were in my start/remove list. And I don't have messenger running (I always uninstall that).

I ran the NoLop program and it didn't find anything. My anti-virus program finds it every day or every other day, and removes it. Something keeps letting it back though.

________________

Micallen


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:32 PM

Posted 24 February 2008 - 05:46 PM

Hi Micallen

There's obviously more going on here than meets the eye.

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Read the Preparation Guide before posting a HijackThis Log.
Please read, and follow, all directions carefully

Run a log, and post it in the HijackThis Logs and Analysis forum.

Do not, post it in this topic.
Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.


If you haven't heard back from them in 5 days, go to this topic, Haven't Had A Reply In Five Days?, and carefully follow all directions.

BBPP6nz.png


#5 Micallen

Micallen
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S. C.
  • Local time:11:32 AM

Posted 24 February 2008 - 07:22 PM

OK, I'll do it.

THANK YOU for your help, too!!

Micallen

________________

Micallen


#6 Micallen

Micallen
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S. C.
  • Local time:11:32 AM

Posted 25 February 2008 - 06:27 AM

Follow-up:

After going through the steps leading up to posting Hijack This files, Bitware Defender discovered a virus it couldn't get rid of (Vundo). I D/L'ed VundoFix, and got rid of it. SO FAR (knock on wood) it seems to have taken care of the problem. Time will tell.

Micallen

________________

Micallen


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:32 PM

Posted 25 February 2008 - 05:21 PM

It sounds as if BitDefender was reading the files in VundoFix's quarantine folder.
So although the Vundo files were 'safe' ... you were still getting warnings about them.

Correct me if i'm wrong here but didn't you say in the 1st post:

I run AVG anti virus and have tried a host of anti-spyware programs


Now you are saying that:

Bitware Defender discovered a virus it couldn't get rid of


This means that you are running 2 different anti-virus programs??

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

BBPP6nz.png


#8 Micallen

Micallen
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S. C.
  • Local time:11:32 AM

Posted 25 February 2008 - 06:02 PM

No, I ran Bitware Defender folowing the directions on this site to prepare for Hijack This. It was at that point I realized I had a Vundo virus.

I'm back now to my normal of AVG antivirus and Spybot.

________________

Micallen


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:32 PM

Posted 25 February 2008 - 06:47 PM

Ar right,
so it was the BitDefender online scan that you did?
That's ok then, sorry i thought you meant that you had run the ordinary BitDefender AV.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users