Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


lop aka c2media

  • This topic is locked This topic is locked
1 reply to this topic

#1 cessenaacrobat


  • Members
  • 7 posts
  • Local time:08:21 PM

Posted 12 June 2004 - 11:19 PM

:thumbsup: a friends computer has been hijacked by lop, in this case called search200. There is a search bar on her computer desktop and anything she types in the address bar of IE is rerouted by search200. She is totally bogged down with popups and icons. I put zone alarm and ad aware on. Zone alarm, I hoped would stop even more stuff from getting on her computer. Ad aware found 90 items and quarantined and I deleted after. But the search bar and search200 was still there. I ran adaware with the modem shut down (she has cable connect). After approx 4 runs of adaware it came back 0 bugs, but the search200 was still there. First we downloaded CWshredder. It fixed and/or remove 2 items. We did this twice. Still had the search 200. So we downloaded spybot and it ran and quarantined 11 items but the search 200 is still there . Plus she started getting parse and creation values errors. I thought I would try system restore but there was no system restore not even for 1 day.

1. is cwshredder good only for coolsearch variants only? and is lop a part of the coolsearch variant.
2. spybot doesn't seem do it either, a problem with lop or what?

3. Do you trust the lop uninstall at their site? I ve read all kinds of stuff on lop but from what I could see nobody seems to have much success. One tech suggested using lop's removal tool, but another tech said you get rid of the one search engine and its replaced with another during uninstall. Do you know about this? Symantec recommended using the lop tool.

Im totally desperate. All I read said Hijackthis is for advance computer peeps, and Im not even in novice category. Im not good at computers, and messing in the registry is somewhere I shouldn't be because I don't know anything about fixing registry. The best I can do is next, next, and ok and hope its alright. Plus, I ve read lots of posts at the site that recommended your site and and one guy there had run hijackthis 13 times and still had lop. Thats how I knew what it was she had.

Anything you can suggest or offer would be great. I'm willing to try if you think a subnovice could do it.


BC AdBot (Login to Remove)


#2 Papakid


    Guru at being a Newbie

  • Malware Response Team
  • 6,649 posts
  • Gender:Male
  • Local time:07:21 PM

Posted 13 June 2004 - 12:33 AM

Hi Missy,
I don't think she's got Lop from what you're saying. We need to see a HijackThis log to know for sure. There are two things that HijackThis is designed for:

1. Allows a trained eye to discover what may be the problem from looking at the log.
2. In most cases it will edit the registry for you so that items can be fixed. All you have to do is put a checkmark in a box and click a button.

There are some things you will need to know about computers, such as how to use Window Explorer, but we're here to guide you--walk you thru it--because you are right to not want to fix items with HijackThis by yourself. You should leave the analysing to us. Our job as volunteers is to look at the log and and figure out what needs to be done to fix the problem. Sometimes we'll know just what to do and others it may take some figuring out. And we'll often use other tools beside HijackThis. But anything we ask you to do you should certainly let us know if you don't know how or have any other questions.

So please read this thread, download HijackThis and post the log. Be sure to extract HijackThis into it's own folder, it's best to create one such as C:/HijackThis to put HijackThis.exe into.

To answer one of your questions, yes, CWShredder is only for CoolWebSearch variants. Lop is not one of them, and there are plenty of other malware that aren't related to CWS. In fact, I think search200 is a VX2 pest that in some ways is worse than CWS. But we'll need to see the HT log to have some clues.

The thing about people

is they change

when they walk away.--Mipso

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users