Cornered LOP.COM need help to kill it

Hi, I posted a thread a couple of weeks ago regarding the nasty vermin known as LOP.com invading my web browser. I didn't get another reply so I scoured the website looking for people in the same boat. Seems there are quite a few. I found some solutions and put them into practice. Took me ages to nail the little blighter. Basically I followed all the directions in the 'Don't read this before......' thread. Some of the steps I couldn't follow due to not being able to connect whilst in safe mode so I done the security scan in normal mode. I couldn't do the Online Virus scan due to it saying i needed i.explorer v.5 or higher or my active x controls weren't enabled? This is strange because I have done the scan before so don't why why it's changed. Is this anything to do with LOP?
The one scanning program you suggested that picked up the lop was Ad-aware SE. This found and removed it and I have noted down the location of the file. As soon as i reconnect to the internet it is suddenly and annoyingly back. Its the big search bar at the bottom and also one at the top of the screen. I now obviously know that the lop is connected to my browser i.explorer and is activated when i use that program. I was just wondering if someone could assist me in actually stopping it full stop. I know the location of the file but just need some pushing in the right direction to stop it reattaching. From what i've read it is connected with MSN messenger which i have on my machine.MSN plus I think, so i deleted MSN messenger. what a mission that was, thanks for that Microsoft. but the lop still keeps reattaching. It's probably a simple solution but just need a little help.I've also downloaded service pack 2 and am up to date with virus software and stuff. Anyone able to help.

Thanks alot steveo

 

So should I uninstall service pack 2 until I have got rid of Lop then? I have deleted Msn Messenger and no variant of it is on my machine. Is it possible to manually remove this Lop.com. Its not in my add/remove programs,If it is then it is under a different name. There doesn't seem to be anything suspiscious on there and am totally lost on what to do now. I would really appreciate some help because I am getting fed up with this LOP. It slows my browser right down to a snails pace. Surely there must be some way of deleting this thing and keeping it out.As i said before, Ad-aware finds and removes it but as soon as you connect to the internet it is back. thanks for your help, its much appreciated steveo

 

Hi thanks for the speedy reply. Its very much appreciated.
I re-done all the steps in 'Read this first before....' link and I think(fingers crossed) that I have eventually got rid of it. Stupidly,I think what I was doing wrong was forgetting to turn off system restore BEFORE I was getting rid of it with Ad-aware SE. So it was just re-infecting when I logged on. I also searched your site and found all the info I could. I followed the steps in your thread 'How to protect yourself from malware' and adjusted my active X settings and it seems to have done the trick. browsing is the speed it should be and best of all there's no darn toolbar. I still have one at the top under my address and link bar,But this has been here for some time and doesn't seem to be a problem.Not like Lop.com. I think it's search200 or something.No tools or scanners pick this up. Occasionaly,when you enter a wrong or invalid web address,it will go to the search200 web page. I'm not sure if this is doing me any harm but it doesn't seem to be. Just don't get your web address wrong and your O.K. I'm still having a few niggles with service pack 2 though. Initially(5 months ago) i installed it,but it made my pc randomly crash at start up and occasionly would lock up. Because of this I uninstalled it and didn't bother. I thought it might help with my Lop problem so I reinstalled it when I was prompted last week. So far it's o.k but everytime I connect to the internet and click on my EXE/browser icon,It shows me a system error notice.The one's where you can click yes or no to send microsoft an error report. Then my desktop will completely go blank(my wallpaper stays there but all the icons disappear) for a few seconds. Then it all comes back. Not a major problem but surely can't be normal can it. Have you heard of SP2 doing this to systems and do i really need it?
Just to thank you again Chaslang, you are a wise fellow indeed. Your other threads I found and executed were a big help too. Keep up the good work for majorgeeks and just to say thanks a million. steveo

 

Hi, I'm glad you asked for the hijack log. I logged on to my pc this morning and I had no web access whatsoever. All pages were blank or the search 200 page i mentioned in my previous log. I reverted back to yesterdays hard drive settings (using Norton go back) and it was fine. BUT the lop is back and Ad Aware is not picking it up for some reason. I have completed all steps in the 'Read this before....' thread and completed all the tasks mentioned apart from the ones i couldn't do that I mentioned in a previous thread. Namely the online scans i couldn't do in safe mode due to not being able to connect to internet in safe mode. Also the Symantec virus scan would not start saying that I need internet explorer 5 or higher or my active x controls are not enabled????? I've put hijack this in its own folder and think I have completed it right. Have a look and tell me what you think. Just to clarify, Lop is back and I still have the smaller bar at the top and I still get error messages when starting up internet explorer. cheers chaslang, your a star steveo

 

First:

Please update to Hijack This 1.99.1


Second:

All open browsers should be closed when using HJT! Also any unnecessary programs should be closed as well.

c:\progra~1\intern~1\iexplore.exe


Third:

After you have downloaded the new version of HJT, put it in the same location and post a new log using version 1.99.1.

Chas! will check log when time permits.

Thanks Bj

 

I have done what you asked. I assume I've done it right. Downloaded new version. Put in its own folder and then closed all windows,browsers and programs when running HJT. let me know if its not right and what i'm doing wrong. cheers steveo

 

Hi Chaslang. I've done all the steps you requested. All went without a hitch.
In answer to your query about shutting down explorer, I was (as far as i know) closing all open windows,browsers and disconnecting from the internet. Does that mean that there is a program still using it if it is showing up in log? I agree with you on limewire as it completely slows my machine down sometimes and I have uninstalled it. There are still some aspects of it left though. If i just put the word Limewire in a search and delete everything it comes up with, then that should be everything shouldn't it?
everything is running very smoothly at present. The Lop has gone, The search page re-router (search200) has gone. Its just the standard default internet 'This page can not be displayed' page now. the smaller bar at the top has also gone. The problem I had when I connected to the internet has also gone aswell.
i've posted a new log for you to look at. The only thing I noticed was that the R1 line you said delete is still there. That is the search page I kept getting redirected to, But I definately don't get redirected there now. Seems strange that its still showing up in HJT. what do you think.
Thank you so much Chaslang, All at Majorgeeks are very wise indeed. let us know what you think. Also when do I turn on system restore again,its off at the moment. cheers steveo

 

My word Chaslang, The speed of my Pc is amazing. In both internet and normal file navigation it is very quick indeed.
In regards to Error Nuker, it was just some program I got off the net when I was attempting to fix the problems I had. I bloody paid for it aswell, about £12. I just did what you said and deleted all aspects of it that I could find. It wasn't in my processes list though(should it have been). I have quite alot of processes running, is this normal?
I've completed all the steps below and again all went without a hitch.

A new log is attached. I've said it before and I'll say it all day long...
You are the nuts my friend.

A very happy steveo

 

I thought I had a firewall connected. I have latest nortin security and thought it was switched on. Is it not?
I'll do all the steps in that thread. after that do I re-enable system restore?

Thanks a million again Chaslang. You are a life saver. My pc is running really smooth again now and doesn't frustrate the bollox out of me. Thanks again

Steveo

 

I've checked my Norton package and The firewall is switched on. I've deleted all program access and started again. All the programs I know and use regulary have been added to the trusted list and the others I will configure as and when I use them.
Thanks alot chaslang. I suppose this means the end of our brief little aquaintance. I'm very thankfull and will be straight back here if I get any other problems. I certanly won't be buying anymore 'Anti spyware programs'. One last thing, I assume I switch back on system restore now that its clean. thanks again good work

steveo

 

so can I have multiple browsers then and only use the ones that I want. i.e If i use firefox and come across a page that won't let me read it, I'll just disconnect and try with internet explorer.

 

Hi Chaslang. I've think I've totally done everything now. I've installed Firefox, and you're right, I defo like it. It made my PC even quicker when browsing which I didn't think was possible as it was quite quick before. Am I right in having Firefox as my default browser,and then obviously when its needed, switch to IE? Will IE automatically connect when I'm using firefox,or can I switch it off and use it as and when, or is it the case that only one browser can be running at any one time? Answer that and I am one happy bunny and I reckon that is the end. You're probably gonna tell me some other trick to amaze me and make my PC fly or something. You can't make it tell me this weeks lottery numbers can you. thanks a billion Chas, it's been a pleasure. Over and out steveo