Need help with LOP, Thanks

Discussion in 'Malware Help (A Specialist Will Reply)' started by Barz51, Feb 4, 2006.

  1. Barz51

    Barz51 Private E-2

    Hello, I’m battling a LOP infestation and I can’t seem to get rid of it. I worked through the “READ & RUN ME FIRST Before Asking for Support” and the “NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting” stickey’s. I’ve run all the spyware/ adware software and installed the recommended prevention programs. Below I’ve attached my Hijack This, Panda Active Scan, and Bit Defender logs. Any help would be greatly appreciated. Thanks in advance.
     

    Attached Files:

    Barz51, Feb 4, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please install HJT properly per step 7 of the READ ME. You have it where we ask that it not be install:

    C:\Documents and Settings\Cory\Desktop\HijackThis.exe


    You should also uninstall Morpheus and mIrc. Possibly the root cause of your infections. This is one of the worst cases of Lop I have seen.

    You are going to have to login to each user account to clean these files as the all seem to have infections.
     
    Last edited: Feb 4, 2006
    chaslang, Feb 4, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay in addition to uninstalling the P2P programs already mentioned, also uninstall
    Viewpoint Manager

    Below is a list of files you must delete. You may have to login to each user account to delete this. Not since all these accounts are infected, you really should run the READ ME on each user account to really be sure they are clean. However, you do not have to do the online scanners in step 6 again.

    Use Windows Explorer to locate and delete the below files:

    All Users user account
    C:\Documents and Settings\All Users\Application Data\dashclosefirstinside <--- delete the whole dashclosefirstinside folder

    April user account
    C:\Documents and Settings\April\Application Data\Internet glue less <--- delete the whole Internet glue less folder
    C:\Documents and Settings\April\Application Data\nounsect <--- delete the whole nounsect folder
    C:\Documents and Settings\April\Local Settings\Temp <--- delete ALL files in this Temp folder

    Now run Ccleaner while logged into the April account!

    Carol user account
    C:\Documents and Settings\Carol\Application Data\Internet glue less <--- delete the whole Internet glue less folder
    C:\Documents and Settings\Carol\Application Data\nounsect <--- delete the whole nounsect folder
    C:\Documents and Settings\Carol\Local Settings\Temp <--- delete ALL files in this Temp folder
    C:\Documents and Settings\Carol\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\newpass2[1].htm

    Now run Ccleaner while logged into the Carol account!

    John user account
    C:\Documents and Settings\John\Application Data\Internet glue less <--- delete the whole Internet glue less folder
    C:\Documents and Settings\John\Application Data\nounsect <--- delete the whole nounsect folder
    C:\Documents and Settings\John\Local Settings\Temp <--- delete ALL files in this Temp folder

    Now run Ccleaner while logged into the John account!

    Patrick user account
    C:\Documents and Settings\Patrick\Application Data\Internet glue less <--- delete the whole Internet glue less folder
    C:\Documents and Settings\Patrick\Local Settings\Temp <--- delete ALL files in this Temp folder

    Now run Ccleaner while logged into the Patrick account!

    The below are common files you should be able to delete as long as you are logged in with Admin priviledges.
    C:\Program Files\Common Files\orqi <--- delete the whole folder
    C:\toolbar_uninstall.exe
    C:\WINDOWS\SYSTEM32\mbho2.dll
    C:\WINDOWS\SYSTEM32\mo030414s.dll
    C:\WINDOWS\SYSTEM32\winbpupd.exe
    C:\WINDOWS\msbb.exe.temp
    C:\WINDOWS\SYSTEM32\mocupd.exe
    C:\temp\pootz_58.exe
    C:\temp\package8029_CDT3.exe
    C:\Program Files\Morph20.exe

    Let me know how this all goes and if you are having any other malware problems.
     
    chaslang, Feb 4, 2006
    #3
  4. Barz51

    Barz51 Private E-2

    I always knew I’d excel at something.

    Also I’ve had mIRC for years and Morpheus for quite a while and I have not had any LOP.com problems until a few weeks ago when my brother downloaded messenger. Should I still remove them?

    Thanks for the help I'll go through this tonight and let you know how it goes. Thanks again.
     
    Barz51, Feb 4, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you notice how the scanners were detecting them as problems?

    Also read the info here: http://www.spywareinfo.com/articles/p2p/

    All P2P programs are dangerous to use and some contain malware. Some like Morpheus can be clean based upon which version. Some of them lie to you when they advertise they are clean and you better read the license and privacy agreements carefully.
     
    chaslang, Feb 4, 2006
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds