lop.com

Discussion in 'adware, spyware & hijack cleaning' started by beed, Feb 22, 2004.

Thread Status:
Not open for further replies.
  1. beed

    beed Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    3
    I've been infected with lop.com and I already tried to clean up my PC.
    My start page is http://netsearchsoft.com/? When I changed the start page, the next tile I start IE it is again http://netsearchsoft.com/.

    Somebody can help me

    Thanks in advance


    Beed
     
  2. LonnyRJones

    LonnyRJones Spyware Expert

    Joined:
    Apr 3, 2003
    Posts:
    61
    Sure they can
    But first Please fallow the three steps
    If you've already used adaware and spybot say so when you post a hijackthis log
    http://www.wilderssecurity.com/showthread.php?t=15913

    Regards
    Lonny
     
  3. beed

    beed Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    3
    See attachments

    regards
     

    Attached Files:

  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi beed,

    Before you start please unzip hijackthis.exe to a folder of it´s own. The program creates backups in the folder it is in. In a Temp folder they easily disappear.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = netsearchsoft.com

    F1 - win.ini: run=c:\windows\system32\unldr16.exe

    O2 - BHO: (no name) - {4377C019-BE37-2EB1-E79F-7BCD57A98F3E} - C:\PROGRA~1\FORKEE~1\globaldent.dll

    O3 - Toolbar: Bias bib defy - {40738A3E-9B6C-99AA-A565-2BB6AF651292} - C:\PROGRA~1\FORKEE~1\globaldent.dll

    O4 - HKLM\..\Run: [Idecntl] c:\windows\system32\idecntl.exe

    O4 - HKLM\..\Run: [Cddrv32] c:\windows\system32\cddrv32.exe

    O4 - HKCU\..\Run: [Dvraudio] c:\windows\system32\dvraudio.exe
    O4 - HKCU\..\Run: [Unldr16] c:\windows\system32\unldr16.exe
    O4 - HKCU\..\Run: [Idecntl] c:\windows\system32\idecntl.exe

    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.7adpower.com/dialer/A091103.exe

    O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1029_XP.cab
    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://www.oyunfabrikasi.com/be/2/058898be.exe

    Then reboot.

    Could you please zip up:
    c:\windows\system32\idecntl.exe
    c:\windows\system32\cddrv32.exe
    c:\windows\system32\dvraudio.exe
    c:\windows\system32\unldr16.exe
    and mail them to the address in my profile please?

    Regards,

    Pieter
     
  5. beed

    beed Registered Member

    Joined:
    Feb 22, 2004
    Posts:
    3
    Thanks for the information

    I did what you said, but I forgot to keep the exe pgm (sorry)

    Unfortunately, the start page still to be - http://netsearchsoft.com/
     

    Attached Files:

  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi beed,

    Try something for me.
    Fix these:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = netsearchsoft.com

    O4 - HKLM\..\Run: [anti type] C:\PROGRA~1\Blahref\coal bash.exe

    Then reboot.
    If that works I would appreciate a copy of:
    C:\PROGRAM FILES\Blahref\coal bash.exe
    at the address in my profile.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.