| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 16526 | 2002-03-11 03:47:00 | can anyone identify the trojan that installs 'lopsearch' | Guest (0) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 38653 | 2002-03-11 03:47:00 | I am running a 450 meg pent. with 256 ram on win 98SE My lovers well-meaning son downloaded a patch that was o so much more. (he at first deneid it, and cannot tell me what it was)it installed lopsearch, a programme that starts at bootup and appears harmless, however there is enough background activity to suck away almost all of my memory, to the point where outlook express shuts itself down in discust. a programme called sfx(xxxx).tmp (yes .tmp)was trying to access the net, and it was only zonealarm that stopped it! i found lopsearch.exe, deleted it, and this seemed to stop various versions of sfx..... from trying to talk to the outside world, but did not stop the lopsearch window that appears on my desktop @ bootup. Another thing which seems to have appeared at the samre time is a folder called C:\temp.tuw , which is full of large files with names like 'Qaaaaaaaa.tuw' fortunatly this seems to have stopped growing since the deletion of lopsearch.exe 10 days ago i formatted and rebuilt my system, i want to avoid doing this again so soon but fear it might be the only way. HELP!!!!!! |
Guest (0) | ||
| 38654 | 2002-03-11 04:32:00 | Do you have Office or Works installed? *.tuw is a file found in MS Office/Works. As for Lopsearch, does not show in my list of trojans and can find only one reference to it on the net at the link below which I does not say a lot. <www.dresden.nacamar.de |
Guest (0) | ||
| 38655 | 2002-03-11 06:01:00 | Thankyou gordon! yes i do have office installed, although i have never noticed such a folder generate before this problem. Any other advise from you or anyone will be appreciated! Perhaps someone could tell me if there is a way i can find out everything that is running on my machine at any given time and where from. I realise that ctrl+alt+del gives me only a very limited veiw | Guest (0) | ||
| 38656 | 2002-03-11 09:55:00 | Guest (0) | |||
| 38657 | 2002-03-11 09:57:00 | Chris This week's Langalist Newsletter may be of some help to you with some useful links. www.langa.com John B |
Guest (0) | ||
| 38658 | 2002-03-11 16:58:00 | <www.langa.com Interesting site the link to lagna, the link above, scroll down a little way look for the title New Scumway or somehting like that and see if what it offers there matches what you had. |
Guest (0) | ||
| 38659 | 2002-03-11 20:16:00 | if only the link didn't give me a 404 i would! | Guest (0) | ||
| 38660 | 2002-03-15 10:21:00 | The uninstall from lop.com seems to work. I had to manually delete the dll file it created in 'my documents and settings\username\application data\plg_ie0.dll' Always check the registry values in HKLM\software\microsoft\windows\currentversion\run if you want to kill annoying startup programs. That will majorly help people with memory/performance problems. |
Guest (0) | ||
| 38661 | 2002-05-24 13:44:00 | LopSearch - bad news! Fortunately it was the only thing installed on my server yesterday so identifying the pieces wasn't too bad. With as much damage as it does it had to run as an authenticated installer (ActiveX probably.) My bets on the ?C2 Media? (??) install package. Desktop - delete icons - simple. Registry - search for lopsearch.exe - delete it from window?s run; Search for plg_ie0.dll - delete keys as the control imbeds itself in IE as toolbar (BTW in my haste I failed to do a recursive search on the plg_ie0.dll?s key name to see where it is called. plg_ie0.dll?s keys may not be deleted if you?ve run IE (which loads plg_ie0) so a warm boot might be required. Favorites ? locate you ?favorites? folder in ?Documents and Settings? ? the date/time stamps group the lopsearch installed files together ? start deleting. Windows explorer ? search and destroy LopSearch.exe, plg_ie0.dll, and any DNSERROR.HT* found in the windows o/s dir. |
Guest (0) | ||
| 38662 | 2002-05-24 13:51:00 | <a href=http://www.spywareinfo.com/lop.html>SpyWare explains</a> | Guest (0) | ||
| 1 | |||||