First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish.
ELUDZ, i can assure you rpggirls intentions were NOT bad...she is trained and well qualified in the malware removal field, I please ask you to treat the helpers a little better in the future as we're all VOLUNTEERS..but if you want to make sure your system is clean please do the following:Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.
Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.
Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.
Create a reply to this post here and right click in message area and select paste to paste the log into the post.
Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.
To see a tutorial with screenshots on using HijackThis you can click on the link below:
I will echo Jmoney3457 in saying that rpggamergirl's advice was sound as well. Eludz, if you didn't need the above assistance then you may disregard it without verbally lashing our volunteers. Jmoney3457's post assumed that you wished to proceed resolving an issue despite the problems you encountered following rpggamergirl's steps.
We appreciate you sharing the information you gathered with us.
My intensions were good, I would never in my life even try to do any harm to people's pc, and that program has been used by many malware experts in many forums to remove LOP infection instead of the manual fix.
And I have suggested that same program many times before and you're the first one who ever complains.
That fix will NOT even remove the default \microsoft\ and \identities\ directories should infected files ever be found in them, it is supposed to be safe.
I am contacting the malware expert that created that program because I'm sure he would want to know why it did what ELUDZ said.
Just a little info on Lop.
Lop actually are only able to be in your pc because you installed a program and you agreed to install its sponsors. Lop comes with a sponosr program, if you install a host program like Messenger Plus! etc which also installs its sponsor C2Media if agreeing the EULA, and the result is Lop.
ELUDZ, you have been put on notice about treating all members on this forum with respect from general keebler I hope you keep that in mind for the future..RPG girl i am going to lock this thread if you need it re opened just shoot me a PM and i'll open it back up for the original poster and everyone else please start your own thread if future malware problems arise
An excerpt of the pm from the NoLOP author(Skate_Punk_21)
"The detection scheme of the app is as follows:
NoLop will first get a list of all the user accounts on the PC, and save it to a reference file. Using this list of accounts (and their paths) it string searches the user profiles for files that:
-A) Contain the given strings
-B) Match relatively specific file sizes (between sizeA and sizeB)
-C) Are strictly executables
I have whitelisted the two common directories for an XP account ("identities" and "microsoft") and seeing as its limited to the user profile accounts, there was no need to whitelist anything in the %windir% or %programfiles%.
My only thought would be that he saw the directory runner scanning his drive and he got scared off. Nothing happens with NoLop without user approval. If a scan is cancelled all reference files are deleted and settings restored (if at all changed). If it detected a legit file I would suggest that he should have looked over the scan results before rebooting. And furthermore if theres a problem with mis-deleting something NoLop keeps complete backups at C:\NoLopBackups\."
I think that's exactly what happened, You chickened out! you got SCARED when you noticed that the directory scanner scanning while it was getting the list of all the user accounts and saving it to a reference file.
According to the author, NoLop has never failed and I believe him because I have used and witnessed this very same tool successfully working always, as well as his Chod.D worm tool that also works extremely well and never failed.
I've seen probably more or less a hundred of NoLop successful scans and you are the very first one who CHICKENed out! and cancelled the scan.
Comments
Glad you got rid of them,
They look very much like a LOP infection, if they were lop then you need to delete their folders as well.
Lop usually have hidden jobs as well so the infection could respawn.
Incase it comes back, you can run this tool.
Please Download NoLop to your desktop from one of the links below...
http://www.spywareedge.net/nolop/NoLop.exe
http://www.spywaretimes.com/Tools/download/21/chk,ed0778d88843ca2625ab6208a197bcc5/
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish.
Download HijackThis from:
HijackThis Download Site
Save this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.
Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.
Create a reply to this post here and right click in message area and select paste to paste the log into the post.
Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.
To see a tutorial with screenshots on using HijackThis you can click on the link below:
How to use HijackThis to remove Browser Hijackers, Malware, & Spyware
We appreciate you sharing the information you gathered with us.
And I have suggested that same program many times before and you're the first one who ever complains.
That fix will NOT even remove the default \microsoft\ and \identities\ directories should infected files ever be found in them, it is supposed to be safe.
I am contacting the malware expert that created that program because I'm sure he would want to know why it did what ELUDZ said.
Just a little info on Lop.
Lop actually are only able to be in your pc because you installed a program and you agreed to install its sponsors. Lop comes with a sponosr program, if you install a host program like Messenger Plus! etc which also installs its sponsor C2Media if agreeing the EULA, and the result is Lop.
An excerpt of the pm from the NoLOP author(Skate_Punk_21)
"The detection scheme of the app is as follows:
NoLop will first get a list of all the user accounts on the PC, and save it to a reference file. Using this list of accounts (and their paths) it string searches the user profiles for files that:
-A) Contain the given strings
-B) Match relatively specific file sizes (between sizeA and sizeB)
-C) Are strictly executables
I have whitelisted the two common directories for an XP account ("identities" and "microsoft") and seeing as its limited to the user profile accounts, there was no need to whitelist anything in the %windir% or %programfiles%.
My only thought would be that he saw the directory runner scanning his drive and he got scared off. Nothing happens with NoLop without user approval. If a scan is cancelled all reference files are deleted and settings restored (if at all changed). If it detected a legit file I would suggest that he should have looked over the scan results before rebooting. And furthermore if theres a problem with mis-deleting something NoLop keeps complete backups at C:\NoLopBackups\."
I think that's exactly what happened, You chickened out! you got SCARED when you noticed that the directory scanner scanning while it was getting the list of all the user accounts and saving it to a reference file.
According to the author, NoLop has never failed and I believe him because I have used and witnessed this very same tool successfully working always, as well as his Chod.D worm tool that also works extremely well and never failed.
I've seen probably more or less a hundred of NoLop successful scans and you are the very first one who CHICKENed out! and cancelled the scan.
NoLop has been proven as a safe tool to use!
EDIT: closed