Unknown Ad-spy Ware?

Thanks johnniecanuck,

I just got home and read this thread again. I downloaded HijackThis as you suggested. They told me to paste the results of the scan, so here it is. Anybody have any idea what program(s) need to be removed?

Thanks for your help.


(Edited out personal settings on computer, problem is fixed, I hope)

Try this http://www.surferbeware.com

Good luck in getting that malware off your machine!

Post your HiJackThis log in the "Spyware and Hijack Removal" area of the SpywareInfo Forum. There are experts there who can help you get rid of your unwanted guest.

Well, I think I solved the problem. (I hope)

I goofed and downloaded (and paid for :angry: ) a program called "spy hunter". Well, I finally found the real spybot software, downloaded it (for free!) used it and got rid of a lot more junk.

Everything is back to normal for the most part. That stupid addition to my toolbar is still listed, but at least it hasn't showed it's ugly head.

If I have any more problems, I'll post the results to the spyware and hijack removal fourm.

Thanks everyone for your help. You can't imagine how mad this made me.

Hello,

While you're dealing with this problem through the browser-hijacking experts I do have a few minor suggestions.

You may wish to try adding a "null entry" to your hosts file to point any accesses made to srch.lop.com and related web sites back to your own computer. A hosts file is a small text file which helps your computer convert IP addresses to domain names, such as converting 69.42.68.195 into www.lockergnome.com. While this will not remove the spyware, it will prevent your computer from accessing their computers, which will might prevent reintroduction of the malicious program hijacking your web browser. Here is how to edit your hosts file, step-by-step:

• Click on Start -> Run from the Taskbar and enter "NOTEPAD C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS." as the name of the program to run. Note that while the hosts file is a text file, it does not have a conventional three-letter extension like .TXT. This is why you should specify the "." at the end of the file name. Click on OK to start Notepad.
  
• The hosts file will appear inside of Notepad.
  
• Scroll down to the bottom of the hosts file and add the following lines at the end of it:
  
  
  127.0.0.1 lop.com
  127.0.0.1 lb.lop.com
  127.0.0.1 srch.lop.com
  127.0.0.1 www.lop.com
  
  
  
• Click on File -> Save from the main menu bar in Notepad to save the changes to the hosts file, then close Notepad when done.
  

What we're doing is telling your computer to translate the various requests to go to lop.com's computers to instead go to the computer at the IP address of "127.0.0.1" which is a special reserved IP address used to refer to your own computer. While this doesn't prevent the requests from happening, it does prevent them from reaching their intended destination by instead re-routing them to your computer.

The other thing I would suggest is you may wish to temporarily disable the "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\LMPDPSRV.EXE" program running on your computer. From what I have been able to find out this is a third-party (i.e., non-Microsoft) program to provide remote printing via RPC, which is the service Microsoft has recently warned users to update because of a critical security issue.

I'm not familiar with the "C:\DOCUME~1\OWNER\APPLIC~1\HOACHSFD.EXE" program, either, but since I could not find any references to the program at all you might want to see what you can find out about it before making a decision about it. Perhaps it is some software installed by the computer manufacturer.

Regards,

Aryeh Goretsky

Thanks goretsky,

I did what you suggested, so hopefully everything will be O.K. now.

And thanks to everyone else for your help.


sonoftom