Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Oct 6th, 2008, 4:25pm
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   Malware associated to LOP		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Malware associated to LOP  (Read 3115 times)
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Malware associated to LOP
« on: Sep 29th, 2004, 1:03pm »		 Quote Quote  Modify Modify
Hi guys,
Got this problem: I went to a japanese page yesterday about watches and left it open for 5 hours, when I came back I had about 7 icons with CAsino Online and all the stuff plus my IE was awful and with 2 toolbars. I have Spy Sweeper and it only found 8 LOP objects in my Favorite PAges, don't understand why because they are supposed to be the best. Then I ran Ad-Aware and it found 96 LOP objects in my pc but showing some of the as .exe files. Among them there is  a program called FLAP FAST and runs from C:\PROGRA~1\AXISTE~1\16 Ante Second .exe Registry or Startup Folder:HKLM:Run. It also showed its folder in Program Files as Axis Test Face.
Another folder found there is one called Meoweggsatom which has the Way Manager.exe inside. I tried getting rid of them to no avail.
Ad-aware also showed the following folder in Documents and Settings\All Users\Application Data: WEB INTER EGGS and runs the process EXIT GRIM .exe that appears in my running processes in TAsk Manager. Even when I end IE it keeps making IE coming back on and its annoying and frustrating.  
I tried with Spy Sweeper to make the startup value of the FLAP FAST .exe not to start, I get the alert from Spy Sweeper saying that it keeps wanting to start (FlapFast) plus another alert that says my homepage is being tried to be changed. These 2 warnings come up every 2 mins and I don't really know what to do as I have tried all the steps in Spy Sweeper and they seeem not to work or control this 2 annoying things from happening.
I hope some one here can help me on this. Maybe Magnus is around to give a hand or any other helpful friend here.  
 Undecided Cry
IP Logged
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: Malware associated to LOP
« Reply #1 on: Sep 29th, 2004, 1:05pm »		 Quote Quote  Modify Modify
Adware would be my area.  Send C:\PROGRA~1\AXISTE~1\16 Ante Second.exe to submit@trojanhunter.com with ATTN Aaron - LOP as the subject.  I'll watch for it.
 
Thanks,
 
Aaron
IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Re: Malware associated to LOP
« Reply #2 on: Sep 29th, 2004, 1:07pm »		 Quote Quote  Modify Modify
How can I get to it? I know about iy because it shows with Ad-Aware. Would you let me know how to do it and then I can send it to you?
Thanks
IP Logged
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: Malware associated to LOP
« Reply #3 on: Sep 29th, 2004, 1:17pm »		 Quote Quote  Modify Modify
Prepare your email, and then there should be an attach button somewhere.  Once you hit that, it'll want to know where the file is.  Naviage to
 
C:
Program Files
AxisTe.... (the name's truncated in your post, but just look for a folder with that beginning phrase (there might be a space here or there).
16 Ante Second .exe
 
Then hit... probably "Open" or "Attach" or... just go for the 'yes!' button in that dialog.  Then you should be able to send it in.
 
If possible, send the other one, too.  Same procedure, but instead the path will be
 
C:
Documents and Settings
All Users
Application Data
WEB INTER EGGS
EXIT GRIM .exe
« Last Edit: Sep 29th, 2004, 1:18pm by Aaron » IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Re: Malware associated to LOP
« Reply #4 on: Sep 29th, 2004, 1:26pm »		 Quote Quote  Modify Modify
I sent you 2 emails already and will send a third one with the other application I found too. Had to ask how to do it becuase I thought I wouldn't be able to send them as I tried moving them before and they wouldn't let me do it.
IP Logged
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: Malware associated to LOP
« Reply #5 on: Sep 29th, 2004, 1:27pm »		 Quote Quote  Modify Modify
Looking at them now.  Probably 30 minutes I'll need...
IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Re: Malware associated to LOP
« Reply #6 on: Sep 29th, 2004, 1:31pm »		 Quote Quote  Modify Modify
OK, I will be around. Also wanted to know if I have to do some registry editing.
IP Logged
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Re: Malware associated to LOP
« Reply #7 on: Sep 29th, 2004, 2:12pm »		 Quote Quote  Modify Modify
Is it that bad?  Huh
IP Logged
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: Malware associated to LOP
« Reply #8 on: Sep 29th, 2004, 2:13pm »		 Quote Quote  Modify Modify
This one wasn't that bad.
 
Method of Infection:  When one of the program files is executed, a copy of Internet Explorer is executed, and with one of the files, with the malware code loaded as a module.  This copy of Internet Explorer is not visible on the taskbar, and no program window appears.  Instaed, the program runs in the background, and can be seen in the Processes list of Task Manager as IEXPLORE.EXE.
 
Removal Method:  This is what worked in my testing.  After running a scan with the test defintioins provided below, remove what it finds, and restart the computer.  This should resolve the matter.
 
Test Definitions:  The following definitions are provided as a convenience.  Using these definitions will not impact your ability to update using the LiveUpdate feature.  This set of test definitions contains the same definitions as today's first update, and also:
 
Adware.Lop.102
 
Download from:  http://www.nlcomputers.com/mis/lop.zip
 
Make sure TrojanHunter Scanner is closed.  Then, extract the file's contents to your TrojanHunter 4.0 directory.  When prompted to override existing files, tell the dialog box "Yes."  Then, open TrojanHunter Scanner and run a full scan.  Remove what it locates, and restart the computer.  Adware.Lop.102 should then be removed successfully.
 
If it doesn't take care of it, let us know.
 
Thanks,
 
Aaron
IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: Malware associated to LOP
« Reply #9 on: Sep 29th, 2004, 2:25pm »		 Quote Quote  Modify Modify
I have to go to class now.  After I grab some SubWay, I'll hop online and see how things are going.  I can't work on definitions remotely (yet), but if you have any questions, I'll see if I can catch them.  Or if anyone else has any advice/etc., feel free to jump in.
 
Aaron
IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: Malware associated to LOP
« Reply #10 on: Sep 29th, 2004, 5:47pm »		 Quote Quote  Modify Modify
Back from class.  I'll keep checking this thread to see how things are going.
 
Aaron
IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Re: Malware associated to LOP
« Reply #11 on: Sep 29th, 2004, 6:14pm »		 Quote Quote  Modify Modify
Hi again Aaron,
I did as you told me to and it worked. The only thing that wasn't removed and recognized was the 3rd file I sent you. from the folder Meoweggsatom. The file name is WAY MANAGER .exe.
I'll be around,
Regards.
IP Logged
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: Malware associated to LOP
« Reply #12 on: Sep 29th, 2004, 6:21pm »		 Quote Quote  Modify Modify
Didn't see the 3rd email.  Got it now and working on it.
IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
justsurfing
Newbie
*



I love YaBB 1G - SP1!

   


Posts: 32
Re: Malware associated to LOP
« Reply #13 on: Sep 29th, 2004, 6:22pm »		 Quote Quote  Modify Modify
OK  Wink
IP Logged
Aaron
Administrator
*****





   


Gender: male
 Posts: 286
Re: Malware associated to LOP
« Reply #14 on: Sep 29th, 2004, 6:26pm »		 Quote Quote  Modify Modify
Not a valid Win32 application.  IOW, it's garbage.  Just erase it.  (I've added its info to the definitions, and that'll go out with the rest at my next update.)
IP Logged
Aaron Hulett | Trojan Analyst | Mischel Internet Security
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register