|
||
 |
||
|
| How To Get Rid Of… |
 Email This
 Print ThisView My Personal Library |
|
How To Get Rid Of… Article Last Reviewed February 2005 |
 How To Get Rid Of Lop | ||
 Lop, which stands for Live Online Portal, is a browser hijacker that resets the start and search pages in IE. (Its aliases include: C2; Lop C2Media; Lop.com; Tubmo; Ultimate Browser Enhancer; as well as Lop/Active and variants such as Lop/Dialer, Lop/IMZ, and Lop/Trinity.) Lop variants also may install an Accessories toolbar in IE, add shortcuts to the Favorites menu, monitor online activity, install a porn dialer, and load other spyware and third-party programs onto the system. Lop is an ActiveX control that installs itself automatically on any PC that comes into contact with its affiliated sites, many of which have four-letter domain names such as Aavc.com, Samz.com, Srox.com, and Wfix.com. Lop also has been known to masquerade as a downloadable MP3 search utility. How To Tell If Lop Is Present On Your System Start and search pages redirect traffic to Lop.com or one of its affiliated sites. Another symptom of Lop is the presence of numerous unexplained dial-up attempts. Among the anti-spyware utilities that can remove Lop variants is Ad-Aware SE. By opening the utility and clicking its Scan Now button, Ad-Aware SE will scour the contents of your Windows drive for evidence of Lop and other spyware programs. When the scan is complete, click Next and choose the Critical Objects tab to see everything that Ad-Aware found. Select all spyware-related items on the list and then click the Next button. Click OK to verify that you want to remove the selected objects to a quarantine folder. If Ad-Aware cannot remove an item, it will give you the option of deferring its removal until the next time you reboot. You can close Ad-Aware when the quarantine is complete. WARNING: The following section includes step-by-step information on how to edit the Windows Registry, a large database containing system and program settings that are essential to how the OS (operating system) operates. Follow Registry-editing instructions to the letter and be sure to make a backup of your Registry before you begin. (Registry errors can render your computer inoperable if you don't have a backup.) This procedure differs depending on the OS you use. For more information on backing up and editing the Registry, see these articles: "Protect Yourself" and "Register Here." How To Get Rid Of Lop Manually You can download a proprietary uninstaller from Lop.com at lop.com/new_uninstall.exe. Better yet, open the Add Or Remove Programs (Add/Remove Programs Properties in WinMe and Win98) dialog box and locate the Lop components among the list of installed programs. Depending on which variant of Lop you have, Lop components may be labeled as Browser Enhancer, Live Online Portal, Lop.com, Lop Search, Lop Uninstall, Search Plugin, Ultimate Browser Enhancer, Window Active, or Window Searching. Uninstall all of the Lop components you find. That ought to do it, but it doesn't hurt to check the Registry and your Windows drive for any Lop residue that may be polluting your system. Start by opening the Registry Editor and locating the HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN key. Look for a corresponding value that references a –QuieT or WinActive setting. Delete either if you find it. In addition, locate and delete the following keys and values (if present): •HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\TELEPHONY\DomainName •HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Domain •HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VXD\MSTCP\Domain •HKEY_LOCAL_MACHINE\SOFTWARE\CKOTETLLLYLLSHZ •HKEY_LOCAL_MACHINE\SOFTWARE\KSEATEASTEESTOE •HKEY_LOCAL_MACHINE\SOFTWARE\RHVLVEASTEAFPR •HKEY_LOCAL_MACHINE\SOFTWARE\SSAXSTXOAIEOAGRH •HKEY_LOCAL_MACHINE\SOFTWARE\TRINITYAYB You also should locate the HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES key and scan all of its associated interface subkeys for references to a Domain value. Delete any Domain values you find if they are configured for something other than Value Not Set. Reboot the system and open the View tab of the Folder Options dialog box. Select the Show Hidden Files And Folders option and click OK. You now can access the DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA (in WinXP) or WINDOWS\APPLICATION DATA (in WinMe and Win98) folder. The APPLICATION DATA folder should, under normal conditions, contain only subfolders and no files. But when your system is infected with Lop, these folders may be infested with a number of DLL and EXE files, including but not limited to: Asshuktr.exe, Bilyooas.exe, Blztstulla.dll, Blztstulloo.dll, Byb_Save.exe, Chksbdrlya.dll, Crgbeaoa.exe, Dmvcrthl.exe, Eaeeishllblc.dll, Ealymfrprwch.dll, Eaymulyl.exe, Eelykofrllfrj.dll, Eelykofrllfrpr.dll, Eeublidc.exe, Epllkeeoopr.dll, Freabrlaouw.dll, Gldqumssfrie.dll, Glxshmcr.exe, Heeachmstll.dll, Hglllyxrxw.dll, Icdrhwno.dll, Ijlysseb.exe, Jqumysto.exe, Kfriegbs.exe, Llfggrdr.exe, Lltckiey.exe, Lopsearc.exe, Meemnckyqbr.exe, Meepajlr.dll, Meepajlr.exe, Mprcouie.exe, Oofrkxpe.exe, Ousszidrta.dll, Peebqusz.exe, Plg_Ie1.dll, Prnouestssstx.dll, Prxzoustustgr.dll, Quglwachfs.dll, Quizbt1.dll, Quveioot.exe, Shoucrck.exe, Ssmeeibl.exe, Sstroallhqch.dll, Tblchepruprgr.dll, Tchpeatr.exe, Tglblrll.exe, Trdzhtxf.exe, Trstdris.exe, Trstshcrscksr.dll, Ukfroigl.dll, Ulyuiexeechp.exe, Upckeetoutw.dll, Veaeyglckr.dll, Vfthrcbr.exe, Woafrquzn.dll, Xogyfhp.exe, Yeecrsoustoull.dll, Ykphmbre.exe, Ylynfste.exe, and Ziebaeeoaeepr.dll. Delete these and any other file that appears to have been added by Lop. If you use WinXP, you also should look in the DOCUMENTS AND SETTINGS\DEFAULT USERS\APPLICATION DATA and various DOCUMENTS AND SETTINGS\<USER NAMES>\APPLICATION DATA folders (where <USER NAMES> refers to the name of each registered WinXP user) contained on the Windows drive so that you can empty them of Lop-related files. That's not all, though. Before closing My Computer, briefly turn your attention to the WINDOWS folder and delete any of the following that you find: B_dnserr.gif, Desktop.htm, Dnserror.htm, Jexpoofro.htm, I_dnserr.gif, Oiejexpoo.gif, R_dnserr.gif, S_dnserr.gif, Tiejexpoo.gif, Uiejexpoo.gif, and Xiejexpoo.gif. Open the Program Files folder, too, and delete the Active Window subfolder (if present). Finally, open the Programs tab in the Internet Options dialog box and click the Reset Web Settings button to restore your browser's default settings. Don't forget to clean the Desktop, Start menu, and Favorites folder of unwanted shortcuts, as well. You can delete them by right-clicking each one and clicking Delete from the pop-up menu.  by Jeff Dodd |
|
Home Copyright & Legal Information Privacy Policy Site Map Contact Us