1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Scary Intruder Alert Warning

Discussion in 'Windows - Virus and spyware problems' started by johnc1234, Jun 22, 2007.

  1. johnc1234

    johnc1234 Regular member

    Joined:
    Nov 29, 2006
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    26
    Hi, I've been getting this alert for at least 1 month now. And as my Norton Anti-Virus end date nears, the more frightening it becomes lol. I have scanned my laptop for viruses and spyware and removed them all, but it still seems to keep popping up. So without further a do, here are the images I get:

    [​IMG]

    Then,

    [​IMG]

    How alarmed should I be? How can I stop this person/robot from attempting to access my computer? Help me out here please.

    Regards,
    Est. 1991
     
  2. bluecoal

    bluecoal Guest

    Hi,

    The first screen talks about something called LOP. It used to come if you installed messenger plus with sponsors, I guess now it comes from other sources as well.

    Heres a link with a program and some instructions:
    http://www.geekstogo.com/forum/index.php?automodule=downloads&showfile=14

    Please post that report back and we can see if that is the problem.

    bc
     
  3. MichaelP1

    MichaelP1 Guest

    also don't renew Norton go with something better
     
  4. PeaInAPod

    PeaInAPod Active member

    Joined:
    Nov 28, 2005
    Messages:
    3,065
    Likes Received:
    0
    Trophy Points:
    66
    Download either AVG Anti-Virus Free or Avira AntiVir Free so you can keep yourself protected after Norton expires. Both programs are 100% free and among the highest rated free antiviruses. Remeber free doesn't always mean bad/cheap/limited.
     
  5. MichaelP1

    MichaelP1 Guest

    and Avria was rated the best
     
  6. PeaInAPod

    PeaInAPod Active member

    Joined:
    Nov 28, 2005
    Messages:
    3,065
    Likes Received:
    0
    Trophy Points:
    66
    Yeah I have been using Avira ever since the free Norton trial ran out on my PC and I have never looked back. It uses up next to no memory/system resources and the scans are quick yet still thorough. Plus they have a specially designed scan just to find rootkits! Avira AntiVir is, in my opinion, the best free antivirus.
     
  7. MichaelP1

    MichaelP1 Guest

    they have a pay version also an Internet Security suite with firewall and all
     
  8. PeaInAPod

    PeaInAPod Active member

    Joined:
    Nov 28, 2005
    Messages:
    3,065
    Likes Received:
    0
    Trophy Points:
    66
    Yeah but there are better free firewalls, one of the best free firewalls is made by Comodo. When compared to ZoneAlarms/ZoneLabs's free firewall Comodo uses next to no system resources.
     
  9. johnc1234

    johnc1234 Regular member

    Joined:
    Nov 29, 2006
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    26
    Well I do have messenger plus, perhaps if I uninstalled the programme it would go away? Also I downloaded the programme, unzipped and doubleclicked findlop.bat, it gave me a .txt document and then I dont know what to do.

    Yer I will consider Avira, I used to use AVG on my old laptop, but when I purchased this laptop it came with norton so I used it. Will Avira get rid of the security alert or will it merely protect me from it?
     
    Last edited: Jun 25, 2007
  10. bluecoal

    bluecoal Guest

    Please open a reply box for this thread. Then open your text document and highlight all the text. Right click, and one of the options should be copy. select that. Then go to the other window with the reply box. Right click and select the paste option. That should copy the contents of the text file into the reply box so you can post it here.

     
  11. PeaInAPod

    PeaInAPod Active member

    Joined:
    Nov 28, 2005
    Messages:
    3,065
    Likes Received:
    0
    Trophy Points:
    66
    When Norton expires/is uninstalled the warning message will go away. Should Avira AntiVir find this "LOP Toolbar" to be suspicious or malicous in anyway it will block it and alert you asking you what to do whether it be "Ignore" it, "Block" it from running, or "Quarentine" it.
     
  12. johnc1234

    johnc1234 Regular member

    Joined:
    Nov 29, 2006
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    26
     
  13. bluecoal

    bluecoal Guest

    ---------------------------------------

    This is what I was looking for:

    [TRACE] Enumerating jobs and queues
    [TRACE] Activating job 'AD886A80948C1AF0.job'
    [TRACE] Printing all job properties

    ApplicationName: 'c:\docume~1\owner~1.you\applic~1\warnso~1\Axis Bash Frag.exe'

    This is a LOP job to help it keep itself installed on your system.
    ------------------------------------------------------

    If you would like to try uninstalling the messenger plus program, you may do so. Whether you choose to do that or not, I would still like to go through these other steps with you because I am not sure how complete the uninstall cleanup is. If you do choose to uninstall messenger plus now, you should be able to reinstall it later – without sponsors – and be able to continue using it without the LOP problems.

    This step will remove the scheduler job:

    Please Download NoLop to your desktop from the link below...
    http://www.thespykiller.co.uk/index...be028538366e8b644d0e9fd&action=tpmod;dl=get16

    • First close any other programs you have running as this will require a reboot
    • Double click NoLop.exe to run it.
    • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
    • When scanning is finished you will be prompted to reboot only if infected, Click OK
    • Now click the "REBOOT" Button.
    • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
    This will help me to see the folders that you need to remove:

    1. Download combofix from one of these links:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


    I will have some additional instructions after I see these two logs.
    Thanks.
    bc
     
  14. johnc1234

    johnc1234 Regular member

    Joined:
    Nov 29, 2006
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    26
    contents of C:\NoLop.txt

    I ran the NoLop Program, search and destroy and it detected a virus. Gonna Reboot now then I will follow your next set of instructions, thanks for the help.
     
  15. johnc1234

    johnc1234 Regular member

    Joined:
    Nov 29, 2006
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    26
    Okay, I have ran combo fix and it gave me a log (rather long) but oh well here goes.

    I am guessing that everything is resolved now and I am safe to uninstall norton and go for avira. I hope so.
     
  16. bluecoal

    bluecoal Guest

    This is from the combofix log:

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "grim enc"="C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\WARNSO~1\bin book program.exe" [2007-02-13 15:49]

    It also relates to LOP. It’s old enough that it doesn’t show in the file listing, so I can’t tell for sure if NoLOP deleted the other files or not.

    The references I am going to give you are all abbreviated, the folders you are looking for will begin with the first 6 characters shown.

    Please check your system for:
    C:\programfiles\WARNSO~1
    c:\documents and settings\owner~1.you\application data\warnso~1

    If you find either one, before you delete it, notice the date, sort the folders by date and then see if there are any other peculiar made up looking named folders that were created about the same time. If there are, they may be LOP as well, we can discuss them.

    Then delete any of the folders I listed that you find.

    You can find HijackThis on this page:
    http://www.malwareremoval.com/downloads.html

    Save it to your desktop and then double-click to run it.
    It will install the program in c:\program files\HijackThis.
    Browse to that location with windows explorer, and double click on the HijackThis.exe program to run.

    Check the listed lines for an 04 line that begins with HKCU and includes this folder reference: C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\WARNSO~1

    Check that line and allow hijackthis to fix it.

    At this point you have removed the task scheduler job,
    Any LOP folders we know about,
    And the one LOP reference combofix showed in the registry.

    That is what I know to look for for that problem.

    Regards.
    bluecoal
     
  17. johnc1234

    johnc1234 Regular member

    Joined:
    Nov 29, 2006
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    26
    Thought I should let you know, both these references are folders C:\programfiles\WARNSO~1

    AND

    c:\documents and settings\owner~1.you\application data\warnso~1

    are folders. shall I delete the whole folders?

    also, when I go to srart run -> msconfig i click startup tab and bin book programme appears. thought i should inform
     
  18. bluecoal

    bluecoal Guest

    Yes, delete the entire folders.

    The docs & settings LOP folder will contain at least these two programs:
    Axis Bash Frag.exe and bin book program.exe

    I don't know what LOP puts in the c:programfiles LOP folder, I just know it creates one. If you can tell me anything about the contents of that folder, I would be interested.

    The HijackThis repair should remove the registry entry and eliminate the calling of the program.
     
    Last edited by a moderator: Jun 28, 2007
  19. johnc1234

    johnc1234 Regular member

    Joined:
    Nov 29, 2006
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    26
    i run thehijack.exe file it does not install. just goes straight to the programme :S
     
  20. bluecoal

    bluecoal Guest

    Hi,

    My fault, I gave you a link with too many choices.

    If you downloaded the exe file, just put it in its own folder (such as c:\hjt) and then run it from there. Putting in its own folder gives it a place to put the backups that it makes.

    Then when you run the program, you will see lines with boxes on the left. Find the 04 line that has the folder and file reference we talked about, check that one line and let hijackthis fix it.

    This link has a lot of information on hijackthis:

    http://www.bleepingcomputer.com/tutorials/tutorial42.html

    If you scroll down to figure 4, you will see a sample of what your screen should look like. The line you want to find will probably be down towards the end of the group of 04 lines in your log.

    EDIT
    Figure 6 shows you an example of selecting and fixing an item.
    ENDEDIT
     
    Last edited by a moderator: Jun 28, 2007

Share This Page