Jump to content


Photo

C2.lop - how to remove? (includes log)


  • Please log in to reply
1 reply to this topic

#1 JGM

JGM

    Member

  • New Member
  • Pip
  • 4 posts

Posted 22 July 2004 - 09:26 PM

I had posted a HijackThis log a few days back, but must have picked a bad time because I didn't get a response. Since then I got brave and read the "Analyze Your Own" article and removed several things I didn't need or want, but my primary problem remains:

C2.lop

I seem to have cleared up the actual Hijack, but SpyBot still finds it (4 instances related to a file called "TrinityAYB") but cannot remove it, even when it runs at startup. CWShredder runs clean. I can't find anything else in the FAQ about this, nor anything useful in a web search.

Forgot to mention -- the SpyBot "Immunize" feature is still telling me that it is blocking download of various nasties (including C2.lop, Avenue A, and DoubleCLick) when I navigate to what should be harmless websites. This seems to imply that I have a wrong setting or other exposure in my Browser? Or is this because of the C2.lop that I can't get rid of!?

Help? HijackThis log posted below, FWIW:

Logfile of HijackThis v1.98.0
Scan saved at 10:14:58 PM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\AT&TGL~1\NETCFGSV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\SKDAEMON.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\WINDOWS\System32\SKSMAILD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\America Online 8.0a\aoltray.exe
C:\WINDOWS\System32\spcauth.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\JGM\My Documents\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = +s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = +s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = +s
O1 - Hosts: comments (such as these) may be inserted on individual
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DNSRestore] "C:\PROGRA~1\AT&TNE~1\DNSRestore.exe" -R
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HawkEye IV Control Panel.lnk = C:\WINDOWS\NUMBER9\HAWK_32.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 8.0a\aoltray.exe
O12 - Plugin for .gils: C:\Program Files\EACom\Netscape_Plugin\NPGils.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...es/abasetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = +s
O17 - HKLM\Software\..\Telephony: DomainName = +s
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = +s
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = +s

Edited by JGM, 24 July 2004 - 12:03 PM.


#2 JGM

JGM

    Member

  • New Member
  • Pip
  • 4 posts

Posted 24 July 2004 - 12:06 PM

Bumping this. The various help files seem inconsistent about whether this is okay to do, but it seems better than reposting.

If C2.lop is just an intractable problem or still under analysis, I'd appreciate knowing that too. I can't help but feel there is a solution I'm missing.

Thanks

JGM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button