When I start IE, it goes to this address first

http://c5429.wabu.com/passthrough/index.html?http://www.msn.co.uk/

Then loads a nav bar with casinos and sex - how can I remove it?

"Tools" Menu,
"Internet Options"

Update the "home" URL

Yes, but it keeps defaulting to the other address. Its like theres a program running in the background. Trouble is I have a huge list of processes and don't know what they are due to cryptic naming!

Damn, seems to be an epidemic.

Don't know the permanent fix, but as a temporary measure, open up your HOSTS file (c:\winnt\system32\drivers\etc\hosts in NT/2k/XP or c:\windows\hosts in Win9x) and add this line:

127.0.0.1 c5429.wabu.com

That should at least keep that site from loading up. Then look for an ad cleaner of some time, many are mentioned in the thread linked above.

Worrying thing is I've not installed anything lately, my firewall and router are on, so I don't understand where this has come from.

Worrying thing is I've not installed anything lately, my firewall and router are on, so I don't understand where this has come from.

Don't have Windows auto-update running, do ya?

It's a trojan dealy.

http://www.onlinepcfix.com/spyware/Lop.htm

Ad-Aware will supposedly fix it, too.

I ain't paying $14 to remove it!

Man. what sites are you guys going to that are installing all this junk. I gotta stay the hell away from them.

I didn't notice that. Just get AdAware.

I don't know... I mean, I only went to bigandbouncy.com a few times.

Seriously though I have no idea! And I made that site up!

Its not working. I've tried 3 times. An exe file loads up each time I start my machine - its like a random name each time.

kpf1.exe
hgf1.exe
dfr1.exe

and so on.

My firewall kicks in each time and I deny access. I've also tried to remove the file manually from its location (documents and settings\local settings\temp) but it won't delete as it says its in use.

Now if I end the process, the icon disappears from the folder. As it changes its name each time I can't search for it.

I've attached a screen shot of the file in the folder - maybe someone will recognise the icon.



Cheers

This sounds like a job for safe mode. If the file is always three chars and the numeral 1 in the temp directory it should be hard to find. Safe mode will prevent it from starting so you'll be able to delete it. It'd be interesting to know if this is a program that adaware and the like havn't heard of, as I'm sure they'd be interested.

Matthew

it's sad that some people use programming talent like that for the dark side.

I like Spyware Blaster as an extra layer of protection too and the price is righ!

- Tim

Ok, I tried safe mode and I managed to delete the file. I then ran ad-aware in safe mode and rebooted.

The annoying menu is now gone, but another ***1.exe file has been created and tries to access lop.com. WHERE is this coming from?

Edit: Aaaagg... the bar is back. There must be another program creating these exe files. Someone help me please!

Something that occurs is that you could grab a copy of FileMon from http://www.sysinternals.com/ and see if you can get that to tell you which process is creating the EXE file.

Alternatively, reinstall Windows: "I say we take off and nuke the site from orbit. It's the only way to be sure."

Your just a grunt, you can't make that kind of decision. No offence.

None taken.

I don't promise anything, but maybe a list of the task running could help to detect what is running on your pc and should not. If we get what it is, you could search the registry to avoid that it gets loaded at boot. Just make a grab of windows taskmanager, or, if you have a resource kit installed, type this at the command prompt:

PULIST

and post the output here.

Also, I am attaching a simple .cpl that will tell you what starts at your pc boot. Just install it and go to the control panel. You will have a new icon called "startup". Start it and delete the items you don't want to be loaded on boot.

Thanks... I'll give this a go. It didn't appear on safe mode, so i will try to narrow down the program from this.

manual removal instructions
http://www.doxdesk.com/parasite/lop.html

pity antivirus software doesnt do it, this is a biatch to remove..... i think it's high time antivirus software included scanning/removal of all things ADware related too..

pity antivirus software doesnt do it, this is a biatch to remove..... i think it's high time antivirus software included scanning/removal of all things ADware related too..

The user agrees to have such adware installed when they agree to the license presented to them. Thus, it is not a virus, and not something that virus scanners need to search for.

That was their excuse last time I heard anyhow.

lop is nasty. Last year I accidentally ran across a lop mirror by mistyping a url. It took me months to get rid of all of the adware stuff that was installed. They definitely do have some talented programmers working for them.

- trs

They definitely do have some talented programmers working for them.

As far as I'm concerned, when you use your programming skill for something like this, the word "talented" should not apply.

i think it's high time antivirus software included scanning/removal of all things ADware related too..

Agreed completely. We need a convergence of tools that do similar things. I'd like to see ad removal and virus prevention in the same package. There are some other things that would dovetail nicely into a realtime-disk-access-monitoring driver that would be useful to have all under one UI...

I have had great luck with Spybot Search & Destroy (not in any way related to the currently circulating Spybot virus). You can download it for free here:

http://security.kolla.de/

Best of luck!