|
O.P. Information related to Lop Infection
I am not sure if my computer has been infected with the most heinious of all spyware/adware/malware programs known as lop. I have installed MSg plus and i am uncertain of what version i installed. Anyways the following is a log file using "Registry Viewer" (www.sysinternals.com). The "Glue Once Blue" reffers to Glue Once Blue.exe which was found in C/Documents and settings/My Name/Application Data/Phone Meet With HijackThis I started the registry viewer up and opened the exe (Hoping that it didnt kill the crap out of my computter)
Glue once blue.:3816 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Glue once blue.exe NOT FOUND
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Access: 0x20019
Glue once blue.:3816 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
Glue once blue.:3816 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Access: 0x20019
Glue once blue.:3816 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
Glue once blue.:3816 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS Access: 0x1
Glue once blue.:3816 QueryValue HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode NOT FOUND
Glue once blue.:3816 CloseKey HKLM\System\CurrentControlSet\Control\Session Manager SUCCESS
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS Access: 0x20019
Glue once blue.:3816 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSAppCompat SUCCESS 0x0
Glue once blue.:3816 QueryValue HKLM\System\CurrentControlSet\Control\Terminal Server\TSUserEnabled SUCCESS 0x0
Glue once blue.:3816 CloseKey HKLM\System\CurrentControlSet\Control\Terminal Server SUCCESS
Glue once blue.:3816 OpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS Access: 0x20019
Glue once blue.:3816 QueryValue HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LeakTrack NOT FOUND
Glue once blue.:3816 CloseKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon SUCCESS
Glue once blue.:3816 OpenKey HKLM SUCCESS Access: 0x2000000
Glue once blue.:3816 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics NOT FOUND
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\SafeBoot\Option NOT FOUND
Glue once blue.:3816 OpenKey HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers SUCCESS Access: 0x1
Glue once blue.:3816 QueryValue HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\TransparentEnabled SUCCESS 0x1
Glue once blue.:3816 CloseKey HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers SUCCESS
Glue once blue.:3816 OpenKey HKCU\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers NOT FOUND
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\Error Message Instrument\ NOT FOUND
Glue once blue.:3816 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS Access: 0x20019
Glue once blue.:3816 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32\Glue once blue NOT FOUND
Glue once blue.:3816 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32 SUCCESS
Glue once blue.:3816 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS Access: 0x20019
Glue once blue.:3816 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility\Glue once blue NOT FOUND
Glue once blue.:3816 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility SUCCESS
Glue once blue.:3816 OpenKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS Access: 0x20019
Glue once blue.:3816 QueryValue HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs NOT FOUND
Glue once blue.:3816 CloseKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows SUCCESS
Glue once blue.:3816 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Performance NOT FOUND
Glue once blue.:3816 OpenKey HKLM\SYSTEM\Setup SUCCESS Access: 0x1
Glue once blue.:3816 QueryValue HKLM\SYSTEM\Setup\SystemSetupInProgress SUCCESS 0x0
Glue once blue.:3816 CloseKey HKLM\SYSTEM\Setup SUCCESS
Glue once blue.:3816 OpenKey HKCU SUCCESS Access: 0x2000000
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\Nls\MUILanguages NOT FOUND
Glue once blue.:3816 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
Glue once blue.:3816 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
Glue once blue.:3816 CloseKey HKCU\Control Panel\Desktop SUCCESS
Glue once blue.:3816 CloseKey HKCU SUCCESS
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\Nls\MUILanguages NOT
Glue once blue.:3816 OpenKey HKCU SUCCESS Access: 0x2000000
Glue once blue.:3816 OpenKey HKLM\System\CurrentControlSet\Control\Nls\MUILanguages NOT FOUND
Glue once blue.:3816 OpenKey HKCU\Control Panel\Desktop SUCCESS Access: 0x80000000
Glue once blue.:3816 QueryValue HKCU\Control Panel\Desktop\MultiUILanguageId NOT FOUND
Glue once blue.:3816 CloseKey HKCU\Control Panel\Desktop SUCCESS
Glue once blue.:3816 CloseKey HKCU SUCCESS
Glue once blue.:3816 OpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots NOT FOUND
It did not stop there however this is actually a short version of the first actions it did inside the registry.
Now for the question.
Am I infected with a form of Lop as a result of Msg Plus, Or is this another virus unrelated to Msg Plus. If I am infected with Lop I have already read the sticky and plan to use that for removal but I have another question. In removing Msg Plus Outright from my computer will i lose my Display Pics or Is there a way to save them (I am sure there must be a collection of them in a folder somewhere which is where MSN gets them from)
Thank You in advance to anyone who responds.
| 
