Royal Genes


Safe For Kids





Help needed with Trojan



Thu, 26 Oct 2006 19:42:33 +0100 uk.people.silversurfers
previous


BoyPete...
I've had this blighter for over a week now. Have tried so many progs and
online scanners I couldn't begin to list them.
Every time I open a web page, or click on a link in a page, AVG puts up a
warning message............
'Virus detected'
C:\WINDOWS\mssbx1.dll
Trojan horse Lop.AH

JoeH...
Lop.AH is also known as the Rootkit Trojan.LinkOptimizer

The link Coats posted should do it for you.

AVG cannot delete or send to vault.......access denied. No other scanner
detects this, nor can it be found at the location quoted. I've had HJT
checked in Karls forums, nowt nasty showing. I've searched the web for till my eyes
goggle lol, read about various Lop files, but not this one. Thoughts on how
to proceed from here please. Would an 'over the top' re-install of XP do any
good..............Heaven forbid I have to reformat!!!

Ali...
Have you tried using the command prompt?
Booting into DOS?

cd \windows
dir mssbx1.dll

if that shows it,
del mssbx1.dll

BoyPete...
Nooooo. Back up a bit, my knowledge doesn't extend that far. How do I boot
into DOS? (I thought XP had no DOS base?)

Ali...
It doesn't, but that doesn't stop you booting into DOS *instead* of XP.
Jeff explained how.


Jeff Gaines...
You would need a boot floppy or CD, and if you use NTFS on your PC you
won't be able to see anything!

Ali...
I forgot about that.


for ripping things off an XP install.

Ali...
You could try from the Command Prompt first (which is near enough DOS for
many purposes).

Get to it by clicking the Command (or CMD) icon somewhere in the Start
menu, or by Start->Run CMD (I think, I haven't got XP here)


Tickettyboo...
use a command prompt
Start:Run:cmd


MCC...
Try a system restore to before you caught the trojan

BoyPete...
I did try that last week. System refused to restore. Have subsequently
turned it off several times in attempts to let scanners get rid.
Thanks anyway :)


Coats...
Hi Pete, seems this will get rid of it, its fiddly but may be the only thing
for it. The virus you have is this renamed.

BoyPete...
Only just had time to try and deal with this. Unfortunately, the download
isn't available. :(

JoeH...
I've just downloaded it - can mail it to you if you wish.

BoyPete...
Yes please Joe. Not sure if I'm paranoid, but in my search for an answer, I
found several scanning/security sites that gave me page not
found..............which is what I got when I clicked on the link to d/load.
Is my virus 'that' intelligent??
Thanks :)

JoeH...
Sent as requested. 173 KB


BoyPete...
This thing is determined not to be done away with. Followed instructions to
the letter...........discon internet and network, turned off Sys restore,
booted into safe mode. Unzipped file, but when I click on it to
run..........nowt, nothing zilch. Considering installing Kaspersky, cos I
have a 180 day free trial. Thoughts?? :)

Tickettyboo...
Could have done a dozen reinstalls by now :-)


Frogman...
Have a look at my recent thread "suspected virus?" and see it that's
any help to you


BoyPete...
Thanks Coats. I've visited that link and printed out the instructions.
Unfortunately, w*rk commitments mean it'll prob be the weekend before I have
time to run it. I'll post the result. :)
next