Endpoint Protection

 View Only

  • 1.  Can't get rid of adware.lop..

    Posted Jan 04, 2011 03:10 PM

    Our office runs Symantec AntiVirus 10.1.0.394 on Windows 2003 SBS that pushes out to Windows XP pro machines. Viruse definitions were last updated (at time of this message) on 12/31/2010 rev. 2.

    One of our users had a pop up yesterday (Monday) from Quick Scan that reported "Adware.lop" and the file "winlogon.exe". We haven't been in the office since Thursday. It could not quarrantine the file nor delete it.

    I searched through Google and ended up at a Symantec website that shows instructions for manually removing it, here:

    http://www.symantec.com/security_response/writeup.jsp?docid=2003-092919-5421-99&tabid=3

    The instructions were to reboot into safe mode, run a full scan, whatever was found have it deleted. When I reboot normally I might get some error messages, because that file was deleted. I'm supposed to say OK to the errors, then I needed to go into the registry and remove some stuff pertaining to that.

    The file was deleted, but upon reboot I got another message from Quick Scan for the same thing.

    If that page is correct (and I do have adware.lop as Symantec tells me) then I think one is wrong.. because none of the stuff on that page is even found. That page says to go to the application data folder and find some randomly named .dll file. Nothing suspicious looking there.

    That page says to search the registry, and when I do I find 2 instances of winlogon.exe, but isn't that also a legit file from Windows, or should I get rid of those?

    I can run other software if needed as we all have admin rights, so I can run HiJack this or something.



  • 2.  RE: Can't get rid of adware.lop..

    Posted Jan 04, 2011 03:22 PM

    its detected by symantec , so just run full scan in safe mode with latest   virus definition.

    start - run - type luall.exe to get the latest definitions.

    You can try running malwarebytes, I'm sure symantec would remove allthe traces related to this virus by full scan in safe mode.



  • 3.  RE: Can't get rid of adware.lop..

    Posted Jan 04, 2011 03:45 PM

    You might consider giving the Power Eraser Tool from Symantec a try if you are having issues removing the threat..

     

    http://security.symantec.com/nbrt/npe.asp?lcid=1033&origin=default

    PE Video - https://www-secure.symantec.com/connect/videos/power-eraser-overview



  • 4.  RE: Can't get rid of adware.lop..

    Posted Jan 05, 2011 06:27 AM

    Power eraser sometimes detect system files as risk, hence before cleaning anything with Power eraser make sure whether its a genuine file



  • 5.  RE: Can't get rid of adware.lop..

    Posted Jan 05, 2011 08:45 AM

    In the original post I had stated I already tried Safe Mode. After rebooting normally the problem came right back.

    If I use Power Erasr could winlogon.exe be a valid Win XP program?



  • 6.  RE: Can't get rid of adware.lop..

    Posted Jan 05, 2011 12:45 PM

    winlogon.exe could be a valid file too.

     

    I suggest you submit that file to security response and then have it checked with them.

     

    Link :https://submit.symantec.com.

    to find out your entitlement and technical contact ID while submitting the suspicious files, you might consider contacting Technical support who can assist you



  • 7.  RE: Can't get rid of adware.lop..

    Posted Jan 06, 2011 08:57 AM

    What if I try to replace winlogon.exe from another machine to his?

    Anyway, I've contacted Symantec as suggested. Turns out we don't have a support contract with them since 2007.. we just get virus definition updates. They did try and contact me, but it was after office hours. I'll see what they say.



  • 8.  RE: Can't get rid of adware.lop..

    Posted Jan 06, 2011 08:59 AM

    check the winlogon entry on a working clean machine, if there is a conflict u can remove the other one,,