当前位置:首页>>软件教程>>病毒安全>>新闻内容
如何除去Lop.com!
作者:icech整理 发布时间:2003-10-5 23:25:03 文章来源:weste.net

很多朋友的浏览器对Lop.com深受其害,注册表、文件都无法将其去掉,正巧在一个德国网站发现这篇文章,大家可以基本上了解为什么会有Lop.com,它为什么会大肆流传的原因。文中还说到了,用Ad-aware和Spybot都可以将Lop.com去掉,至于下载地址

Ad-aware可以在这里下载:http://www.onlinedown.net/adaware.htm
Spybot可以在这里下载:http://security.kolla.de/index.php?lang=en&page=download

直接下载方式
Ad-aware:http://xz.onlinedown.net/down/aawplus6.zip
Spybot:http://studserver.uni-dortmund.de/~su1669/spybotsd12.exe

全文如下:
---------------------------------------------------------------------------------

Lop.com

Last updated Sep. 25, 2002

Lop.com has become one of the most hated names on the internet. All over cyberspace, from message boards to newsgroups to IRC chat rooms I've seen people begging for help in getting rid of this annoying software.

What is lop.com? Lop.com is a web site owned by C2 Media. It is mainly a pay-per-click search portal where other web sites pay for each click-through to their site via lop. This isn't a terrible idea, but rather than create a quality web site to get surfers to their site and clicking those links, they instead created a program which is labeled variously as an mp3 search program, a porn search program, or some other such thing. The installer turns the user's web browser into a device with a seemingly endless supply of links to lop.com.

An early version (installer name download_plugin.exe) installs two files in the user's wallpaper folder, one an html file and the other a shockwave file. The html file contains code to load the shockwave file. The installer sets the html file as the user's wallpaper so that the flash search engine program is sitting on the desktop at every boot. The flash file does little more than open and close a series of collapsible menus containing more lop internet shortucts and a search function which queries - take a guess - lop.com.

A later version (installer name mp3serch.exe) omits this desktop feature as its bugginess reportedly led to its being discontinued. Both versions install a stripped down browser which uses the Internet Explorer web browser engine. This browser automatically launches the following URL:
http://www.mp3search.com.

Not content to leave the user with this browser, the lop installer also makes dramatic changes to Internet Explorer, Mozilla Navigator, and most likely Netscape Navigator. The default search engine pages, toolbar settings, and start page are changed. The lop installer adds scores of internet shortcuts in Internet Explorer's Favorites folder and in Mozilla's Bookmarks.htm file. The download_plugin.exe version does not alter Mozilla Navigator.

These lop installers create a BHO which produces an accessories toolbar in Internet Explorer full of - you guessed it - even more lop.com internet shortcuts. This BHO also takes control of the browser to make it redirect to lop.com if there is some error loading a page. This BHO is named plg_ie0.dll. As with all BHOs, it can be disabled with BHODemon, although I've had two users report that after disabling it, another BHO was automatically generated with the name plg_ie1.dll.

In addition to altering the security nightmare that Internet Explorer has become, the installer also makes changes to Mozilla and presumably Netscape. During testing, I found that Mozilla's prefs.js file (the file that contains user settings) was changed to prefs.bk! and replaced with another with the following setting added.
user_pref("browser.startup.homepage", "www.lop.com");

It also changes bookmarks.html to bookmarks.bk!. The replacement file included all of lop's bookmarks. Bookmarks.html is where Mozilla and Netscape store the user's saved bookmarks. Deleting the altered bookmarks.html and prefs.js, then renaming the two .bk! files to bookmarks.html and prefs.js respectively restores mozilla's settings. Again, the download_plugin.exe version does not alter Mozilla / Netscape Navigator.

The lop installers finishes up by creating a registry entry to load a file named mp3serch.exe (or lopsearch.exe if you have the download_plugin.exe installer) at every boot. This entry will make Windows load the lop executable file on each machine restart.

The effect of all of this is to turn the user's web browser into a device to present them with a seemingly endless supply of lop chosen links to click. The user becomes a visitor to lop.com with nearly every action that they take with their browser, whether it be searching for something, typing in an incorrect URL, or simply by opening a new browser window.

Newer variants of C2Media's software omits the browser and BHO altogether, and instead installs dozens of internet shortcuts and sets the home page to http://unitedstates.rub.to. The installer for this variant may be named mp3.exe or freemp3z.exe. These files may appear on your computer as a result of an activex script which automatically begins to download them when you load pages at certain mp3 and/or pornographic web sites. The files are digitally signed by C2Media, the company which owns the lop.com web site and software.

Another software product that does roughly the same thing as lop.com's software and leads to a web site that is virtually identical to lop.com is the Xupiter toolbar from xupiter.com. Although there is no other evidence that they are related, considering that the software and web sites are nearly twins of eachother, many people speculate that xupiter is also made by C2Media.

Unfortunately for lop.com, their tactics have gained them the attention of Lavasoft, maker of Ad-aware. Starting with version 5.7, Ad-aware started targeting lop.com along with a number of browser hijackers. Spybot S&D also target and remove lop.com software. Ad-aware and Spybot both updated recently to target xupiter.com's software as well. Although we used to provide manual removal instructions for lop.com, we now recommend that you simply use Spybot to remove both lop.com and xupiter.


Related

CounterExploitation - Homepage Hijackers
Google.com - Search results for lop.com
PCWorld - Invasion of the browser snatchers
PCWorld - Stealth ad explosion
SpywareInfo - Browser Hijacking
Spyware Weekly - Xupiter


最新更新
·getPlusPlus_Adobe.exe是什么
·删除v6677.cn网站修改浏览器
·十大Windows7适用的杀毒软件
·如何去掉ESET NOD32在邮件中
·免费获得诺顿NIS 2010注册码
·Cnups.dll是什么文件,怎样删
·au_.exe文件时病毒吗?怎么样
·卡巴斯基自动更新到100%不动
·自己动手打造U盘版杀毒软件
·让你永久免费使用卡巴斯基的
相关信息
画心
愚爱
偏爱
火苗
白狐
画沙
犯错
歌曲
传奇
稻香
小酒窝
狮子座
小情歌
全是爱
棉花糖
海豚音
我相信
甩葱歌
这叫爱
shero
走天涯
琉璃月
Nobody
我爱他
套马杆
爱是你我
最后一次
少女时代
灰色头像
断桥残雪
美了美了
狼的诱惑
我很快乐
星月神话
心痛2009
爱丫爱丫
半城烟沙
旗开得胜
郎的诱惑
爱情买卖
2010等你来
我叫小沈阳
i miss you
姑娘我爱你
我们都一样
其实很寂寞
我爱雨夜花
变心的玫瑰
犀利哥之歌
你是我的眼
你是我的OK绷
贝多芬的悲伤
哥只是个传说
丢了幸福的猪
找个人来爱我
要嫁就嫁灰太狼
如果这就是爱情
我们没有在一起
寂寞在唱什么歌
斯琴高丽的伤心
别在我离开之前离开
不是因为寂寞才想你
爱上你等于爱上了错
在心里从此永远有个你
一个人的寂寞两个人的错