Messenger Plus Bundling Lop.com

March 8, 2008 – 2:29 PM

“Many of you may have heard of a program called Patchou’s “Messenger Plus”. I used it myself once, before I discovered Trillian. Similar to the many front end programs for Internet Explorer (Avant browser, MyIE2, etc), Messenger Plus adds a user interface to Microsoft’s MSN Messenger that contains extra features.

Patchou has brought in C2Media as a sponsor and is now bundling their lop.com software into Messenger Plus. For those of you who have never heard of it, lop.com software is classified as a trojan by antivirus vendors and as a browser hijacker by antispyware vendors. You can find plenty of information about it by doing a Google search for lop.com. Just be warned – some of the language used by lop victims will melt your monitor.

No single parasite has caused as many support threads at our message boards as lop.com (although Xupiter comes close). Ad-aware, Spybot, and all other spyware removal programs target several older variants of lop.com. It now comes in a version that is nearly impossible to detect automatically. It uses randomly named files, randomly generated CLSID identifiers, and uses activex installation methods that let them update all of their installers at once.

Before this change, the number of lop.com complaints actually had gone down because it was so easy to remove and could even be blocked beforehand. Since C2Media introduced these new versions that mutate randomly, the number of infections has become larger than ever. The only sure way to be rid of it is to ask for help at the SWI support forums.

Patchou, the developer of Messenger Plus, has issued a statement regarding the complaints he’s been receiving due to his new “sponsor”. To all of the people who are saying that they won’t use his program because of lop.com, he has this to say, “I don’t want to be rude but if you boycot version 2.10.36, you’re an idiot.”


Rude? Well gee, what could possibly be “rude” about being called an “idiot” for refusing to install software that sets off trojan alarms in antivirus programs?

Whether it makes you an idiot or not, I strongly recommend that everyone stay as far away from Patchou’s Messenger Plus as possible. If you have installed it already and now have lop.com’s software all over your system, uninstalling Messenger Plus supposedly will also remove lop. If that doesn’t work, then please read this FAQ and follow the instructions. We are very experienced at removing this thing and can easily walk you through it.”

…From the Spyware Weekly Newsletter

W32.Sobig.F@mm Removal Tool

March 8, 2008 – 2:28 PM

Symantec Security Response has developed a removal tool to clean the W32.Sobig.F@mm infections. The W32.Sobig.F@mm Removal Tool does the following: Terminates the W32.Sobig.F@mm viral processes. Deletes the W32.Sobig.F@mm files. Deletes the dropped files. Deletes the registry values that the worm added.

http://www.symantec.com/avcenter/venc/data/[email protected]

W32.Blaster.Worm Removal Tool

March 8, 2008 – 2:27 PM

W32.Blaster.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. This worm attempts to download and run the Msblast.exe file.

http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

W32.Blaster.Worm Removal Tool

HijackThis

March 8, 2008 – 2:26 PM

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. It’s up to you to decide what should be removed. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins. This Page will help you work with the Experts to clean up your system. For those of you needing instructions on how to Copy and Paste the contents of a text file into a Forum Post, please look at the Table of Contents. A link to the instructions is included.

http://www.tomcoyote.org/hjt/

What the DLL is That?

March 8, 2008 – 2:25 PM

When a DLL is identified as the culprit of a system crash, the less troubleshooting-familiar users may have problems determining just what application or driver may be at fault. Google is a great way to find out all sorts of information about errors, but Microsoft has a great resource to help in this situation as well. The online DLL Help Database not only lets you see which Microsoft apps are tied to a particular DLL, but also which versions are associated with particular applications for those times when a DLL version conflict may be a factor. http://support.microsoft.com/default.aspx?scid=/servicedesks/fileversion/dllinfo.asp