Malware

• Home page search settings pointing to coolwebsearch
• Hosts file hijacked or deleted Encoded
• Odd looking URLs
• Programs set to run on every boot
• coolwebsearch.com added to IE's Trusted Sites list
• Impersonating msn.com
• Masquerading  as a device driver
• Direct attacks on your antivirus, firewall, hijack preventative and trojan removal software
• Closing running processes and generating fake Windows errors to cause confusion
• Overwriting various files belonging to security software, and much more

The Lop Toolbar hijacks your home page and deliberately redirects you to advertisers associated with lop.com. It also tracks every website that you visit and reports your surfing activity to Lop Inc, as well as stuffing your favourites list full of spam links and hijacking your default search settings. The information gathered by the Lop Toolbar is used to target you with adverting. The Lop Toolbar is particularly nefarious because it updates itself without your permission and also renames itself to avoid detection by software designed to remove it.

Removing the Lop Toolbar is not going to be easy. It may well cost you a significant time and cash investment so you should consider if it's worth backing up your important data and doing a clean install of Windows XP.

AdAware and SpyBot Search & Destroy are likely to find a large proportion of a Lop infestation, but they have been known to miss some files if the Lop Toolbar has updated and renamed itself recently. There are any number of known Lop variants that change your home page to one of these, plus possible others:

aavc.com acjp.com ebav.com ebaw.com ebch.com
ebdv.com ebdw.com ebgo.com ebjp.com ebkb.com
ebkn.com ebky.com eblv.com ebmu.com ebvr.com
ecmh.com ecmp.com ecwz.com ecyb.com edhq.com
edty.com eduy.com eeev.com ibmx.com icwb.com
icwo.com icwp.com iddh.com idhh.com ifiz.com
iguu.com samz.com saoe.com sbee.com sbjr.com
sbnl.com sbnt.com sbvr.com scbm.com sckr.com
scrk.com sdry.com seld.com sfux.com sipo.com
smds.com srox.com srsf.com ssaw.com ssby.com
surj.com tbvg.com tdak.com tdko.com tdmy.com
tefs.com tfil.com thko.com tjar.com tjaw.com
tjdo.com tjem.com tjgo.com torc.com wabq.com
wabu.com wbkb.com wfix.com wflu.com farse.com
sheat.com

You should start your attempt to remove the Lop Toolbar by using HijackThis first because it has been reported to catch a large number of Lop changes missed by AdAware and SpyBot Search & Destroy.

If you want to check that Lop has been completely removed, read the article Lop remover and uninstalling guide, which details where Lop puts its files and what registry keys it uses.

Redirectors, rogues and spyware are a class of program and/or plug-in that can and do make dramatic changes to your Internet Explorer, Netscape, Opera, and Mozilla browsers, amongst others. They redirect the default search engine page, attach themselves to toolbars, alter your home page, as well as put shortcuts to websites on your desktop and into your favourites folder. They can cause your browser to lock and die, and they can, and do, track the types of pages that you visit then target your browser with ads that match your browsing habits.

You may also be wondering how the dreadful beast that now plagues you managed to parasite itself onto your system. A lot of people will tell you it's because you downloaded porn or warez, but more than likely you didn't deliberately download anything at all to get caught. Redirectors, rogues and spyware can easily be installed by ActiveX from many websites, often through seemingly innocuous pop-up advertisements. Unscrupulous websites create a mass of confusion on your screen by generating pop-up loops that open endlessly and then use the confusion to trick you into downloading the parasite. Unfortunately these tricks have also been employed by mainstream advertising networks. So, there is no real way of knowing where you actually got it from, but if you recently had a firestorm of pop up windows then that's the likely source.

If you have a problem with any of the symptoms described here, you might try the removal tools listed above.

Visit this link for specific issues with the invidious rogue called  Xupiter - there are removal instructions for Xupiter at that link.  Computer Associates have an online PestPatrol scanner. You can buy PestPatrol for around $US30, which may find some more of the remaining files.

Once you have tried removing any vermin from your system, if Internet Explorer hangs as a result of those changes, read this article: How to Reinstall/Repair Internet Explorer and Outlook Express.