When I run a netstat -o, two  connections are open to two parasitic search (lop.com) 
websites:
Proto  Local Address          Foreign Address        State           PID
TCP    ankara:1075            207.46.144.86:http     CLOSE_WAIT      740
TCP    ankara:1080            www4.maxexp.com:http   CLOSE_WAIT      740
TCP    ankara:1082            www4.maxexp.com:http   CLOSE_WAIT      740
TCP    ankara:1099            wfix.com:http          

When I run task tasklist /svc,  to see which process those connections belong too, 
it belongs to svchost.exe which is generic because it hosts many applications - which 
is why I can't just kill it:
svchost.exe                  740 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
                                 dmserver, ERSvc, EventSystem, helpsvc,
                                 lanmanserver, lanmanworkstation, Messenger,
                                 Netman, Nla, RasMan, Schedule, seclogon,
                                 SENS, ShellHWDetection, srservice, TapiSrv,
                                 TrkWks, uploadmgr, W32Time, winmgmt,
                                 WmdmPmSp, wuauserv

I tried to locate the application and it's path that opens these two connections 
to no avail. Can anyone give me any idea how to do this? Or suggest a way to get 
rid of this spyware?

Tip: Run a free scan for common Windows errors ad

re: Win XP: svchost.exe and spyware Friday, December 13, 2002 at 1:10 pm Posted by Chip (161 messages posted) Have you tried AdAware? Type AdAware in to google as the keyword and you should fine a download site. I believe its www.lavasoftusa.com. Be sure to get the latest definition files for spyware. It works great, it's free and ad free. Chip On Friday, December 13, 2002 at 12:21 pm, Newbulus_Maximus wrote: >When I run a netstat -o, two connections are open to two parasitic search (lop.com) >websites: >Proto Local Address Foreign Address State PID >TCP ankara:1075 207.46.144.86:http CLOSE_WAIT 740 >TCP ankara:1080 www4.maxexp.com:http CLOSE_WAIT 740 >TCP ankara:1082 www4.maxexp.com:http CLOSE_WAIT 740 >TCP ankara:1099 wfix.com:http > >When I run task tasklist /svc, to see which process those connections belong too, >it belongs to svchost.exe which is generic because it hosts many applications - which >is why I can't just kill it: >svchost.exe 740 AudioSrv, BITS, Browser, CryptSvc, Dhcp, > dmserver, ERSvc, EventSystem, helpsvc, > lanmanserver, lanmanworkstation, Messenger, > Netman, Nla, RasMan, Schedule, seclogon, > SENS, ShellHWDetection, srservice, TapiSrv, > TrkWks, uploadmgr, W32Time, winmgmt, > WmdmPmSp, wuauserv > >I tried to locate the application and it's path that opens these two connections >to no avail. Can anyone give me any idea how to do this? Or suggest a way to get >rid of this spyware? [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Friday, December 13, 2002 at 2:23 pm Posted by agent smith (4 messages posted) Try spybot. Do a search for it. It's free. You'll be surprized at the things it finds. On Friday, December 13, 2002 at 1:10 pm, Chip wrote: >Have you tried AdAware? Type AdAware in to google as the keyword and you should >fine a download site. I believe its www.lavasoftusa.com. Be sure to get the latest >definition files for spyware. It works great, it's free and ad free. > >Chip > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Friday, December 13, 2002 at 2:32 pm Posted by triplate (4621 messages posted) www.blkviper.com....read carefully.. On Friday, December 13, 2002 at 2:23 pm, agent smith wrote: >Try spybot. Do a search for it. It's free. You'll be surprized at the things it finds. > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Friday, December 13, 2002 at 2:52 pm Posted by Newbulus_Maximus (12 messages posted) Thnx for the reply, but i've already tried adaware, but the prob still exists. Any other suggestions? On Friday, December 13, 2002 at 1:10 pm, Chip wrote: >Have you tried AdAware? Type AdAware in to google as the keyword and you should >fine a download site. I believe its www.lavasoftusa.com. Be sure to get the latest >definition files for spyware. It works great, it's free and ad free. > >Chip > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Friday, December 13, 2002 at 9:30 pm Posted by Tom Swanson (5553 messages posted) Is this a warning about Spybot or just another reminder to study Black Viper (looks like he's getting closer to his radical update) ;+) On Friday, December 13, 2002 at 2:32 pm, triplate wrote: >www.blkviper.com....read carefully.. > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Friday, December 13, 2002 at 10:38 pm Posted by Tom Swanson (5553 messages posted) Spybot removes things that Adaware misses and, according so some posts, is more current. I use both and Spybot is also free. Use Google advance search and enter 'Spybot Search & Destroy' On Friday, December 13, 2002 at 2:52 pm, Newbulus_Maximus wrote: >Thnx for the reply, but i've already tried adaware, but the prob still exists. Any >other suggestions? > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 4:56 am Posted by triplate (20834 messages posted) Well....i dont think its a "spyware " problem....i think hes got services communicating with the net....at least, thats how i read it?...i,ve been known to misread posts tho....imagine that...:) On Friday, December 13, 2002 at 9:30 pm, Tom Swanson wrote: >Is this a warning about Spybot or just another reminder to study Black Viper (looks >like he's getting closer to his radical update) ;+) > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 6:32 am Posted by Newbulus_Maximus (12 messages posted) It looks like it's services communicating to the net, but if you do a whois to those open connections, the websites are owned by C2 media which owns lop.com. When you go to those sites, you'll see that you get lop.com search page. On Saturday, December 14, 2002 at 4:56 am, triplate wrote: >Well....i dont think its a "spyware " problem....i think hes got services communicating >with the net....at least, thats how i read it?...i,ve been known to misread posts >tho....imagine that...:) > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 6:39 am Posted by triplate (4621 messages posted) Ok...i see, then Ad-Aware would be the right direction.....thanks. On Saturday, December 14, 2002 at 6:32 am, Newbulus_Maximus wrote: >It looks like it's services communicating to the net, but if you do a whois to those >open connections, the websites are owned by C2 media which owns lop.com. When you >go to those sites, you'll see that you get lop.com search page. > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 9:28 am Posted by Tom Swanson (5553 messages posted) I tend to concur, the apps he cites are certainly not spyware. Actually, I wondered if you had any questions about Spybot. I use it routinely with no hangup (gotta be careful how much freedom you give it), but if you think there is something I'm missing, I'd like to know. TY ;+) On Saturday, December 14, 2002 at 4:56 am, triplate wrote: >Well....i dont think its a "spyware " problem....i think hes got services communicating >with the net....at least, thats how i read it?...i,ve been known to misread posts >tho....imagine that...:) > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 10:57 am Posted by triplate (4621 messages posted) I,ve been using AdAware so long now, i,ve never given Spybot a try.New version of AAW coming out any day now,btw.[ i guess i,ll try Spybot on the test box and see how aggressive it is........i,ve heard so bad reports. but i cant say myself. On Saturday, December 14, 2002 at 9:28 am, Tom Swanson wrote: >I tend to concur, the apps he cites are certainly not spyware. Actually, I wondered >if you had any questions about Spybot. I use it routinely with no hangup (gotta be >careful how much freedom you give it), but if you think there is something I'm missing, >I'd like to know. TY ;+) > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 12:04 pm Posted by Tom Swanson (5553 messages posted) AdAware keeps batting down things faithfully without slowing down my computer. When I tried Spybot, it found a few things that Adaware seemed to have missed. With the amount of crap that being tossed at us, it would be a miracle if any program caught it all. On Saturday, December 14, 2002 at 10:57 am, triplate wrote: >I,ve been using AdAware so long now, i,ve never given Spybot a try.New version of >AAW coming out any day now,btw.[ i guess i,ll try Spybot on the test box and see >how aggressive it is........i,ve heard so bad reports. but i cant say myself. > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 12:22 pm Posted by triplate (4621 messages posted) Thats what like bout aaw...its fast,lite and if you keep the ref-files up, its very complete......they say the next version,v6, is going to be even better...we,ll see :) On Saturday, December 14, 2002 at 12:04 pm, Tom Swanson wrote: >AdAware keeps batting down things faithfully without slowing down my computer. When >I tried Spybot, it found a few things that Adaware seemed to have missed. With the >amount of crap that being tossed at us, it would be a miracle if any program caught >it all. > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 5:51 pm Posted by Tom Swanson (5553 messages posted) Hope it don't get big, bulky & slow. KYFC ;+) On Saturday, December 14, 2002 at 12:22 pm, triplate wrote: >Thats what like bout aaw...its fast,lite and if you keep the ref-files up, its very >complete......they say the next version,v6, is going to be even better...we,ll see >:) > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 5:58 pm Posted by triplate (4621 messages posted) You mean big and fat like XP....lol.......i doubt it will. On Saturday, December 14, 2002 at 5:51 pm, Tom Swanson wrote: >Hope it don't get big, bulky & slow. KYFC ;+) > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, December 14, 2002 at 7:47 pm Posted by Tom Swanson (5553 messages posted) Thanks,I wanted to say that & refraimed ;+) On Saturday, December 14, 2002 at 5:58 pm, triplate wrote: >You mean big and fat like XP....lol.......i doubt it will. > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Sunday, April 20, 2003 at 4:21 am Posted by Docusk (43 messages posted) I have a big problem with LOP which has twice taken over my browser and generally been a bloody nuisance. I don;t need that sort of rubbish. I've managed to get rid of it with spybot each time but today I opened a URL from an acquaintance and LOPP came back. Got it out wgain with ppybot and tried the URL again and bklow me, back the ruddy LOP came! Who are these pests??? Doc On Friday, December 13, 2002 at 10:38 pm, Tom Swanson wrote: >Spybot removes things that Adaware misses and, according so some posts, is more current. >I use both and Spybot is also free. > >Use Google advance search and enter 'Spybot Search & Destroy' > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, April 26, 2003 at 6:54 am Posted by bob shivers (1 messages posted) hiya! havent tried this yet, but you should be able to go in thru the registry and delete the offender. read here: http://www.jsiinc.com/SUBJ/tip4600/rh4660.htm to get started... also i believe you can just go into your services config (my computer, manage, services) and just disable the service being called by svchost, providing you know the name of the LOP service. that way you just disable the service instead of uninstalling it, thereby potentially tricking the re-installation routine into thinking that it isnt necessary to perform the re-install! if ya cant beat ém, ambush they ass in the alley...it would help to know which OS you have on your box, but since you didnt say i am guessing xp or 2k... On Sunday, April 20, 2003 at 4:21 am, Doc wrote: >I have a big problem with LOP which has twice taken over my browser and generally >been a bloody nuisance. I don;t need that sort of rubbish. >I've managed to get rid of it with spybot each time but today I opened a URL from >an acquaintance and LOPP came back. Got it out wgain with ppybot and tried the URL >again and bklow me, back the ruddy LOP came! >Who are these pests??? >Doc > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Saturday, April 26, 2003 at 11:52 am Posted by Docusk (43 messages posted) Thanks Bob. I have done that and have successfully removed the whole darned lot (allegedly) with spybot. Just every now and then a LOP screen comes up, no bother any more tho' Cheers. On Saturday, April 26, 2003 at 6:54 am, bob shivers wrote: >hiya! >havent tried this yet, but you should be able to go in thru the registry and delete >the offender. read here: http://www.jsiinc.com/SUBJ/tip4600/rh4660.htm to get started... >also i believe you can just go into your services config >(my computer, manage, services) and just disable the service being called by svchost, >providing you know the name of the LOP service. that way you just disable the service >instead of uninstalling it, thereby potentially tricking the re-installation routine >into thinking that it isnt necessary to perform the re-install! if ya cant beat ém, >ambush they ass in the alley...it would help to know which OS you have on your box, >but since you didnt say i am guessing xp or 2k... > > [Reply or follow-up to this message] re: Win XP: svchost.exe and spyware Friday, May 16, 2003 at 3:50 pm Posted by sbc1_techs (1 messages posted) the prgm is "part " of the sys mon software among other things there are ussally four, or five of the shvhost running at any given time , from my expierence i'd leave'um !! things to get rid of : cmesys, gmt, tgcmd ,netropia , **snoop , etc...etc... that may help even more ,craig [Reply or follow-up to this message] Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum