Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs
 
Full Name:
 Look2Me Websearch   Read More
Type: Adware
SG Index: 3 [Explain]
Removal tools: List of products that detect/remove/protect against Look2Me:
  • Control IM and P2P use, block spyware and other malware: RTGuardian
  • Endpoint Spyware Remediation: Greynet Enterprise Manager
  • IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway
    		•
    Category Description: Program that delivers advertisements on your PC.

    Note that many websites have their own advertising, unrelated to adware.

    Adware is any software application in which advertising is displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen and sometimes through text links or in integrated search results. Adware may or may not track personal information. It may also gather information anonymously or in aggregate only. Users should check the EULA and Privacy policy to ensure if the adware on their machines conforms to their standards.
    Official Description: During installation a connection is made to ad-w-a-r-e.com and instructions from java script change the host and remove registry keys. Has potential to do other malicous acts.

    http://www.ad-w-a-r-e.com/cgi-bin/PopupV2?ID={<some clsid here>}&type=normal&mSkip=1&rnd=", 300000, "TRUE");
    sendExternalEvent('EVENT:UPDATECRC:A1EDBE54FAEA39FAAC6DF618503910E7');
    sendExternalEvent('EVENT:REMOVEKEY:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify?HKLM?DllName?0563F1C45F34E7305C57F10DD17B6E8F');
    sendExternalEvent('EVENT:REMOVEKEY:SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects?HKLM');
    sendExternalEvent('EVENT:HOST:127.0.0.1?www.igetnet.com');
    sendExternalEvent('EVENT:HOST:127.0.0.1?code.ignphrases.com');
    pqnelhleyy 266bbf51 4af5f66a
    sendExternalEvent('EVENT:HOST:127.0.0.1?clear-search.com');

    Downloads other unwanted software and displays advertisements.
    Causes the cpu to be at maximum usage which causes the computer to run slow and sometimes freeze up. Displays an advertisement that lists some causes of computer problems and offers a free program to check the computer for errors.
    Comment: Seems to be related to VX2.
    Adds other software, and sometimes creates a second "shortcut bar".
       
    Manual removal: Kill this process:
    no.exe

    Remove these entries from the registry:
    HKEY_CURRENT_USER\software\look2me

    Remove these files:
    systemroot+\system32\msg{1e253d5d-6add-4fe9-829c-f51038158be5}0110.dll
    systemroot+\system32\msg{1e253d5d-6add-4fe9-829c-f51038158be5}0111.dll
    systemroot+\system32\msg{46b08877-2be4-4f35-8e77-034c2142321c}0115.dll
    systemroot+\system32\msg{5bef546a-e3c1-489c-996a-c9688d985ae0}0110.dll
    systemroot+\system32\msg{5bef546a-e3c1-489c-996a-c9688d985ae0}0111.dll
    systemroot+\system32\msg{63de1ad9-f0c6-4dac-886a-5a9707b0d23c}0110.dll
    systemroot+\system32\msg{63de1ad9-f0c6-4dac-886a-5a9707b0d23c}0111.dll
    systemroot+\system32\msg{93396c3f-aea3-4ac0-bb55-81f0f0414a24}0113.dll
    systemroot+\system32\msg{9d4f5b7c-2a4b-46c5-99a7-4c775b688d45}0110.dll
    systemroot+\system32\msg{9d4f5b7c-2a4b-46c5-99a7-4c775b688d45}0111.dll
    systemroot+\system32\msg{aac5700f-954a-47b7-9746-871ae8e634e4}0115.dll
    systemroot+\system32\msg{b9a9ac6a-2cc9-4a24-a250-bea974703ff8}0110.dll
    systemroot+\system32\msg{b9a9ac6a-2cc9-4a24-a250-bea974703ff8}0111.dll
    systemroot+\system32\msg{d331b768-d6da-41e8-a7b6-78ed724126c0}0115.dll
    systemroot+\system32\msg{e01b47a7-a499-4fee-83c2-b0684ca28e6b}0115.dll
    systemroot+\system32\msg{e8d8ffef-30a4-4df1-a618-e0599a0d0a15}0110.dll
    systemroot+\system32\msg{e8d8ffef-30a4-4df1-a618-e0599a0d0a15}0111.dllno.exe
    Properties:
  •  Adds other software
  •  Autostarts/Stays Resident
  •  Shows Advertisements
    		•

    Click here to leave feedback for this product
    Help with the BUST!
    Become A Spyspotter!
    Bust the Bad Guys!
    Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
    Recent Blog Posts
  • The Facebook (Dis)Honesty Box
  • Fake Kaskersky Keygen Leads To Infections
  • Someone Doesn't Like Me...
  • Service With A Swipe - When Support Gets Phished
  • Phishing For Dummies
  • Hacking: Now A Porn Marketing Tool
  • Vkontakte Targeted By SMS Scammers
  • Google Wave "Invite Generator" Programs - Avoid!
  • Hello, Is It Jihad You're Looking For?
  • PS3 Owners Targeted By "Virus Free" Scam
    • Recent Modifications
    2009-11-6  OnlineRegistryScan.org
    2009-11-6  PaintBrush
    2009-11-6  Pic Hunter
    2009-11-4  Gumblar
    2009-11-4  Adware.Verticity
    2009-11-4  AntiArp
    2009-11-4  AntiVirGear
    2009-11-4  Armitage
    2009-11-4  AutoBot
    2009-11-4  AutoCon
     

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.