One of my friend’s computer has been is running very slowly and has lots of advertisements popping up every minute.

I downloaded Lavasoft’s Ad-Aware and Spybot’s Search & Destroy.
Install it, and updated the spyware database definition.
I used Lavasoft’s Ad-Aware to scan first and it did found 100+ files and registry of spyware files. Cleaned them.
Then I used Spybot’s Search & Destroy to scan and it also found a few spywares. Destroyed the spywares.
After scanning, I rebooted the computer and those spywares are still around.
Again, I scanned with Ad-Aware and then Search & Destroy. Still some spyware files lingering around.

I rebooted the computer for the second time and the system is running pretty fast and don’t see any spywares around.
After a while, Internet Explorer started to automatic popup a random websites every minute or so.

All the popups web address ends with “/normal/yyy65.html”.
Below are some example websites that automatic popup every minute.

  • www.onlineshopp-ing.com/normal/yyy65.html
  • www.searc-h.com/normal/yyy65.html
  • www.super-stock.com/normal/XBCYINT.html
  • www.ecommerc-e.com/normal/yyy65.html
  • www.dealiotoday.com/normal/yyy65.html
  • www.blow-outsales.com/normal/yyy65.html
  • www.mediapurchases.com/normal/yyy65.html
  • www.intern-etadvertising.com/normal/yyy65.html
  • www.buyer-shabit.com/normal/yyy65.html
  • www.virtual-free.com/normal/yyy65.html
  • www.super-stock.com/normal/XBCYUS.html
  • www.deal-mobile.com/normal/yyy65.html
  • www.searc-h.com/normal/XBDYUS.html
  • www.searc-h.com/normal/yyy65.html
  • www.great-coupon.com/normal/yyy65.html
  • www.free-savings.com/normal/XBDYUS.html
  • www.discount-home.com/normal/XBDYUS.html
  • I did a little research and found out that Look2Me Trojan (also known as VX2.Look2Me) is still not being removed from the computer.
    Look2me is a Trojan that is used to deliver other trojans and adware/spyware components. On each boot, the Trojan contacts a server at Rackspace.com. It then downloads potentially hundreds of other spyware components AND applications (that it installs automatically). Eventually the victims computer becomes unstable. Even though look2me is a well documented Malware trojan the latest versions of NAV and Adware did not detect it. Only PestPatrol was able to detect some versions of it however it was unable to remove it as the look2me Trojan was interfering with Pestpatrol’s boot time clean up operations.

    This application is also a spyware. Spyware software generally does not provide any services to you; rather, it is primarily designed to watch you as you use your computer or surf the Internet, and report this information to hackers, advertising companies or other individuals who have placed the spyware on your computer.

    The new variant of VX2 we are going to kill has been issued sometime in the last November 2005. This new variant may employ rootkit-style cloaking or “stealth” techniques to hide itself; several people have reported that Ad-Aware indicates their system is infected with VX2, but can’t locate the files, or that Ad-Aware locates the files but they cannot see the files Ad-Aware is reporting using Windows Explorer. The malware uses rootkit-style cloaking to conceal itself.

    In addition to spreading through browser exploits and other security exploits, VX2 is more and more often being spread along with other files on peer to peer file sharing networks. People downloading files from P2P networks may be infecting themselves with VX2 as well.

    Luckily I found two types of automatic cleaner to clean Look2Me trojan and you can use EITHER one to scan and clean the trojan.
    1. Look2Me Remover v1.1.0
    Look2Me Remover v1.1.0

    2. L2MFix
    After download, run to extract the files and run l2mfix.bat from the l2mfix folder.
    L2MFix

    Hope this article helped you cleaned up the nasty Look2Me trojan ;)


    Related posts:
  • Maximize New Internet Explorer Windows