One of my friend’s computer has been is running very slowly and has lots of advertisements popping up every minute.
I downloaded Lavasoft’s Ad-Aware and Spybot’s Search & Destroy.
Install it, and updated the spyware database definition.
I used Lavasoft’s Ad-Aware to scan first and it did found 100+ files and registry of spyware files. Cleaned them.
Then I used Spybot’s Search & Destroy to scan and it also found a few spywares. Destroyed the spywares.
After scanning, I rebooted the computer and those spywares are still around.
Again, I scanned with Ad-Aware and then Search & Destroy. Still some spyware files lingering around.
I rebooted the computer for the second time and the system is running pretty fast and don’t see any spywares around.
After a while, Internet Explorer started to automatic popup a random websites every minute or so.
All the popups web address ends with “/normal/yyy65.html”.
Below are some example websites that automatic popup every minute.
I did a little research and found out that Look2Me Trojan (also known as VX2.Look2Me) is still not being removed from the computer.
Look2me is a Trojan that is used to deliver other trojans and adware/spyware components. On each boot, the Trojan contacts a server at Rackspace.com. It then downloads potentially hundreds of other spyware components AND applications (that it installs automatically). Eventually the victims computer becomes unstable. Even though look2me is a well documented Malware trojan the latest versions of NAV and Adware did not detect it. Only PestPatrol was able to detect some versions of it however it was unable to remove it as the look2me Trojan was interfering with Pestpatrol’s boot time clean up operations.
This application is also a spyware. Spyware software generally does not provide any services to you; rather, it is primarily designed to watch you as you use your computer or surf the Internet, and report this information to hackers, advertising companies or other individuals who have placed the spyware on your computer.
The new variant of VX2 we are going to kill has been issued sometime in the last November 2005. This new variant may employ rootkit-style cloaking or “stealth” techniques to hide itself; several people have reported that Ad-Aware indicates their system is infected with VX2, but can’t locate the files, or that Ad-Aware locates the files but they cannot see the files Ad-Aware is reporting using Windows Explorer. The malware uses rootkit-style cloaking to conceal itself.
In addition to spreading through browser exploits and other security exploits, VX2 is more and more often being spread along with other files on peer to peer file sharing networks. People downloading files from P2P networks may be infecting themselves with VX2 as well.
Luckily I found two types of automatic cleaner to clean Look2Me trojan and you can use EITHER one to scan and clean the trojan.
1. Look2Me Remover v1.1.0
2. L2MFix
After download, run to extract the files and run l2mfix.bat from the l2mfix folder.
Hope this article helped you cleaned up the nasty Look2Me trojan ;)
Related posts:
yeah richard i have the same problem Look2Me didnt find anything and L2M froze up while running.
what the f*ck can we do about this ?
i have down loaded lm2remover but the virus harrenmedia popups keep coming the program says that there is no virus
what can i do help???
One of my friend’s computer has been is running very slowly and has lots of advertisements popping up every minute.
I do not agree.For more info go to System.String[]
THANK YOU!!!!!!
GRACIAS!!!!!!!!!!!!!
FINALLY REMOVED THE ^&%^&%^$$#$@# ADWARE LOOK2ME
FERNANDO
[...] To remove/clean/uninstall Hotbar, fortunately it’s not as nasty as other spywares such as Spy Sheriff or Look2Me. You can either use the manual or automatic way to remove Hotbar from your computer. Remove Hotbar manually 1. Click “Start”, “Settings” and choose “Control Panel”. 2. Choose “Add/Remove Programs”. 3. Find “Web Tools by Hotbar”. 4. Click the “Add/Remove” button at the bottom right of the window. 5. Check both browser and email toolbars 6. Press the “Uninstall” Button. [...]
Cheers pal, my old man kept avin ago at me for all these pop ups thanks to the remover I am now in the clear.Tip to anyone don’t use Kazaa caus that was the reason.
Cheers pal, my old man kept avin ago at me for all these pop ups thanks to the remover I am now in the clear. Tip to anyone don’t use Kazaa caus that was the reason.
Thank’s, Look2Me Remover v1.1.0 work’s fine for me. I spend hour to solve the problem and it was so simple with that software.
Dude!! I have been using Hijackthis, xoftspy, microsoft beta, etc.. to try and get rid of those damn pop-ups and nothing worked til I came here. thanks alot.
thanks a fucking TON…shit you helped me out!!
It worked! thanks a lot from Holland. I copied the websites that poped up and came on this site. Thanx very much!
After downloading both the programs, both give me the same error of – software does not work in Win 9X / 2000 – pls help wat do i do
Thank youuuuuuuuuuuu from Argentina. L2MFix did the job (Look2Me Remover locked up or I had no patience to wait !) Anyway my 10 day nightmare ended !! Thank u again !!!!!!!!!. Guillermo
wow. I think it worked! After couple of days of working on it. Finally! thanks a lot bro! appreciated.
Thanks so much! The first application didn’t work for me, unfortunately, but the second one did the trick. Those popups were irritating as hell.
hey man. thank you so much. the first site got rid of the damn virus. thanks you so so much, this virus was driving me crazy. thanks
Hey Man !!!!
THanks a lot. I suffered alot because of this bug. I was looking for solutions for 3 days. But nothing worked. But the tools you syggested cleaned my machine.
THanks a ton :)
i solved the problem with acount, the web pages are no longer loading-trojan has gone…
thanks!
l2mfix has earesed my acount, which is administrator, and put his password instead! so now i can’t log on to my acount! help! the name of a new acount is l2mfix and need the password which i don’t know! os :xp pro
help!
Thanks Raymond, i was getting crazy with those popups.
Thanks a lot man.
Dear Sir,
Thanks for the advice on look2me, its been driving us mad!
You deserve a knighthood.
Thanks again.
Shaun
Thank you so much for the tool! I gave up after trying several anti spyware months ago. Since this L2M is so annoying, I’ve found a workaround, which is to create another WinXP login name and logon to the new user everytime rebooting the PC. That way..all these L2M ads will pop up on that user profile, while I can work on another user profile without interruption.
Have a nice day!
i would say thank you , i resolve my problem for LOOK2 ME . i searh about that since 1 week .
thank thank thank
from quebec(french women) canada
sorry about my english , it s not very good
Look2Me Remover is amazing.
I’ve gotten troubles with Trojans for days.
At now, my computer is fast and clean!
Thank you, Raymond!
Look2Me Remover just work like a charm !!!
Thanks for the info.
I’ve Spend hours to get rid of this damned malware, downloading and trying tons of differents things before founding your blog…
It’s so great to be free of this shit again!!!
Thanks for this page Ray, Well done!
Thank you SO MUCH! This virus is a NIGHTMARE, I’ve spent my entire day downloading antivirus programmes, trying to get rid of it! Oh well, at least now my computer is running so fast that it takes no time to do anything now…:)
Do you have an error message-box that says you need the Msinet.ocx or Comctl32.ocx?
You can download the DLLs.zip from “simplytech.it/ETRemover/DLLs.zip” and register the 2 ocx it via Regsvr32 (by following the instructions in the file ReadMe.txt), or you can download the Look2Me Remover Setup Kit from “simplytech.it/L2MRemover/setup.zip” which worked for me.
Ciao
Thanks Ray, good work!
I’ve been trying everything to get that list of popups above to stop popping up. I ran the Look2Me Remover and it finally zapped them, WooHoo!!!
Thanks a million Ray, udaman.
Thanks,
L2MRemover from simplytech.it did the job, as of Feb. 10, 2006. It might be a good idea to link to their website rather than to their tool in case they update it….
Terri
Thanks Jimmy.
I believe I will gain more knowledge when I share them ;)
Thank you, Raymond. You are a gentleman and a scholar. My computer is now better.
Yeah, I won’t be surprised if all the sites owned by the same person.
Should sue these people! They create so much problems on end users computer… and even worse, on enterprise networks.
Thanks for download of the removal tool. I used the Look2Me Remover app. It found what I couldnt find – the registry elements. Would you be surprised to know that all of those sites you list come out of the same place: Administrative Contact:
Private, Registration
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599
their email for abuse is abuse@secureserver.net . Give them an earfull. I did. Called em. I may sue for the time it took. Thanks again!
Thanks Bro!
Thank you. I’ve been looking for info about how to remove this problem. I didn’t know what it was called until I found your blog.