Home > Computer > Internet Explorer browser auto popup ads “/normal/yyy65.html”
Donation Goal
Donate Now Goal amount for this year: 799 USD, Received: 100 USD (13%)
Please donate to help support this website. The funds will be used to purchase owned license of LiteSpeed Web Server Enterprise (2-CPU). It provides superior performance in terms of raw speed, scalability and anti-DDoS capabilities.

Internet Explorer browser auto popup ads “/normal/yyy65.html”

Posted By Raymond In Category: Computer

Jan
27
2006

One of my friend’s computer has been is running very slowly and has lots of advertisements popping up every minute.

I downloaded Lavasoft’s Ad-Aware and Spybot’s Search & Destroy.
Install it, and updated the spyware database definition.
I used Lavasoft’s Ad-Aware to scan first and it did found 100+ files and registry of spyware files. Cleaned them.
Then I used Spybot’s Search & Destroy to scan and it also found a few spywares. Destroyed the spywares.
After scanning, I rebooted the computer and those spywares are still around.
Again, I scanned with Ad-Aware and then Search & Destroy. Still some spyware files lingering around.

I rebooted the computer for the second time and the system is running pretty fast and don’t see any spywares around.
After a while, Internet Explorer started to automatic popup a random websites every minute or so.

All the popups web address ends with “/normal/yyy65.html”.
Below are some example websites that automatic popup every minute.

  • www.onlineshopp-ing.com/normal/yyy65.html
  • www.searc-h.com/normal/yyy65.html
  • www.super-stock.com/normal/XBCYINT.html
  • www.ecommerc-e.com/normal/yyy65.html
  • www.dealiotoday.com/normal/yyy65.html
  • www.blow-outsales.com/normal/yyy65.html
  • www.mediapurchases.com/normal/yyy65.html
  • www.intern-etadvertising.com/normal/yyy65.html
  • www.buyer-shabit.com/normal/yyy65.html
  • www.virtual-free.com/normal/yyy65.html
  • www.super-stock.com/normal/XBCYUS.html
  • www.deal-mobile.com/normal/yyy65.html
  • www.searc-h.com/normal/XBDYUS.html
  • www.searc-h.com/normal/yyy65.html
  • www.great-coupon.com/normal/yyy65.html
  • www.free-savings.com/normal/XBDYUS.html
  • www.discount-home.com/normal/XBDYUS.html

    • I did a little research and found out that Look2Me Trojan (also known as VX2.Look2Me) is still not being removed from the computer.
    Look2me is a Trojan that is used to deliver other trojans and adware/spyware components. On each boot, the Trojan contacts a server at Rackspace.com. It then downloads potentially hundreds of other spyware components AND applications (that it installs automatically). Eventually the victims computer becomes unstable. Even though look2me is a well documented Malware trojan the latest versions of NAV and Adware did not detect it. Only PestPatrol was able to detect some versions of it however it was unable to remove it as the look2me Trojan was interfering with Pestpatrol’s boot time clean up operations.

    This application is also a spyware. Spyware software generally does not provide any services to you; rather, it is primarily designed to watch you as you use your computer or surf the Internet, and report this information to hackers, advertising companies or other individuals who have placed the spyware on your computer.

    The new variant of VX2 we are going to kill has been issued sometime in the last November 2005. This new variant may employ rootkit-style cloaking or “stealth” techniques to hide itself; several people have reported that Ad-Aware indicates their system is infected with VX2, but can’t locate the files, or that Ad-Aware locates the files but they cannot see the files Ad-Aware is reporting using Windows Explorer. The malware uses rootkit-style cloaking to conceal itself.

    In addition to spreading through browser exploits and other security exploits, VX2 is more and more often being spread along with other files on peer to peer file sharing networks. People downloading files from P2P networks may be infecting themselves with VX2 as well.

    Luckily I found two types of automatic cleaner to clean Look2Me trojan and you can use EITHER one to scan and clean the trojan.
    1. Look2Me Remover v1.1.0
    Look2Me Remover v1.1.0

    2. L2MFix
    After download, run to extract the files and run l2mfix.bat from the l2mfix folder.
    L2MFix

    Hope this article helped you cleaned up the nasty Look2Me trojan ;)


    Related posts:
  • Maximize New Internet Explorer Windows
    • http://my.opera.com/javaman john

      Thank you. I’ve been looking for info about how to remove this problem. I didn’t know what it was called until I found your blog.

    • http://www.brandonspcx.com Brandon G

      Thanks Bro!

    • Peter Q

      Thanks for download of the removal tool. I used the Look2Me Remover app. It found what I couldnt find – the registry elements. Would you be surprised to know that all of those sites you list come out of the same place: Administrative Contact:
      Private, Registration
      Domains by Proxy, Inc.
      DomainsByProxy.com
      15111 N. Hayden Rd., Ste 160, PMB 353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599
      their email for abuse is abuse@secureserver.net . Give them an earfull. I did. Called em. I may sue for the time it took. Thanks again!

    • http://raymond.cc Raymond

      Yeah, I won’t be surprised if all the sites owned by the same person.

      Should sue these people! They create so much problems on end users computer… and even worse, on enterprise networks.

    • Jimmy

      Thank you, Raymond. You are a gentleman and a scholar. My computer is now better.

    • http://raymond.cc Raymond

      Thanks Jimmy.
      I believe I will gain more knowledge when I share them ;)

    • Terri

      Thanks,

      L2MRemover from http://www.simplytech.it did the job, as of Feb. 10, 2006. It might be a good idea to link to their website rather than to their tool in case they update it….

      Terri

    • Doug

      I’ve been trying everything to get that list of popups above to stop popping up. I ran the Look2Me Remover and it finally zapped them, WooHoo!!!

      Thanks a million Ray, udaman.

    • http://www.purge.com Daniel

      Thanks Ray, good work!

    • http://www.purge.com Daniel (again)

      Do you have an error message-box that says you need the Msinet.ocx or Comctl32.ocx?

      You can download the DLLs.zip from “http://www.simplytech.it/ETRemover/DLLs.zip” and register the 2 ocx it via Regsvr32 (by following the instructions in the file ReadMe.txt), or you can download the Look2Me Remover Setup Kit from “http://www.simplytech.it/L2MRemover/setup.zip” which worked for me.

      Ciao

    • Danni

      Thank you SO MUCH! This virus is a NIGHTMARE, I’ve spent my entire day downloading antivirus programmes, trying to get rid of it! Oh well, at least now my computer is running so fast that it takes no time to do anything now…:)

    • Philippe Berthet

      I’ve Spend hours to get rid of this damned malware, downloading and trying tons of differents things before founding your blog…
      It’s so great to be free of this shit again!!!
      Thanks for this page Ray, Well done!

    • Joe Maximum

      Look2Me Remover just work like a charm !!!
      Thanks for the info.

    • Sergio Pimentel (Brazil)

      Look2Me Remover is amazing.
      I’ve gotten troubles with Trojans for days.
      At now, my computer is fast and clean!
      Thank you, Raymond!

    • Micheline

      i would say thank you , i resolve my problem for LOOK2 ME . i searh about that since 1 week .

      thank thank thank

      from quebec(french women) canada

      sorry about my english , it s not very good

    • Jacky

      Thank you so much for the tool! I gave up after trying several anti spyware months ago. Since this L2M is so annoying, I’ve found a workaround, which is to create another WinXP login name and logon to the new user everytime rebooting the PC. That way..all these L2M ads will pop up on that user profile, while I can work on another user profile without interruption.

      Have a nice day!

    • Shaun

      Dear Sir,
      Thanks for the advice on look2me, its been driving us mad!
      You deserve a knighthood.
      Thanks again.
      Shaun

    • Chris

      Thanks Raymond, i was getting crazy with those popups.
      Thanks a lot man.

    • tare

      l2mfix has earesed my acount, which is administrator, and put his password instead! so now i can’t log on to my acount! help! the name of a new acount is l2mfix and need the password which i don’t know! os :xp pro
      help!

    • tare(again)

      i solved the problem with acount, the web pages are no longer loading-trojan has gone…
      thanks!

    • Manish

      Hey Man !!!!

      THanks a lot. I suffered alot because of this bug. I was looking for solutions for 3 days. But nothing worked. But the tools you syggested cleaned my machine.

      THanks a ton :)

    • Rohit

      hey man. thank you so much. the first site got rid of the damn virus. thanks you so so much, this virus was driving me crazy. thanks

    • David

      Thanks so much! The first application didn’t work for me, unfortunately, but the second one did the trick. Those popups were irritating as hell.

    • jersey boy

      wow. I think it worked! After couple of days of working on it. Finally! thanks a lot bro! appreciated.

    • http://www.execuzone.com Guillermo

      Thank youuuuuuuuuuuu from Argentina. L2MFix did the job (Look2Me Remover locked up or I had no patience to wait !) Anyway my 10 day nightmare ended !! Thank u again !!!!!!!!!. Guillermo

    • di

      After downloading both the programs, both give me the same error of – software does not work in Win 9X / 2000 – pls help wat do i do

    • Karlo Finkers

      It worked! thanks a lot from Holland. I copied the websites that poped up and came on this site. Thanx very much!

    • pokaplaya

      thanks a fucking TON…shit you helped me out!!

    • http://na Chad Magers

      Dude!! I have been using Hijackthis, xoftspy, microsoft beta, etc.. to try and get rid of those damn pop-ups and nothing worked til I came here. thanks alot.

    • Sylvain

      Thank’s, Look2Me Remover v1.1.0 work’s fine for me. I spend hour to solve the problem and it was so simple with that software.

    • steven park

      Cheers pal, my old man kept avin ago at me for all these pop ups thanks to the remover I am now in the clear. Tip to anyone don’t use Kazaa caus that was the reason.

    • steven park

      Cheers pal, my old man kept avin ago at me for all these pop ups thanks to the remover I am now in the clear.Tip to anyone don’t use Kazaa caus that was the reason.

    • Pingback: Remove HotBar - Adware Spyware Removal Instructions » Raymond.CC Blog

    • FERNANDO

      THANK YOU!!!!!!
      GRACIAS!!!!!!!!!!!!!

      FINALLY REMOVED THE ^&%^&%^$$#$@# ADWARE LOOK2ME

      FERNANDO

    • http://www.apartments.waw.pl hotels in warsaw

      One of my friend’s computer has been is running very slowly and has lots of advertisements popping up every minute.
      I do not agree.For more info go to System.String[]

    • richard

      i have down loaded lm2remover but the virus harrenmedia popups keep coming the program says that there is no virus
      what can i do help???

    • Bjorn

      yeah richard i have the same problem Look2Me didnt find anything and L2M froze up while running.

      what the f*ck can we do about this ?

    Copyright © 2005-2012 - Raymond.CC Blog