(Updated: 29th Jan. 2006)
update: 29th Jan. 2006 (CRASHES and FREEZINGS fixed!)
Technical Summary of the Look2Me Trojan:
Name: Look2Me Trojan (also known as VX2.Look2Me)
Description : Look2me is a Trojan that is used to deliver other
trojans and adware/spyware components. On each boot,
the Trojan contacts a server at Rackspace.com. It then
downloads potentially hundreds of other spyware components
AND applications (that it installs automatically). Eventually
the victims computer becomes unstable. Even though look2me
is a well documented Malware trojan the latest versions
of NAV and Adware did not detect it. Only PestPatrol
was able to detect some versions of it however it was
unable to remove it as the look2me Trojan was interfering
with Pestpatrol's boot time clean up operations.
This application is also a spyware. Spyware software
generally does not provide any services to you; rather,
it is primarily designed to watch you as you use your
computer or surf the Internet, and report this information
to hackers, advertising companies or other individuals
who have placed the spyware on your computer.
The new variant of VX2 we are going to kill has been
issued sometime in the last November 2005. This new
variant may employ rootkit-style cloaking or "stealth"
techniques to hide itself; several people have reported
that Ad-Aware indicates their system is infected with
VX2, but can't locate the files, or that Ad-Aware locates
the files but they cannot see the files Ad-Aware is
reporting using Windows Explorer. The malware uses rootkit-style
cloaking to conceal itself.
addition to spreading through browser exploits and other
security exploits, VX2 is more and more often being
spread along with other files on peer to peer file sharing
networks. People downloading files from P2P networks
may be infecting themselves with VX2 as well.
At this date (19th November 2005) the "Look2Me
Remover" which we are offering for free
is the only effectively working solution to detect and
clean the Systems which are infected from the latest
versions of this malware.
Summary of the Look2Me Remover v.1.2.0:
The Look2Me Remover (aka L2MRemover)
is very easy to use being very similar to ETRemover
(aka EliteToolbar Remover) which is the SimplyTech.it
generic anti-malware solution.
Look2Me Remover runs in Windows 2000/Windows
XP only and it could be perfectly used in Normal Mode
and needs two imputs by you to work:
- First: press the "Scan" button and let
it searching any occurrences in your System, Memory
and Registry. If it will find a known variant of the
malware it will detect it, make it innocue by injecting
our code in the malware while it is running, then it
will list the Registry keys which load the malware at
each restart of the System.
- The second thing to do is pressing the "Delete
Keys" button to cleaning the Registry from the
keys which cause the infestations to run on the reboot.
If you feel unsure about the remotion of the Registry
keys you can also check the "Save before delete"
box so a backup file *.reg will be saved just in case
you would to rebuild the deleted keys.
Please keep in mind that "Look2Me Remover"
doesn't remove the previous variant of the Look2Me malware,
since we started studying the variant which is out only
from November 2005 we would advise you that this program
works for the versions of the malware that go onward
from that date.
a picture of the program:
The L2MDFN.DAT file is the file which contains the malware
definitions. It is necessary that this file is put in
the same directory where L2MRemover has been installed.
Look2Me Remover Live Update:
Look2Me Remover has automatic live update function:
by using the command "Check for updates..."
in the menu of the program it will search if a new version
is available in our site, and will let you download
it if necessary.
turn off System Restore if it is enabled!
you are running Windows Me or Windows XP, we recommend
that you temporarily turn off System Restore. Windows
Me/XP uses this feature, which is enabled by default,
to restore the files on your computer in case they become
damaged. If a virus, worm, or Trojan infects a computer,
System Restore may back up the virus, worm, or Trojan
on the computer.
To download the version 1.2.0 of the
program click here!
Permanent links are on MajorGeeks.com
Do you have an error message-box that says you need
the Msinet.ocx or Comctl32.ocx?
You can download the DLLs.zip from here
and register the 2 ocx it via Regsvr32 (by following
the instructions in the file ReadMe.txt), or you can
download the Look2Me Remover Setup Kit
from here! (This
last will be easiest ;) )
since it is a freeware the program may be redistributed
support us and to keep some new freeware coming soon
or later, we would appreciate a donation from our users.
Any amount would be greatly appreciated... YES! Also
one single dollar... why not? :)
By clicking the donation link below, you will be able
to make a donation to us using PayPal.
It's fast, easy and secure.
you want to make a donation but you have not a PayPal
account, you can copy my address from the following picture
and send me a donation via mail if you want :)
You for your support!! :-)
any question or problem, or if you want to advise us
of the presence of some new variant of the malware,
you can contact us by writing a mail to firstname.lastname@example.org
or you can put a message in the Look2Me Remover section
of our forum here.
You will have a reply in the shortest time.
[c] 2006 SimplyTech
you need a fast help?
If you need a help and you have ICQ you can contact
us via that way, the picture below shows if we
are online or not.