Fun with Look2Me
Results 1 to 7 of 7

Thread: Fun with Look2Me

  1. #1
    Junior Member
    Join Date
    Jan 2003
    Posts
    3

    Question Fun with Look2Me

    I just got done with spyware look2me. It was an interesting challenge. I know now how to remove the variant that infected my daughters PC, but how do you block it? I have norton firewall, symantec antivirus, spybot S&D.
    doc9189

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Not sure about that particular specimen but I just thought I'd mention that SpyBot S&D is now at version 1.3. You should get this version, as older ones don't seem to update, and the warning just says "no new updates"

    The new version will prompt you to run "immunisation" do that and you will block quite a few nasties.

    Also get Spyware Blaster and Spyware Guard and AdAware 6.0

    ScripTrap and RegistryProt are other useful tools IMHO


    Basically keep everything up to date and scan regularly.

    I don't know what she uses for a mail client, but make sure that "preview" is turned off.

    You might consider using a web browser other than IE, as they are somehat less exploited at the moment.

    Good luck

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    This looks like something you might want to talk to Symantec about, as according to this, they do catch it. It may be a configuration issue with your antivirus.

    Cheers:
    DjM

  4. #4
    Junior Member
    Join Date
    Jan 2003
    Posts
    3

    Angry re:look2me

    Yes, I checked and symantec says it should catch look2me, however it does not. I need to send them the info-- I beleive it is a variant. Thanks for the info.

    doc9189

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    yes.. there are many variants of this malware.. it's not such an easy thing to get rid of.

    There are also other names for this.. zestyfind, spotresults, VX2.BetterInternet or VX2/Transponder.

    I did a bit of a write up about it and tips for removal in this thread.

    As for preventon.. nihil pretty much covered it. registryprot, ScripTrap, scriptsentry are all good blocking/warning tools.. also there's IEspyad to add known "ugly" sites to your IE restricted zone.

    As you'll see in the other thread, if you have an NT based OS, you will have an easier time removing this malware as there's a nice tool called VX2Finder which will only run on an NT based OS.

    good luck.. have fun.. keep us updated on what you find/did.

  6. #6
    Junior Member
    Join Date
    Jan 2003
    Posts
    3
    Thanks, I used VX2finder to find the files, but it would not remove amparse.dll, and would re-infect. I had to reboot using winternals ERD and remove it. I will check out the above mentioned blocking/warning Tools.

    Thanks Again
    doc9189

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    1,210
    you fixed it ? great..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •