May 18th, 2004, 12:50 PM
Fun with Look2Me
I just got done with spyware look2me. It was an interesting challenge. I know now how to remove the variant that infected my daughters PC, but how do you block it? I have norton firewall, symantec antivirus, spybot S&D.
May 18th, 2004, 02:09 PM
Not sure about that particular specimen but I just thought I'd mention that SpyBot S&D is now at version 1.3. You should get this version, as older ones don't seem to update, and the warning just says "no new updates"
The new version will prompt you to run "immunisation" do that and you will block quite a few nasties.
Also get Spyware Blaster and Spyware Guard and AdAware 6.0
ScripTrap and RegistryProt are other useful tools IMHO
Basically keep everything up to date and scan regularly.
I don't know what she uses for a mail client, but make sure that "preview" is turned off.
You might consider using a web browser other than IE, as they are somehat less exploited at the moment.
May 18th, 2004, 03:37 PM
This looks like something you might want to talk to Symantec about, as according to this, they do catch it. It may be a configuration issue with your antivirus.
May 18th, 2004, 03:47 PM
Yes, I checked and symantec says it should catch look2me, however it does not. I need to send them the info-- I beleive it is a variant. Thanks for the info.
May 18th, 2004, 04:22 PM
yes.. there are many variants of this malware.. it's not such an easy thing to get rid of.
There are also other names for this.. zestyfind, spotresults, VX2.BetterInternet or VX2/Transponder.
I did a bit of a write up about it and tips for removal in this thread.
As for preventon.. nihil pretty much covered it. registryprot, ScripTrap, scriptsentry are all good blocking/warning tools.. also there's IEspyad to add known "ugly" sites to your IE restricted zone.
As you'll see in the other thread, if you have an NT based OS, you will have an easier time removing this malware as there's a nice tool called VX2Finder which will only run on an NT based OS.
good luck.. have fun.. keep us updated on what you find/did.
May 18th, 2004, 07:52 PM
Thanks, I used VX2finder to find the files, but it would not remove amparse.dll, and would re-infect. I had to reboot using winternals ERD and remove it. I will check out the above mentioned blocking/warning Tools.
May 18th, 2004, 08:40 PM
you fixed it ? great..