"Removing spyware from a computer is becoming an increasingly difficult task. Look2Me, a displayer of pop-up advertisements, is a good example of a persistent malware application that just won't go away. It uses some interesting techniques to remain installed.
Look2Me hooks into the winlogon process as a notification package. If the user tries to unregister the notification package, it is immediately reinstated. Look2Me also removes the administrator group's debug privileges and thereby disables the user from interfering. This, along with some other tricks, makes manual removal close to impossible.
The removal of the debug privileges has resulted in some BlackLight support calls for us. And so, even though it doesn't have any rootkit functions, the SeDebugPrivilege error inadvertently turns our BlackLight tool into a Look2Me detector!"
Look2Me adware operates in stealth and displays an excessive amount of pop-up advertisements. Most common are IE pop-up windows, but some pop-ups are tailored by shape and animation. Some of the advertisements push the user to install ErrorGuard or WinFixer. Look2Me requires a special removal tool to disinfect. Look2Me only infects Windows 2000, XP and 2003."
Look2Me adware operates in stealth and displays an excessive amount of pop-up advertisements. Most common are IE pop-up windows, but some pop-ups are tailored by shape and animation. Some of the advertisements push the user to install ErrorGuard or WinFixer. Look2Me requires a special removal tool to disinfect. Look2Me only infects Windows 2000, XP and 2003.
Use 'F-Look2Me to remove Look2Me.
1. Download f-look2me.zip (last updated April 11th, 2006)
2. Unzip f-look2me.zip
3. Run f-look2me.exe
4. Reboot the machine
F-Look2Me loads itself as a service to gain system privileges. The service renames infected files and patches the adware in memory. It also restores Debug Privileges for group Administrators. F-Look2Me requires administrator rights to run.
F-Secure 'Look2Me' Remover»