Last update: 29th Jan. 2006 (CRASHES and FREEZINGS fixed!)

Technical Summary of the Look2Me Trojan:

Name: Look2Me Trojan (also known as VX2.Look2Me)

Company: www.look2me.com

Description : Look2me is a Trojan that is used to deliver other trojans and adware/spyware components. On each boot, the Trojan contacts a server at Rackspace.com. It then downloads potentially hundreds of other spyware components AND applications (that it installs automatically). Eventually the victims computer becomes unstable. Even though look2me is a well documented Malware trojan the latest versions of NAV and Adware did not detect it. Only PestPatrol was able to detect some versions of it however it was unable to remove it as the look2me Trojan was interfering with Pestpatrol's boot time clean up operations.

This application is also a spyware. Spyware software generally does not provide any services to you; rather, it is primarily designed to watch you as you use your computer or surf the Internet, and report this information to hackers, advertising companies or other individuals who have placed the spyware on your computer.

The new variant of VX2 we are going to kill has been issued sometime in the last November 2005. This new variant may employ rootkit-style cloaking or "stealth" techniques to hide itself; several people have reported that Ad-Aware indicates their system is infected with VX2, but can't locate the files, or that Ad-Aware locates the files but they cannot see the files Ad-Aware is reporting using Windows Explorer. The malware uses rootkit-style cloaking to conceal itself.

In addition to spreading through browser exploits and other security exploits, VX2 is more and more often being spread along with other files on peer to peer file sharing networks. People downloading files from P2P networks may be infecting themselves with VX2 as well.

At this date (19th November 2005) the "Look2Me Remover" which we are offering for free is the only effectively working solution to detect and clean the Systems which are infected from the latest versions of this malware.


Summary of the Look2Me Remover v.1.2.0:

The Look2Me Remover (aka L2MRemover) is very easy to use being very similar to ETRemover (aka EliteToolbar Remover) which is the SimplyTech.it generic anti-malware solution.

Look2Me Remover runs in Windows 2000/Windows XP only and it could be perfectly used in Normal Mode and needs two imputs by you to work:

- First: press the "Scan" button and let it searching any occurrences in your System, Memory and Registry. If it will find a known variant of the malware it will detect it, make it innocue by injecting our code in the malware while it is running, then it will list the Registry keys which load the malware at each restart of the System.

- The second thing to do is pressing the "Delete Keys" button to cleaning the Registry from the keys which cause the infestations to run on the reboot.

If you feel unsure about the remotion of the Registry keys you can also check the "Save before delete" box so a backup file *.reg will be saved just in case you would to rebuild the deleted keys.

Please keep in mind that "Look2Me Remover" doesn't remove the previous variant of the Look2Me malware, since we started studying the variant which is out only from November 2005 we would advise you that this program works for the versions of the malware that go onward from that date.

Follows a picture of the program:

Required files :

The L2MDFN.DAT file is the file which contains the malware definitions. It is necessary that this file is put in the same directory where L2MRemover has been installed.


Look2Me Remover Live Update:

Look2Me Remover has automatic live update function: by using the command "Check for updates..." in the menu of the program it will search if a new version is available in our site, and will let you download it if necessary.


Please turn off System Restore if it is enabled!

If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Downloads:

To download the version 1.2.0 of the program click here!

Permanent links are on MajorGeeks.com and Softpedia.com, thanks guys!!

Do you have an error message-box that says you need the Msinet.ocx or Comctl32.ocx?

You can download the DLLs.zip from here and register the 2 ocx it via Regsvr32 (by following the instructions in the file ReadMe.txt), or you can download the Look2Me Remover Setup Kit from here! (This last will be easiest ;) )

Note: since it is a freeware the program may be redistributed everywhere!

To support us and to keep some new freeware coming soon or later, we would appreciate a donation from our users. Any amount would be greatly appreciated... YES! Also one single dollar... why not? :)
By clicking the donation link below, you will be able to make a donation to us using PayPal. It's fast, easy and secure.

If you want to make a donation but you have not a PayPal account, you can copy my address from the following picture and send me a donation via mail if you want :)

For any question or problem, or if you want to advise us of the presence of some new variant of the malware, you can contact us by writing a mail to giancarlo@simplytech.it or you can put a message in the Look2Me Remover section of our forum here. You will have a reply in the shortest time.