PDA

View Full Version : look2me not fully detected



Lardzor
2005-10-21, 13:42
I had a recent run-in with the adware "look2me". This evil adware assaulted me with POPUPS in my default browser (opera) and also Internet Explorer, and other popups that didn't seem to require either. I was getting 2-3 popups per second sometimes. You don't even have to have a browser open, It will open them on it's own.

Spybot did not remove it. (yes I updated)
Add Aware SE did not remove it. (yes I updated)

So, I installed ewidos security suite.
That found "look2me", but did not remove it. (yes I updated)

I tried all programs with both Safe Mode on, and 'system restore' off on all drives. I also rebooted between scans.

Whoever made "look2me" is an EVIL smart guy, as this did NOT solve the problem.

I talked to a friend who recommended "spysweeper". I installed and ran it from safe mode with sys/resore off. This found the problem and after I ran it about 3 times, My problem seemed to be over.

The only problem I had left was that there was a flashing hourglass next to my mouse pointer. Even when my system was idle, the hourglass was still blinking on and off. It blinked regularly about 2 times per second.

It didn't take long for me to get as annoyed with this as I was with the popups. I started killing EVERYTHING I could in the taskmanager. The blinking stopped when I killed the process teatimer. I know this is a spybot process, so I reboot (again) and when the blinking returned, I ended only teatimer, and confirmed that this would stop the blinking hourglass.

Thinking that installing other spyware removal software somehow conflicted with Spybot, I removed ewidos, and spysweeper. After a reboot, the blinking remained. I then uninstalled Spybot, and reinstalled it (with updates). The blinking remains.

Does anyone have a fix for this ? I like teatimer, and would like to keep useing it, but I can't take the blinking hourglass all the time.

Any help is appreciated.
Thanx in advance.

Spybotnorma
2005-10-21, 14:16
Please send us your Spybot-S&D system report to locate the problem
(and add it to a future update). Please start Spybot-S&D in advanced mode
(from the Start menu, Programs -> Spybot - Search & Destroy), go to 'Tools -> View report',
click the 'View report' button at the bottom to continue, export that report to a text file
(see the export button in the toolbar), and send us that file.
Please use detections@spybot.info as the email address to send it to. We'll try to locate
your problem in this report, and add any new threats to the next update.

PepiMK
2005-10-21, 15:09
(Moved into the proper category)

Lardzor
2005-10-21, 23:01
Please send us your Spybot-S&D system report to locate the problem
(and add it to a future update). Please start Spybot-S&D in advanced mode
(from the Start menu, Programs -> Spybot - Search & Destroy), go to 'Tools -> View report',
click the 'View report' button at the bottom to continue, export that report to a text file
(see the export button in the toolbar), and send us that file.
Please use detections@spybot.info as the email address to send it to. We'll try to locate
your problem in this report, and add any new threats to the next update.
My initial message was a bit long winded, so In case you did not read the whole thing I just wanted to make a couple things clear before sending you a detections report.
1) None of the programs I was useing currently reports any infections of any kind. (spysweeper finally killed look2me)
2) The only issue that remains is that there is a blinking hourglass next to my pointer whenever TeaTimer is active.

Do you still desire me to send a report when my last spybot scan only reported 2 cookies?

What the heck, it's so small I can post it here and send you an e-mail with it.


--- Report generated: 2005-10-21 12:58 ---

Advertising.com: Tracking cookie (Opera 4+: Lard) (Cookie, fixed)

Advertising.com: Tracking cookie (Opera 4+: Lard) (Cookie, fixed)


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-21 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-14 Includes\Cookies.sbi (*)
2005-10-14 Includes\Dialer.sbi (*)
2005-10-14 Includes\Hijackers.sbi (*)
2005-10-14 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-10-14 Includes\Malware.sbi (*)
2005-10-14 Includes\PUPS.sbi (*)
2005-10-14 Includes\Revision.sbi (*)
2005-10-14 Includes\Security.sbi (*)
2005-10-14 Includes\Spybots.sbi (*)
2005-02-16 Includes\Tracks.uti
2005-10-14 Includes\Trojans.sbi (*)

Good luck.

Lardzor
2005-10-22, 08:04
It seems there was another infection on my machine.

It was appearantly a variant of "Apropos".

I used a program called AproposFix to remove it while in Safe Mode.

The flashing hourglass issue is resolved, and my computer appears to be back to normal.

Geeze, I ran one suspect program called unzip.exe (that did extract the file I was looking for), and popups started flooding my screen seconds later. It must have installed a small program that downloads and installs other nasty malware.

There should be a law against malware so that people who create and profit by them are subject to the same punishment as those who create a destructive virus.

I wonder how simple it is to alter a piece of Malware to evade current anti-spyware/addware. I wonder if the people doing this have got a system, or utility to automatically generate a variant that will evade detection.

tashi
2005-10-28, 23:27
There should be a law against malware so that people who create and profit by them are subject to the same punishment as those who create a destructive virus.

I wonder how simple it is to alter a piece of Malware to evade current anti-spyware/addware. I wonder if the people doing this have got a system, or utility to automatically generate a variant that will evade detection.

Hello. :)
There have been several proposals, a google search will show them.

Passing laws and enforcing them is difficult, however it is quite a hot topic.

Meanwhile anyone who uses a computer with access to the internet or shares floppies/cd's should protect the system before someone else takes control.
Computer Safety Online (http://forum.malwareremoval.com/viewtopic.php?t=14)

Malware is complicated both sides of the coin.

Have a great weekend.

charleshgardner
2005-12-08, 20:15
I am new to Spybot. I have the same blinking hourglass and problem with popup ads that you recently helped Lardzor fix. Can you help me?
Thanks.

charleshgardner
2005-12-08, 22:40
I ran spybot S&D and it fixed the blinking hourglass problem! Many thanks!