Look2Me Pop-up Infection Removal Guide
At this time, please
DO NOT use the fix mentioned below as there seems to be a slight problem with the removal tool. If you have identified the
Look2Me infection, then please start your own thread in the
Spyware/Virus/Trojan Forum and an alternative fix will be used. This thread will be updated when more information is available.
If you use the tool below, it is at your own risk!
This guide will show you how to identify and remove the Look2Me Spyware Infection.
This infection causes unwated
POPUPS. It is identified by the
O20 Winlogon Notify key in HijackThis.
There will be a random named file located in the
WINDOWS\system32 folder. The name of the
Notify key may also be a normal looking name even though it does not belong there.
For example:
O20 - Winlogon Notify:
ShellScrap - C:\WINDOWS\system32\
lv6q09j5e.dll
In the entry above,
ShellScrap is the
Notify Key and
lv6q09j5e.dll is the random named file located in the
WINDOWS\system32 folder. This indicates the
Look2Me Infection.
More examples of entries in HijackThis that indentify the infection:
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\hpj0231mg.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\e602lgdo160c.dll
O20 - Winlogon Notify: TESING - H:\WINDOWS\system32\p0r40a9qed.dll
O20 - Winlogon Notify: Guardian - C:\WINDOWS\system32\msg117.dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\j4l4le3q1h.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\irr2l59o1.dll
======================================
The Fix
Please download
Look2Me-Destroyer.exe to your desktop.
- Print out these instructions and close ALL windows before continuing.
- Double-click Look2Me-Destroyer.exe to run it.
- Put a check next to Run this program as a task.
- You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
- When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
- Once it's done scanning, click the Remove L2M button.
- You will receive a Done Scanning message, click OK.
- When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown
your computer, click OK.
- Your computer will then shutdown.
- Turn your computer back on.
- You should now be clear of Look2Me
If you receive a message from your Firewall about this program accessing the internet please allow it.
If you receive a
runtime error '339' please download
MSWINSCK.OCX from the link below and place it in your
C:\Windows\System32 Directory.
http://www.ascentive.com/support/new...b/MSWINSCK.OCX
======================================
The Look2Me Infection should now be removed from your computer. If you are still having problems, please start your own thread in the
Spyware/Virus/Trojan Forum and post a HijackThis log.
Similar Threads
