Tech Support Forum - View Single Post

MicroBell · 03-04-2006, 01:17 AM

Look2Me/VX2 Removal Instructions

The Look2Me/VX2 infection generates popups. It's easy to spot as it uses a random named long DLL and Random folder in the 020 Winlogon Notify section of the HJT log.

Entries to look for in the HJT log that will identify the infection.

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\e8020idoe80c0.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\m4rm0e91eh.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\hpj0231mg.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\e602lgdo160c.dll
O20 - Winlogon Notify: TESING - H:\WINDOWS\system32\p0r40a9qed.dll
O20 - Winlogon Notify: Guardian - C:\WINDOWS\system32\msg117.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\irr2l59o1.dll

The Fix
+++++++++++++++++++++++++++++++++++

Please Download Look2Me-Destroyer.exe and save the file to your desktop.

Print out these instructions and close ALL windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to "Run this program as a task".
You will receive a message saying "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Click OK
When Look2Me-Destroyer re-opens, click the "Scan for L2M button", your desktop icons will disappear, this is normal.
Once it's done scanning, click the "Remove L2M button".
You will receive a "Done Scanning message", click OK.
When completed, you will receive this message: "Done removing infected files! Look2Me-Destroyer will now shutdown your computer", click OK.
Your computer will then shutdown.
Turn your computer back on.

You should now be free of Look2Me/VX2 and the popups it was generating. If you require help with the removal of Look2Me/VX2 or to check your HJT log, then please start your own thread in the hijackthis section of this forum and a trained Analyst will review your log.

WARNING:

Use of the information in this fix is to be used at YOUR own risk. If you are unsure about a step or use of a tool then post your log in the hijackthis section and an Analyst will assist you.

03-04-2006, 01:17 AM	#3 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,951 OS: Windows XP-Pro SP2	Look2Me/VX2 Removal Instructions The Look2Me/VX2 infection generates popups. It's easy to spot as it uses a random named long DLL and Random folder in the 020 Winlogon Notify section of the HJT log. Entries to look for in the HJT log that will identify the infection. O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\e8020idoe80c0.dll O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\m4rm0e91eh.dll O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\hpj0231mg.dll O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\e602lgdo160c.dll O20 - Winlogon Notify: TESING - H:\WINDOWS\system32\p0r40a9qed.dll O20 - Winlogon Notify: Guardian - C:\WINDOWS\system32\msg117.dll O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\irr2l59o1.dll The Fix +++++++++++++++++++++++++++++++++++ Please Download Look2Me-Destroyer.exe and save the file to your desktop. Print out these instructions and close ALL windows before continuing. Double-click Look2Me-Destroyer.exe to run it. Put a check next to "Run this program as a task". You will receive a message saying "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Click OK When Look2Me-Destroyer re-opens, click the "Scan for L2M button", your desktop icons will disappear, this is normal. Once it's done scanning, click the "Remove L2M button". You will receive a "Done Scanning message", click OK. When completed, you will receive this message: "Done removing infected files! Look2Me-Destroyer will now shutdown your computer", click OK. Your computer will then shutdown. Turn your computer back on. You should now be free of Look2Me/VX2 and the popups it was generating. If you require help with the removal of Look2Me/VX2 or to check your HJT log, then please start your own thread in the hijackthis section of this forum and a trained Analyst will review your log. WARNING: Use of the information in this fix is to be used at YOUR own risk. If you are unsure about a step or use of a tool then post your log in the hijackthis section and an Analyst will assist you. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder