1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

look2me virus

Discussion in 'Virus & Other Malware Removal' started by scjetson, Apr 22, 2004.

Thread Status:
Not open for further replies.
  1. scjetson

    scjetson Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    1
    :confused: Look2me has taken over my computer. I have tried to automatically, as well as manually remove it icw various recommendations. I do not see any of the files they tell me to look for in the registry. I am running xp home. It has attached itself to one of my windows\system32 files. The infected file is aud.cpy.dll. I can delete it if I "end process" (rundll32) in the task manager. I do a scan and it is clean. As soon as I re-boot windows it is back in the system32 folder. It will lock up the pc after about 10 mainutes. Is there any ideas short of an entire hard drive reformat?
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Have you tried this:http://www.pchell.com/support/look2me.shtml

    Or you could........
    Do this:
    go to http://www.lurkhere.com/~nicefiles/ , and download 'Hijack This!'.....
    Unzip it to its own folder, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.

    If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

    ;)
     
  3. scjetson

    scjetson Thread Starter

    Joined:
    Apr 22, 2004
    Messages:
    1
    I went again to the Look2me E-mail for help and they gave me the manual unistall directions (the auto unistall did not work). This is the problem, it has attached itself to this windows\system32 file: aud.dll. The Look2me infected file is: aud.cpy.dll. I can delete the aud.cpy file, but even using a command prompt with explorer process shut down it will not let me delete the aud.dll file. Being it is a system32 file I am sure it is a critical file for windows to work. Look2me said the cpy and the original must be deleted to totally make it gone. Anyone have any ideas short of a total reformat?
    Here is the log from the hijack this scan:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Stephanie\Local Settings\Temp\Temporary Directory 2 for hijackthis1977.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchgateway.net/search/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
    O1 - Hosts: â
    O1 - Hosts: 207.36.196.189 auto.search.msn.com
    O1 - Hosts: 207.36.196.189 search.netscape.com
    O1 - Hosts: 207.36.196.189 ieautosearch
    O1 - Hosts: me.com/cgi-bin/SelectorV2?ID={4671DFC7-04E7-4D30-81DE-7609576563F4}&mSkip=1&rnd=31584", 180000, "FALSE");
    O1 - Hosts: myRepeatArray[3] = "10";
    O1 - Hosts: myRepeatArray[2] = "3";
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/222885

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice