Look2Me

Overview

Look2Me monitors the web sites you visit and sends the log to the vendor's server. Look2Me will also open pop-up windows.

Look2Me is implemented as a shell extension, which makes it tightly coupled with Explorer. If you try to remove Look2Me while Explorer is running, Look2Me will notice this and reinstall itself, which makes it hard to remove. The trick is to shut down Explorer before deleting the registry entries associated with spyware, reboot, and then delete the .dll file. It is also possible to remove Look2Me by booting up on start-up disks and delete the .dll file.

From the developer: Look2Me Advertising and Information Network is not a separate application, but is rather attached to customized applications that Look2Me and our partners distribute. Look2Me's portfolio of advertisers help keep the leading software applications and services free. Source

From the developer: Look2Me offers merchants an unparalleled opportunity for visibility on the Internet. Look2Me can help you drive your sales with our millions of monthly active visitors from our various applications, Web properties and opt-in email lists. Look2Me provides targeted promotions and advertisements for dozens of leading corporations, driving extraordinary ROI and click-thru-rates. Look2Me can deliver your message to millions of monthly visitors through our Advertising and Information Network. We will effectively display your message and target consumers for less than 1 cent per advertisement impression! Source

I have spotted many variants of Look2Me where the first is Look2Me.msgstar, which is bundled with the SpyBan Trojan, which does not mention Look2Me in the End User License Agreement (EULA), or more accurate, Spyban does not have a EULA. This variant is identified by its long .dll name. I have not been able to find a EULA for Look2Me.msgstar.

The second variant is Look2Me.msg116, identified by the msg116.dll file. This variant has a EULA, and it is no pleasant reading: "I UNDERSTAND AND AGREE THE SOFTWARE PRODUCT WILL MODIFY, REMOVE, AND ADD ENTRIES TO MY COMPUTER OPERATING SYSTEM, NETWORK PARAMETERS, AND OTHER INSTALLED FILES THAT WILL CHANGE THE PRIOR DEFAULT SETTINGS, AND/OR INSTALL SOFTWARE FROM THIRD PARTIES WITHOUT USER INTERVENTION, AND/OR TO INSTALL SOFTWARE TO DISPLAY ELECTRONIC ADVERTISEMENTS AND THIRD PARTY WEB PAGES OF EVERY KIND AND NATURE AND/OR MONITOR MY ACTIONS AND REPORT THEM TO THE COMPANY AND/OR UNDISCLOSED THIRD PARTIES, WITHOUT USER INTERVENTION." Source

The third variant is Look2Me.msg117, identified by the msg117.dll file. The EULA is the same as for Look2Me.msg116.

The fourth variant is Look2Me.msg118, identified by the msg118.dll file. The EULA is the same as for Look2Me.msg116.

I have not had the opportunity to review the EULA for the remaining variants, Look2Me.msg119, Look2Me.msg120, Look2Me.msg121 and Look2Me.msg122.

Look2Me's signs of infection range from pop-up windows, the msg-ish dlls in %SystemDir%, ICMP messages coming from www.look2me.com or your firewall warning about connections to www.look2me.com. As described in my summary about shell extensions, Look2Me is running inside Windows Explorer not making any appearance in the Task Manager, neither in the Application List nor in the Process list. Look2Me might also connect to the Internet without your firewall warning you about it. I hate to admit it, Look2Me uses a clever approach to operate undetected, and once detected it will be hard to remove. Alas, I think we will see more of this coming.

Classification

Spyware

Files

msg116.dll, msg117.dll, msg118.dll, msg119.dll, msg120.dll, msg121.dll, msg122.dll, upd116.exe, upd117.exe, upd118.exe, msg121.cpy.dll, msg{********-****-****-****-************}****.dll, where * represents a character.

Vendor

look2me.com whois
NicTech Networks, Inc whois

End User License Agreement

Look2Me.msg116
Look2Me.msg117

Detection

Bazooka Adware and Spyware Scanner detects Look2Me. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Uninstall Procedure

I have contacted the vendor (info@look2me.com) asking them for uninstall instructions. I got the following reply:

---
Hello,

The UnInstaller for the Look2Me application can be found at:
http://www.look2me.com/app/UnInstaller.php
http://www.look2me.com/app/UnInstall.php
http://www.look2me.com/cgi-bin/UnInstaller

Thank you for using our application.

Regards,
Look2Me
---


To download the uninstaller, you have to accept an End User License Agreement for the uninstaller and give Look2Me your email address and they will send the uninstall attached in an email along with a license key. I recommend that you set up a temporary email account at one of the free email providers such as Yahoo or HotMail, to avoid giving out your real email address. I have mirrored this EULA here. To run the uninstaller you will need network access, allowing the uninstaller to register the uninstall serial key at the look2me server. So the serial key can only use it once. The Look2Me uninstaller left the .dll files behind which you can delete manually after rebooting your machine.

I have asked the vendor how they recommend I uninstall Look2Me when a computer does not have network access. So far, no reply.

Manual removal

Please follow the instructions below if you would like to remove Look2Me manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Look2Me remains on your system after stepping through the removal instructions, please double-check by stepping through them again.

On Windows 95/98/ME/XP, you can delete Look2Me rebooting on a MS-DOS startup disk. Please follow the instructions below:

  1. Create a Windows startup disk.
  2. Close all running programs, insert the startup disk, and reboot your computer. During startup you will be asked if you want to start up with CD-ROM support, choose without. After a while the computer will display the command prompt, saying "A:\".
  3. type the following commands (commands in bold):
  4. c: (hit enter - the prompt should change to "c:\".
  5. cd windows (hit enter - the prompt should change to "c:\windows\".
  6. (if you are running Windows 95/98/ME) cd system (hit enter - the prompt should change to "c:\windows\system\".
  7. (if you are running Windows XP) cd system32 (hit enter - the prompt should change to "c:\windows\system32\".
  8. del msg{*.dll
  9. del msg116.dll
  10. del msg117.dll
  11. del msg118.dll
  12. del msg119.dll
  13. del msg120.dll
  14. del msg121.dll
  15. del msg122.dll
  16. Take out the startup disk and reboot your computer in normal mode.
  17. Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
  18. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {DDFFA75A-E81D-4454-89FC-B9FD0631E726}, if it exists.
  19. Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ ShellExtensions \ Approved \ {DDFFA75A-E81D-4454-89FC-B9FD0631E726}', if it exists.
  20. Start Microsoft Internet Explorer.
  21. In Internet Explorer, click Tools -> Internet Options.
  22. Click the Programs tab -> Reset Web Settings.

If the uninstall procedures above does not work, you can also try to rename the .dll file, restart your computer, and then delete the renamed file.

Problems uninstalling? Click here.

I'm looking for your help!

Thank you for using my site, I hope you find it useful. I'm looking for help from all users, please read more.

Contact information for Look2Me's vendor

In order to provide correct, accurate and updated information about Look2Me I encourage the vendor to contact me if any part of this write-up needs a revision.

How do you rate the information provided about Look2Me?


Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.



FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com