1. Hey Guest Did you know you can win an Honor 10 phone worth ₹33,000 and an additional ₹70,000 in paytm vouchers, just by replying to some threads and taking part in the discussions happening in the Honor Hub?

    What are you waiting for? Start commenting and start winning! Remember to read the instructions posted here.

    Dismiss Notice

infected by look2me adware

Discussion in 'QnA (read only)' started by paul_007, Mar 24, 2006.

Thread Status:
Not open for further replies.
  1. paul_007

    paul_007 New Member

    Joined:
    Jan 21, 2005
    Messages:
    801
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    earth
    my pc is infected by look2me adware, flash animations, popups keep appearing, i have tried every software available in net but none of them helped me. i have tried following softwares, webroot spysweeper, adaware SE, spybotSand D, microsoft antispyware, norton antivirus, mcafee antivirus and antispyware,norton look2me removal tool

    although every software detects it but none of them is able 2 remove it, they remove it temporarily but after restarting it appears again, webroot is somewhat effective as it stops the popups but adware is still there?

    pls help me, is formatting is the only option??
     
  2. mako_123

    mako_123 New Member

    Joined:
    Mar 23, 2005
    Messages:
    518
    Likes Received:
    0
    Trophy Points:
    0
  3. OP
    OP
    paul_007

    paul_007 New Member

    Joined:
    Jan 21, 2005
    Messages:
    801
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    earth
    no it is not working, tried the automatic method it says look2me not detected in r pc and i also tried manual method, the registries entries which they r asking me 2 delete is not present in my registry

    thnx 4 help
     
  4. mako_123

    mako_123 New Member

    Joined:
    Mar 23, 2005
    Messages:
    518
    Likes Received:
    0
    Trophy Points:
    0
    Try googling for the help , you will get a lot of sites .
     
  5. grinning_devil

    grinning_devil New Member

    Joined:
    Dec 3, 2004
    Messages:
    1,046
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    South Side Crater, Mars
    format your PC....backup your data and format it..

    since you have tried almost all of the known spyware detection tools,and they are unable to remove it.you can though try hijackthis
     
  6. mehulved

    mehulved 18 Till I Die............

    Joined:
    Jul 15, 2004
    Messages:
    5,790
    Likes Received:
    44
    Trophy Points:
    0
    Location:
    India, Mumbai, Marine Lines
    Have you tried running the anti-spwares in safe mode? It has worked in the past for me.
     
  7. Chindi_Chor

    Chindi_Chor New Member

    Joined:
    Feb 1, 2006
    Messages:
    156
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    C:\Windows\System.....
    install windowz Again...
     
  8. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    do this. run ur ant-spys in safe mode, or schedule boot-time scans, ver posbl.
     
  9. OP
    OP
    paul_007

    paul_007 New Member

    Joined:
    Jan 21, 2005
    Messages:
    801
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    earth
    OK i'll try in safe mode
     
  10. OP
    OP
    paul_007

    paul_007 New Member

    Joined:
    Jan 21, 2005
    Messages:
    801
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    earth
    yeah this has worked quite a lot :D :D

    but popups still appear but very rarely , once in every 2 hours

    thnx everyone
     
  11. mehulved

    mehulved 18 Till I Die............

    Joined:
    Jul 15, 2004
    Messages:
    5,790
    Likes Received:
    44
    Trophy Points:
    0
    Location:
    India, Mumbai, Marine Lines
    Still that is not good enough. Have you tried out different anti-spywares or just one? If not, do a thorough scan with different anti-spywares and check out the results.
    If this fails too, you can run hijackthis and post the results onwww.hijackthis.de for analysis. And remove the malware detected.
     
  12. __Virus__

    __Virus__ New Member

    Joined:
    Sep 15, 2005
    Messages:
    560
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Hyderabad
    naaaah still not guud....scan in safe mode again and probably post ur hijackthis log so that someone can analyze and help u out.
     
  13. Ankur Gupta

    Ankur Gupta Wandering in time...

    Joined:
    Nov 7, 2004
    Messages:
    1,293
    Likes Received:
    11
    Trophy Points:
    0
    Location:
    Delhi,India
    well the best thing is to format ur pc and install windows again if the adware is not being removed by the antivirus or anti-adware software.
    and remember to backup!
     
  14. OP
    OP
    paul_007

    paul_007 New Member

    Joined:
    Jan 21, 2005
    Messages:
    801
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    earth
    here is my hijack log

    Logfile of HijackThis v1.99.1
    Scan saved at 9:58:32 PM, on 3/25/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\System32\Hummbird\inetd32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Sify Broadband\BBImpSec.exe
    C:\Program Files\Sify Broadband\BBClient.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\softwares\HijackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sify.com
    F2 - REG:system.ini: UserInit=userinit.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SifyBB] C:\Program Files\Sify Broadband\BBImpSec.exe
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{548F1E1C-2F42-4AFF-966A-ABD5E203F2F5}: NameServer = 202.144.50.4,202.144.13.50
    O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\m2julc191f.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\System32\Hummbird\inetd32.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
     
  15. QwertyManiac

    QwertyManiac Commander in Chief

    Joined:
    Jul 17, 2005
    Messages:
    6,656
    Likes Received:
    10
    Trophy Points:
    0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
    O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

    Remove NetPumper from yr sis and for best results use only one D/l-Manager

    and perhaps these too...
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

    W8 for more hlp :)
     
  16. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
    yes u need to remove the default search url : searchbar.
    eif u use ms anti-spy, u can use it to restore all ie browsers default urls/pages, easily.

    posting ur hijackthis logfile at www.hijackthis.de will give u a detailed analysis.
     
  17. OP
    OP
    paul_007

    paul_007 New Member

    Joined:
    Jan 21, 2005
    Messages:
    801
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    earth
    hijack this is not able to remove these

    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll

    it says use spybot to remove them and when i use spybot , although it removes them but after restarting these files appear again
     
  18. anandk

    anandk Distinguished Member

    Joined:
    Mar 8, 2005
    Messages:
    3,786
    Likes Received:
    106
    Trophy Points:
    0
    Location:
    Pune
  19. OP
    OP
    paul_007

    paul_007 New Member

    Joined:
    Jan 21, 2005
    Messages:
    801
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    earth
    thnx , thnx , thnx a lot finally this has worked 4 me :D :D :D

    now no popups r appearing

    the file idmmbc.dll was the cause and i removed it using winsock lsp fix but i think this was not a part of Internet Download Manager cause i am usin this since 4 months and it havnt creatd any problem 4 me, the problem started when i installed a software frm a warez site.
     
Thread Status:
Not open for further replies.

Share This Page