Look2me Spyware

[cyclist110]

So a while back my wife was surfing and a small window popped up, the title was Microsoft Security Warning! the message was "Your system is infected with rpc doom virus click ok to repair". Oh Pandora and her box!
My desktop started getting advertising webcontent on it, my home page changed, popups galore everytime I opened IExporer. IExplorer even started to open itself when it detected a network connection. Links appeared on mydestop and I even found a piece of software that somehow got installed while I was trying to fix the problem.
I ran adaware and spybot multiple times each found a cleaned problems. But spybot kept finding the same problem related to Look2Me and VX2/h.betterinternet. After some research I shut down Explorer in the task manager, then I deleted some registry entries and restarted in safemode. Geuss who was back?
So I went through the whole process again only I restarted into dos and tried to delete a file called msg118.dll in my system32 folder, access denied! what the f*&^&**!!!!
So I booted up with a Knoppix Linux cd. Changed all the permissions and attempted to delete again, access denied!
Reformat, reinstall XP.

LET THIS BE A WARNING TO YOU ALL!

C

[Sixpac_XP]

http://www.kephyr.com/spywarescanner...me/index.phtml

another good read of this sucker

http://news.com.com/2100-1032_3-5153...?tag=nefd_lede

and the last one: (simple instructions 4Uall)

http://www.pchell.com/support/look2me.shtml

(all easily found on google.com)

[Ryanoffski]

I just had that problem (msg118.dll) too last week, and it migrated to our other computers not connected to the Internet! It was slowing down the computers to 486 speeds, but the killmsg118 utility worked great.

[cyclist110]

Yeah I read most of those instructions, unfortunately I was unable to delete msg118.dll and any way it was time for a reformat and clean install.
The people who create this kind of stuff will someday find themselves in court I'm sure.

C

[stumonky]

Running into the exact same problem - but I am not about to format my HD just yet! Seems this msg121.dll or look2me or whatever is sweeping the nation quick! Just last night AdAware seemed to fix the problem for one user - I am going to try it on my lunch break and will let you know if it works. Read - http://www.lavasoftsupport.com/index...2218&hl=msg121

-stu

[stumonky]

PROBLEM FIXED! See - http://www.kephyr.com/spywarescanne...2me/index.phtml

Should we ever doubt our "old school" abilities. I'm not a dinosaur by far (barley 28) but I remember the pre-Windows days running games off of DOS seemed so stable back then, didn't it?

Easy fix for this look2me crap - use boot disk to DOS prompt, go to system32 directory C:\Windows\System32\>del msg121.dll and viola! gone. Of course you have one the other msg files as 117, 118, etc. do the same for those. Reboot check for the keys Kephr list (mine didn't have any) and remove them if so. Reboot and you are good to go. As soon as I deleted the msg121.dll and rebooted my profile loaded normally. Once I checked for the keys I re-ran Adaware and deleted whatever it found (no errors were found) after one reboot ran it again and system was clean.

Ahhhh - I can breathe again. Live to fight another day. Who knows what they will think of next... DEATH TO ALL SPYWARE AND THOSE WHO WRITE IT!!! You suck!

-stu

[whatson]

I wish I'd seen this before I started hacking up my registry. I was able to manually delete the msg121 files and another locked file by adding a couple lines to the autoexec.bat to delete them on reboot. The only problem is that I somehow must have corrupted my DNS or Winsock so I could not browse (but I could tracert an ip address). Ultimately I fixed it with the two utilities posted here: http://users.zoominternet.net/~unix

The Utils themselves didn't work, but they contain instructions to manually delete and rebuild the whole Winsock and DNS mess. I was able to get back online and Spyware free after four brutal hours in hell. I would absolutely back any legislation for the death penalty for Spyware authors.

[Ryanoffski]

I hope these Look2me guys are in legal trouble. Their crap is hijacking the computer! In my dictionary it's more than spyware, it's a virus.