Look2Me adware is made by NicTech Networks Inc. The name Look2Me originates from the servers that the earlier versions connected to. Today, Look2Me adware connects to www.ad-w-a-r-e.com.
The image below is an example of one of the many pop-ups Look2Me produces:
Look2Me is installed in stealth by trojans. During the install process, Explorer is restarted and it initially looks like the computer will shutdown. It does not shutdown but instead installs the guardian to the system.
Look2Me uses a guardian implementation to prevent removal. The guardian implementation attaches a Notification package to Winlogon and monitors users policy rights and system settings. Look2Me removes Debug Privileges from all user accounts. Look2Me does not implement any rootkit techniques and will therefore not be detected by BlackLight.
Write-up: Stefan Lundstrom, April 11, 2006
Technical Details: Stefan Lundstrom, April 11, 2006