Threat Description

Look2MeLook2MeLook2MeAdware.Look2Me, NicTech Networks


Category: Spyware
Type: Adware
Platform: W32


Look2Me adware operates in stealth and displays an excessive amount of pop-up advertisements. Most common are IE pop-up windows, but some pop-ups are tailored by shape and animation. Some of the advertisements push the user to install ErrorGuard or WinFixer. Look2Me requires a special removal tool to disinfect. Look2Me only infects Windows 2000, XP and 2003.


Use F-Look2Me to remove Look2Me.

F-Look2Me loads itself as a service to gain system privileges. The service renames infected files and patches the adware in memory. It also restores Debug Privileges for group Administrators. F-Look2Me requires administrator rights to run.

Technical Details

Look2Me adware is made by NicTech Networks Inc. The name Look2Me originates from the servers that the earlier versions connected to. Today, Look2Me adware connects to

The image below is an example of one of the many pop-ups Look2Me produces:

Look2Me is installed in stealth by trojans. During the install process, Explorer is restarted and it initially looks like the computer will shutdown. It does not shutdown but instead installs the guardian to the system.

Look2Me uses a guardian implementation to prevent removal. The guardian implementation attaches a Notification package to Winlogon and monitors users policy rights and system settings. Look2Me removes Debug Privileges from all user accounts.

Description Details: Stefan Lundstrom, April 11, 2006
Technical Details:Stefan Lundstrom, April 11, 2006


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Scan & clean your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

Learn More