Look2Me

Classification

Spyware

Adware

W32

Look2MeAdware.Look2Me, NicTech Networks

Summary

Look2Me adware operates in stealth and displays an excessive amount of pop-up advertisements. Most common are IE pop-up windows, but some pop-ups are tailored by shape and animation. Some of the advertisements push the user to install ErrorGuard or WinFixer. Look2Me requires a special removal tool to disinfect. Look2Me only infects Windows 2000, XP and 2003.

Removal

Use F-Look2Me to remove Look2Me.

F-Look2Me loads itself as a service to gain system privileges. The service renames infected files and patches the adware in memory. It also restores Debug Privileges for group Administrators. F-Look2Me requires administrator rights to run.

Suspect a file is incorrectly detected (a False Positive)?

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest detection database updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    NOTE If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note You need administrative rights to change the settings.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Look2Me adware is made by NicTech Networks Inc. The name Look2Me originates from the servers that the earlier versions connected to. Today, Look2Me adware connects to www.ad-w-a-r-e.com.

The image below is an example of one of the many pop-ups Look2Me produces:

Look2Me is installed in stealth by trojans. During the install process, Explorer is restarted and it initially looks like the computer will shutdown. It does not shutdown but instead installs the guardian to the system.

Look2Me uses a guardian implementation to prevent removal. The guardian implementation attaches a Notification package to Winlogon and monitors users policy rights and system settings. Look2Me removes Debug Privileges from all user accounts.