Long story, but maybe it might come in handy to someone.
Working on my sisters computer over the past couple of weeks has been a wakeup for me. I had set her up with Win 2k and Norton, behind a router and had forgot to get back and install a software firewall thinking hey, she'll probably be ok...
Sigh, wow did I pay. She called me and was complaining about popups, her homepage being hijacked, and her searches always taking her to a certain site she'd never seen before. All stuff I had heard of. I was sure I could easily fix it and finally get around to installing a firewall. But then she confused me when she said the pop-ups came up whether she was browsing or not... /ubbthreads/images/graemlins/confused.gif
Anyone had any experience with
Look2Me ?
Besides a
bunch of the standard stuff (tscash, etc) she had this little gem. WOW is this a PITA! Just like she said it initiates pop-ups out of nowhere soon after Windows start up, browser running or no. And it works by .dlls that are randomly named so you can't just search for specific ones to identify the culprit. More irritating, it inserts itself
into Explorer.exe so 1. You don't see it running in Task Manager, 2. Your firewall quite possibly won't question it querying Look2Me servers, and 3. Its .dll's can't be deleted even in safe mode, this means AdAware and Spybot don't even dent it. AND, the dll has copies that, working in conjunction with registry entries, recreates the .dll if anything does somehow happen to it.
/ubbthreads/images/graemlins/banghead.gif
Plus its constantly updated so alot of the tools and info out there to deal with it doesn't necessarily apply anymore.
What I finally ended up doing was using Adaware to identify the name of the .dll (ie. the one it couldn't delete) I looked and identified several similarly named dll's. Then I used my Win 2k CD to boot into the recovery console and deleted (actually renamed to *.bak for safety) each of these dlls. (Then I used the recovery console to rename one of the dlls
back to *.dll since it wasn't related to look2me and was, I discovered, quite necessary for Windows to run. sigh) Back into safe mode and run adaware to clean up any detrius and manually cleaned up any bad entries in the registry.
The author of this scrourge is apparently a guy named Timothy Nichols. If anyone knows him and sees him, please punch him dead in the face for me and bunch of other net users.
Anyway, the moral of the story is I quickly moved my own system over to Firefox, did likewise for my sister (along with Zone Alarm Pro of course) and moved us both over to Sun's Java VM for good measure. Got a date tomorrow with my mom to give her system (running Tiny Firewall thank God) the same treatment.
ActiveX is no longer welcome in my household.