|
|
|
6 Tips for Organizing Your Music Files
If you're a digital music fan, you probably have problems organizing your music file collection. For me, I used to have hundreds of MP3 files lumped in one folder in my hard drive. Can you imagine the pain I had to go through to find one...
CodeLock V2
PLEASE VISIT WWW.HTMLBLOCK.CO.UK FOR HTML ENCRYPTION AND ANONYMOUS EMAIL SERVICE! Welcome to htmlblock.co.uk Protecting Websites Worldwide Protect your website with htmlblock.co.uk. Our software package gives you the highest in encryption and...
Dr. Software Can Help Keep Your PC Healthy
There are many things that can affect your PC's performance.
From viruses and spyware to hidden errors and missing
application files, there is no end to the possible culprits that
could be slowing your computer down. To find any one...
Flash Web Design - The Wave of the Future?
There are two camps when it comes to flash web design, those who believe it is the wave of the future and those who do not. To decide which camp you want to be part of, you of course need to learn a little bit about flash web design and try it out...
Script Kiddies - Vermin of the 'net
....well, a close tie with Pyramid scheme pushers My prompting for writing this article is occurring right this moment. My personal firewall software has thrown up a dialog box stating that someone is probing port 27374 on my computer. ...again...
|
|
| |
|
|
|
|
|
|
Look2me Malware Removal
I visited another client with a spyware infection... This lady
uses a dialup connection & eventually couldn't do any web
browsing.
Funnily enough, she had norton internet security (and anti
virus) running, but this malware ran rings around it... the
second computer in 2 weeks with norton helpless at stopping
spyware.
Anyway, I spend 90 minutes doing the usual: disable malware
startups within the registry, startup folder, etc. but every few
minutes, a web page would spontaneously pop up anyway... At
least the computer was mostly working, but if I left it as is,
it would have gotten worse over time anyway.
Client agrees I can take the computer & work on it from the
office.
After a lot of investigation, I find I'm dealing with
"look2me"... & all the forums are full of helpfull suggestions,
none of which seem to work for my particular situation... run
programs like adaware, ewido, spybotSD, etc, start in windows
safe mode, blah blah blah.
No matter what I did, the spyware was re-appearing. I even knew
which dll file was the culprit, but it was "in use by windows"
from when windows starts, so it cannot be deleted, & it changes
name after every reboot... so deleteing it at reboot time is no
use... and of course any deleted files or registry entries would
get re-created (sometimes within a matter of seconds)
I got a good idea of what was going on by using hijackthis
(http://www.spywareinfo.com), regedit, l2mfix, killbox, and the
symantec page on look2me.
I even upgrade XP from SP0 to SP2, but it didn't really help
I also found that there are so many variants of this little
critter... no wonder anti-spyware programs can't control it...
antispyware rely on malware "signatures"... similar antivirus
programs... the malware people can generate new variants faster
than any anti-malware company can keep up... maybe someone
should tell them to adopt a heuristic approach... so that all
current & future variants can be dealt with.
Anyway, I figure out how to interpret the output from l2mfix, &
tell the difference between legitimate files & registry entries,
& bad ones.
It seems like L2M rotates between 4 different (seemingly random)
filenames after every reboot. The registry entry for the current
active dll file can be
deleted, but it gets recreated.
But there are 8 other registry enties, which seem to "control"
the 4 dll files... So I delete these 8 entries while in safe
mode (I wouldn't have been happy if there were 200 entries!).
They don't reappear, so I empty out the temp, prefetch, & ie
cache folders. Then I schedule killbox to delete any undeletable
"bad" dll at booot time.
I'm not sure what else I can do... its 4am, & i'm a wee bit
tired, so I decide to reboot into safe mode again & see what
happens... I notice that my deleted entries have remained
deleted, the "reappearing" registry entry is gone, and there are
no bad dll files left in the system32 folder...
I run ewido, spybot & adaware, just to be sure, then I reboot to
normal windows mode. Still no signs of L2M, so I do a defrag &
let the computer (with Maxthon running) go for the rest of the
night. The next morning, there are no signs of malware, so I
declare the computer exorcised of deamons, & return it to its
family.
Summary:
There isn't any utility to remove all Look2me variants (at this
stage). So there is no alternative but to learn how L2M actually
behaves & then remove the relevant bits.
Stages for removal: 1) download all the utilities you will need
beforehand. 2) boot into windows safe mode 3) run a few anti
spyware utilities & cleanup as much as possible. 4) run
hijackthis (look at the O20 entry for an idea of the guilty dll
file 5) run l2mfix & look at the registry entries some will have
blank content, but the name will be a hex code for another entry
that points to the bad dll's. 6) This is where you need to take
great care. if you don't understand what you are doing at this
point, find someone who can help... I take NO responsability for
what happens, as a mistake within regedit can make your computer
totally and completely unusable. 7) run regedit & remove the
"guilty" entries. 8) cleanup ie caches prefetch dirs, etc. 9)
reboot to safe mode again 10) check for and remove any leftovers.
I hope this helps.
Luigi Martin
Computer Aid
About the author:
Computer Aid : We can help you.
http://computer-help-brisbane.blogspot.com
http://www.computer-aid.com.au
http://www.wonders-for-windows.com
|
|
|
|
|
|