SonicALERT
Search

Sonicwall Signatures

 

All Categories


  Look2Me NicTech-Networks Look2Me
During installation a connection is made to ad-w-a-r-e.com and instructions from java script change the host and remove registry keys. Has potential to do other malicous acts.

http://www.ad-w-a-r-e.com/cgi-bin/PopupV2?ID={}&type=normal&mSkip=1&rnd=", 300000, "TRUE");
sendExternalEvent('EVENT:UPDATECRC:A1EDBE54FAEA39FAAC6DF618503910E7');
sendExternalEvent('EVENT:REMOVEKEY:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify?HKLM?DllName?0563F1C45F34E7305C57F10DD17B6E8F');
sendExternalEvent('EVENT:REMOVEKEY:SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects?HKLM');
sendExternalEvent('EVENT:HOST:127.0.0.1?www.igetnet.com');
sendExternalEvent('EVENT:HOST:127.0.0.1?code.ignphrases.com');
sendExternalEvent('EVENT:HOST:127.0.0.1?clear-search.com');

Downloads other unwanted software and displays advertisements.
Causes the cpu to be at maximum usage which causes the computer to run slow and sometimes freeze up. Displays an advertisement that lists some causes of computer problems and offers a free program to check the computer for errors.

Comments:

Seems to be related to VX2.
Adds other software, and sometimes creates a second "shortcut bar".

Removal Instructions:

Kill this process:
no.exe

Remove these entries from the registry:
HKEY_CURRENT_USER\\software\\look2me

Remove these files:
systemroot+\\system32\\msg{1e253d5d-6add-4fe9-829c-f51038158be5}0110.dll
systemroot+\\system32\\msg{1e253d5d-6add-4fe9-829c-f51038158be5}0111.dll
systemroot+\\system32\\msg{46b08877-2be4-4f35-8e77-034c2142321c}0115.dll
systemroot+\\system32\\msg{5bef546a-e3c1-489c-996a-c9688d985ae0}0110.dll
systemroot+\\system32\\msg{5bef546a-e3c1-489c-996a-c9688d985ae0}0111.dll
systemroot+\\system32\\msg{63de1ad9-f0c6-4dac-886a-5a9707b0d23c}0110.dll
systemroot+\\system32\\msg{63de1ad9-f0c6-4dac-886a-5a9707b0d23c}0111.dll
systemroot+\\system32\\msg{93396c3f-aea3-4ac0-bb55-81f0f0414a24}0113.dll
systemroot+\\system32\\msg{9d4f5b7c-2a4b-46c5-99a7-4c775b688d45}0110.dll
systemroot+\\system32\\msg{9d4f5b7c-2a4b-46c5-99a7-4c775b688d45}0111.dll
systemroot+\\system32\\msg{aac5700f-954a-47b7-9746-871ae8e634e4}0115.dll
systemroot+\\system32\\msg{b9a9ac6a-2cc9-4a24-a250-bea974703ff8}0110.dll
systemroot+\\system32\\msg{b9a9ac6a-2cc9-4a24-a250-bea974703ff8}0111.dll
systemroot+\\system32\\msg{d331b768-d6da-41e8-a7b6-78ed724126c0}0115.dll
systemroot+\\system32\\msg{e01b47a7-a499-4fee-83c2-b0684ca28e6b}0115.dll
systemroot+\\system32\\msg{e8d8ffef-30a4-4df1-a618-e0599a0d0a15}0110.dll
systemroot+\\system32\\msg{e8d8ffef-30a4-4df1-a618-e0599a0d0a15}0111.dllno.exe


Relevant Information