Computer Knowledge. Gadget. Anime. Design. Dance. Hong Kong Life. Stuff like that.

4.05.2006

Finally cured the lousy Look2Me spyware

After trying a lot of different methods, I finally got the Look2Me removed from my firend's machine. No spyware removal app (Ad-Aware SE, Spybot...) removes the spyware, but at least they consistantly tells me that the Look2Me is still in the machine. Also running spyware removal app while booting up a WinPE CDROM based OS doesn't work either. To erase Look2Me. I did the following.

- Use HiJackThis 0.99 to scan the machine under regular mode. I found out that two WinLogin entries in the list. That's the common way how Look2Me roload itself.
- Use WinPE disc to boot up your machine.
- Open Command Prompt.
- Use "DIR /A:RS:" to see all the hidden file in C:\Windows\SYSTEM32. For each on of them, use "ATTRIB -R -S [FileName]" to change the status of the file. Use "DEL [filename]" to delete the damn file. You may say that it's a bit risky on erasing all these /A:RS (read only and system file) items. But I checked other clean systems. None of them have any /A:RS items. And worst come to worst, I rather reinstall apps later than let any single one of potential spyware stays in my machine.
- Restart your machine in regular mode. Use hiJackThis to check and clean up any missing WinLogin junk.
- Run Spybot and AdAware to do a final clean up. Now you should have a clean machine.


Info
- Learn How to use ATTRIB the DOS command (Another example)
- Learn How to use DEL the DOS command
- This article is where I got a lot of inspiration on how to fix the Look2Me spyware.

P.S.
- I cannot use ATTRIB on the WinME bootup CDROM disc that I made (with Partition Magic 8 in it).

0 Comments:

Post a Comment

<< Home