Remove Look2Me. Removal instructions

Severity scale:

(51 / 100)

Look2Me is a spyware parasite that tracks user Internet activity, logs web sites visited, user actions taken and sends gathered information to a predetermined remote server. It also secretly downloads from the Internet and installs other spyware and adware threats. Look2Me injects malicious code to the Windows Explorer process and other active tasks in order to complicate its removal. The parasite is able to silently update itself via the Internet. It automatically runs on every Windows startup.

Look2Me properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Look2Me removal:

remover for Look2Me

SpyHunter is recommended remover to uninstall Look2Me. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove Look2Me using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.

STOPzilla

download | review

We are testing STOPzilla's efficiency at removing Look2Me (2006-06-06 17:44:13)

Malwarebytes Anti Malware

download | review

We are testing Malwarebytes Anti Malware's efficiency at removing Look2Me (2006-06-06 17:44:13)

Spyware Doctor

download | review | tutorial

We are testing Spyware Doctor's efficiency at removing Look2Me (2006-06-06 17:44:13)

XoftSpySE Anti Spyware

download | review

Look2Me manual removal:

FORUM:
Discuss Look2Me in
spyware removal forum

Kill processes:
inetfuel.exe, installer[X].exe, hp.exe, nictech_bundle[X].exe, rh.exe, se.exe, sed.exe, updinstall.exe

HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SESync
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HP.Hopper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HP.Hopper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SP.SmartPops
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SP.SmartPops.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\hp.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{C81CFF28-6DF1-402F-B78C-D9493EF59882}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7CD5137-D2D6-4E2F-8279-4E7631159712}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E79061BA-B6E7-4A9D-A07C-C3CB561013B4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1423903E-86CC-4470-8AB0-257C10D77D45}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DEA7CA1-3372-4204-937C-2DD4A6ED6562}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A42DC659-33B5-409E-A433-650AC42ECCA4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A8516F49-8046-4295-8EE9-C59D5041C9E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB82CCD5-174B-4379-BC37-72D9B5ADAEDA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{47350D97-09E9-4590-864E-3431DA53BF37}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FA777197-4BF7-4AA9-A088-A0D803198DE0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0421701D-CF13-4E70-ADF0-45A953E7CB8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved\{DDFFA-E81D-4454-89FC-B9FD0631E726}
HKEY_CURRENT_USER\Software\Look2Me
HKEY_CURRENT_USER\Software\Hopper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Recommended Hotfix - 421701D

HELP:
how to remove registry entries

Delete files:
inetfuel.exe, installer[X].exe, hp.exe, nictech_bundle[X].exe, rh.exe, se.exe, sed.exe, updinstall.exe, nsdtmp09.dll, rh.dll

HELP:
how to remove harmful files

Delete directories:
C:\Program Files\SED
C:\Program Files\Recommended Hotfix - 421701D
Misc:
[X] is a certain digit.

Look2Me uses numerous randomly named files and registry entries.

Exact file location:
inetfuel.exe, updinstall.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
rh.exe, rh.dll - C:\Program Files\Recommended Hotfix - 421701D\[XVS]
se.exe, sed.exe - C:\Program Files\SED
nsdtmp09.dll - C:\Windows\Temp or C:\Winnt\Temp

[XVS] is the version number

Information added: 2005-09-29 15:13:17
Information updated: 2006-06-06 15:06:58

Additional resources related to Look2Me:

Attention: If you know or you have a website or page about Look2Me removal, feel free to add a link to this list: add url

more resources

Post Comment:

Attention: Use this form only if you have additional information about Look2Me parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.