Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Look2me on Windows 98 2E


  • This topic is locked This topic is locked
3 replies to this topic

#1 Undertaker

Undertaker

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 17 June 2004 - 02:24 AM

Just looking to see if this makes sense to anyone out there.

I was having a rough time removing Look2me from my Windows 98 2E web browser and, needless to say, it was driving me nuts. When I pressed Ctrl Alt Del to see what programs were running,... Expolrer was gone. It seemed to me like it was replaced by Rundll32. Any way, I tried the Manual removal of Look2me several times with no luck. Every time I deleted the infected key in the registry, it would instantly reappear. I could not locate any of the msg***.dll files on my computer, so deleteing them with a startup disk was useless. :flowers:

Out of fustration, this is what I did:
Opened my Find files program and in the "search for text" box I typed look2me
The only file it found was the user.dat file in my systems folder. Not being a patient person, I deleted the sucker. When I restarted my computer, (this part is a bit hazy... I was very tired) I think it said my registry had been tampered with and it loaded a backed up version that it found. Sure enough, my HijackThis log was full of stuff I fixed a while ago (months!?!) (Thankfully nothing too terible) but, get this, Look2me was gone!!! :thumbsup:

Talk about dumb luck. Does this make sense to any one out there???

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:22 PM

Posted 17 June 2004 - 11:56 AM

Was it possible the file you delete was called ntuser.dat?

If so that is a registry file you deletect so it saw a problem and restore a backup. This does make sense.

You should have asked us for help :thumbsup: We could have removed it for you

#3 Undertaker

Undertaker
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 18 June 2004 - 05:39 AM

Thank You for your help Grinler. I went to check my recycle bin and found the deleted file. It was (is) this: USER with no file extension. It was in my WINDOWS folder, not in the system folder as I mentioned before. When I check the properties, windows says it is a DAT file with read only and hidden attributes. Is there any way to take a look at this file without re-infecting my system?

PS... I am in the middle of a string of night shifts and will check that CMOS battery as soon as I get soom free time.

Thanks again, Undertaker

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:22 PM

Posted 18 June 2004 - 10:06 AM

There will probably be no way for you to look at the contents of that file and understand it unfortunately.

And user.dat is a registry file which is why windows reported that there was a problem.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users