Look2me Not Detected?

JasonDS
JasonDS
in Malware talk

I just ran HijackThis, and stumbled upon what appears to be a Look2Me infection..


I've identified this DLL as Look2Me (correct me if I'm wrong): k4pmle711h.dll


I ran a full scan with BitDefender 2008 last night, and it detected a few things.. low priority stuff, but now I'm skeptic towards the BD2008 purchase..


Please clarify:


1) k4pmle711h.dll - is it Look2Me?


2) Look2Me is malicious, right?


3) [if (2) is yes] Why wasn't Look2Me found?


Thank you :)

Comments

  • JasonDS
    JasonDS

    Apparently we can't edit our own posts? :huh:


    Anyways.. Here's the report from Look2Me-Destroyer


    Look2Me-Destroyer V1.0.12


    Scanning for infected files.....


    Scan started at 11/10/2007 1:46:05 AM


    Infected! C:\WINDOWS\system32\k4pmle711h.dll


    Attempting to delete infected files...


    Making registry repairs.


    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management


    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F453DD30-19A3-42A1-AA2D-ACF7D2B5E6F8}"


    HKCR\Clsid\{F453DD30-19A3-42A1-AA2D-ACF7D2B5E6F8}


    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{26741859-BC54-4280-B46A-9C202D89858B}"


    HKCR\Clsid\{26741859-BC54-4280-B46A-9C202D89858B}


    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3995347E-2A61-4A4D-AD1E-1BC6FF87FE24}"


    HKCR\Clsid\{3995347E-2A61-4A4D-AD1E-1BC6FF87FE24}


    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7066B146-939E-492B-B7FA-1EC72B0D738B}"


    HKCR\Clsid\{7066B146-939E-492B-B7FA-1EC72B0D738B}


    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{909EA04A-149C-4860-B79D-3E474C401415}"


    HKCR\Clsid\{909EA04A-149C-4860-B79D-3E474C401415}


    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1D7712BF-F292-4182-BE48-50E2007BF88E}"


    HKCR\Clsid\{1D7712BF-F292-4182-BE48-50E2007BF88E}


    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BD602396-134D-4151-AFBB-5934653B7BA9}"


    HKCR\Clsid\{BD602396-134D-4151-AFBB-5934653B7BA9}


    Restoring Windows certificates.


    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded

All Time Leaders

Categories

Defenders of the month