XP acting up, adware involved?

[Solidox2k]

gahhh. this is getting on my nerves. lately whenever i right click on any video file (avi,ogg,etc.) before the drop down list shows, the screen/monitor goes blank for a second (like its refreshing or something) and then back. on top of this any time at random when i start a video file explorer apparently unloads and reloads itself (the desktop and taskbar go away and load up again, losing anything minimized in the systray in the process), except my LAN connection,sound ico, and norton AV. i dont notice anything obvious that shouldn't be running in the task manager either.

to make things more fun, somehow i got adware (look2me crap) on here that i haven't been able to get rid of. rundll32.exe ran araamon.cpy.dll and that normally suddenly brought up ads w/o any other programs loaded. adaware found it, but could never remove it (always in use as long as rundll32.exe was running). anytime i *did* remove it, it was back again on reboot. so i flushed the file (made it empty, 0b) and made it read only. thought that fixed it, but it didn't. >_< . there's an 'araamon.dll' in the same folder, since i can *never* access this, being its always in use, i can't tell if its part of the adware. cant access the hard drive in dos yet, cause i dont know how to load the right drivers to do so (SATA HDD). i dont see anything suspicous in the registry run/run once/run services, etc. nor in any .ini files for windows. so i dont even know how the dll was being called.

anyone have any of these problems, or can help? im seriously thinking of just wiping the drive and reinstalling xp >_<

 

[lagger]

http://www.pchell.com/support/look2me.shtml

Look2me Removal Instructions and Help


What is Look2Me?
Look2Me is an advertising and information network that uses a shell extension to attach itself to Windows and display pop up advertising for its clients. It monitors visited web sites and submits this information to a server.

How do I Remove Look2Me?

Because the software highly integrates itself with Explorer, it can be hard to remove. Included below is a basic manual removal method for Look2Me as well as an excellent Visual Basic Script that can be run to help remove it.

Follow the instructions below to remove Look2Me

Click on Start, Run, and type REGEDIT and click Ok to start the Registry Editor

Now open the Windows Task Manager

On Windows 95/98/ME, Press CTRL+ATL+DEL
On Windows NT/2000/XP, Press CTRL+ALT+DEL, Select the Task Manager if needed, and click on the Processes tab

In the list of programs, click on EXPLORER.EXE and select End Task or End Process. Repeat this procedure until no explorer.exe process is running (The Start Menu, Task Bar, and System Tray will disappear)

Select the Registry Editor (you may have to press ALT + Tab)

Delete the following registry keys if they exist

HKEY_LOCAL_MACHINE \SOFTWARE\Classes\CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ ShellExtensions \ Approved \ {DDFFA75A-E81D-4454-89FC-B9FD0631E726}

Close the Registry Editor

Restart your computer

Now open My Computer and Drive C, open the Windows directory, and then the System directory
Note: %SystemDir% is a variable. By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Delete all files that look similar to the following, where * represents a letter or number

msg{********-****-****-****-************}****.dll

Open Internet Explorer

Click Tools, Internet Options

Click the Programs tab and then click Reset Web Settings to restore default settings for home page, search page, and other settings.

For Automatic Removal of Look2Me (option 1)

Download and run the program Killbox created by Option^Explicit Software Solutions.
or
Download and run the program Kill2Me from Merijn.
For Automatic Removal of Look2Me (option 2)

Download the following Visual Basic script provided by Mosaic1, a member of Spywareinfo, and save it to c:\removel2me.vbs

Look2Me Removal Program

This is a Visual Basic Scripting file, so you'll have to have the Windows Scripting Host installed. You can download the following file to disable or reenable the Windows Scripting Host.

noscript.exe

Now open the Windows Task Manager

On Windows 95/98/ME, Press CTRL+ATL+DEL
On Windows NT/2000/XP, Press CTRL+ALT+DEL, Select the Task Manager if needed, and click on the Processes tab

In the list of programs, click on EXPLORER.EXE and select End Task or End Process. Repeat this procedure until no explorer.exe process is running (The Start Menu, Task Bar, and System Tray will disappear)

Click the Applications tab, click the New Task Button, and type the path to the script you saved.

c:\removel2me.vbs

Click Ok

Click Shutdown on the Task Manager toolbar and scroll down to Restart your computer.




<b><font color=red>Just because you are ignoring those voices in your head doesn't mean they aren't talking about you</b></font color=red>

 

[Solidox2k]

*sigh* none of the programs work. for one, araamon.dll (actually detected by one of the programs as a vx2.betterinterent variant) can't be accessed at all. ontop of that none of the reg keys mentioned exist at all, and xp seems to take longer and longer to load.

now im not even sure what i've got >_< anyone know how to boot to dos and have access to a SATA drive? at least then i can examine this 'araamon.dll' and see if its really look2me, or whatever... then somehow from there...

 

[blah]

As far as I understand you are running XP, that's along is a no go with big .avi files. I use explicitly w2k JUST because of that. But anyway, SAVE your files, insert XP CD into the CD ROM and REINSTALL windows, the faster the better.

But if you really want to have trouble free .avi playback, I will let you know a BIGG secret which I AND I ONLY know: rename all of the .avi files into something different, I do it with just a .v, do it in the command prompt, so you will not have crashes when you'll be renaming those files (simple typing: "ren *.avi *.v" will do it. Open those files with any program your heart desire, I use WMP, the best. Wish you luck.

PS: forgot to mention <A HREF="http://www.free-av.com/" target="_new">AntiVir</A>.


..this is very useful and helpful place for information...