Overview
Summary:
Alias:
Category:
Hijacker: Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.
Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product.
Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.
Toolbar: A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.
Variants:
Similar Pests:
Origins
Group:
Vendor:
By This Group:
Mailing Address:
Phone:
URL:
Date of Origin:
Distribution
Distribution:
Drive-by Download from sites such as http://www.bigmeatycocks.com. "Success" in a drive-by download will require IE 6 with security settings set to "low". Both scripts and an ActiveX accomplish the installation and subsequent operation. No click on anything on the page will be required, no warning will be given, and nothing will be displayed during the installation of ILookup. Upon reload of IE, you will have a toolbar that is not visible, and contains no text
Visiting http://www.i-lookup.com will deliver popups such as those shown below. A click anywhere on the window will install ILookup.
Prevalence:
Clot Factor:
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.
Growth:
Operation
Advertising:
Storage Required:
Browser Performance:
Risks
Privacy Issues:
Security Issues:
Stability Issues:
Detection and Removal
Automatic Removal:
PestPatrol detects this.
PestPatrol removes this.
Manual Removal:
Open the 'Downloaded Program Files' folder in the Windows folder. Right-click the 'I-Lookup.com Toolbar' object (Ineb variant), or the 'GlobalWebSearch.com' object (Gws variant). Click 'Remove'.
Next, open a DOS command prompt window (Start->Programs->Accessories) and enter the following commands.
For the Ineb variant:
cd "%WinDir%\System"
regsvr32 /u Ineb.dll
for Gws:
cd "%WinDir%\System"
regsvr32 /u GWS.dll
For Chgrgs:
cd "%WinDir%\System"
regsvr32 /u Chgrgs.dll
Use Internet Options | Programs | Reset Web Settings
to get the normal search sidebar back, reset your homepage,
and delete the extra bookmarks added to the Favorites
menu. Use regedit to delete HKEY_CURRENT_USER\Software\ineb.
Kill these running processes with Task Manager:
Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you find the value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\fqtzkbge, delete it and reboot the machine immediately.
Unregister these DLLs with Regsvr32, then reboot:
Remove these registry items (if present) with RegEdit:
Remove these files (if present) with Windows Explorer:
Remove these directories (if present) with Windows Explorer:
After following the instructions above, you will still need to restore your original settings and prevent this from happening again.
Research
File Analyses:
- I-Lookup: ineb.inf · new.reg
- I-Lookup.Abeb: abeb.dll
- I-Lookup.Bmeb: bmeb.dll · syscpy.exe
- I-Lookup.GWS: gws.dll · winenc32.dll
- I-Lookup.Sbus: sbus.dll