Home / Spyware Help / LookBack Removal Guide

LookBack Removal Guide

by 0 Comments

Do you know what LookBack is?

LookBack falls under the classification of Trojans. It was first discovered in July 2019 when cybersecurity specialists were informed about spear-phishing emails that were carrying the malicious application. Fortunately, for regular home users, this malware was designed to infiltrate systems of institutions only. It is likely that the main hackers’ goal is to gain access to targeted systems so they could obtain sensitive information available on them, although it seems the threat may allow hackers both destroy data as well as interfere with infected computers processes too. For more information, on this sophisticated malicious application, we invite you to have a look at the rest of our report. For those interested in learning how a victim could delete a threat like LookBack manually, we recommend checking the removal guide available at the end of this page.

It is said that the first targets of LookBack were three organizations in the utility sector of the United States. According to reports, they received fake emails from the United States National Council of Examiners for Engineering and Surveying, which is also known as NCEES. The fraudulent emails were delivered while using the spear-phishing technique. It means they perfectly impersonated letters of the actual organization. Not only they contained the institution’s logo images, but its links lead to a fake NCEES website, which also looked very convincing.

Furthermore, the fake emails came with Microsoft Word documents that did not seem malicious just by looking at them. Unfortunately, if a victim would launch such a file, he would accidentally trigger a chain of macros commands that eventually install LookBack on an infected device. It would seem all data associated with the malware should be placed in the %PUBLIC% directory. Naturally, the malicious application’s files could have random names or titles of legit system files, so it might be difficult to recognize them based on their names. A much easier way would be scanning files located in the %PUBLIC% directory with a reputable antimalware tool.

After LookBack gets installed, it should connect to a remote server from which it ought to receive commands on what to do next. Sadly, the malware can do a number of things, for example, it can take screenshots, click or move the victim’s mouse, delete or view files, install more malware on a system, and so on. Such capabilities may allow hackers to spy on their victims and view or record sensitive information their victims could be working with. Also, the cybercriminals could disrupt their victim’s work by shutting down an infected machine or taking control of the mouse. If identified, the malicious application should be removed at once. Victims could try deleting LookBack manually while following the removal guide available below, but the task could be complicated. Thus, it might be best to leave it to a reputable antimalware tool of your choice.

Erase LookBack

  1. Press Ctrl+Alt+Delete.
  2. Pick Task Manager and check the Processes tab.
  3. Locate a process belonging to the malware.
  4. Choose the process and click End Task.
  5. Exit Task Manager.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find the malicious document downloaded from email (e.g., Result Notice.doc), right-click it, and select Delete.
  9. Locate this path: %PUBLIC%
  10. Locate all files that could belong to the malware, right-click them one by one and select Delete.
  11. Exit File Explorer.
  12. Empty Recycle bin.
  13. Restart the computer.

In non-techie terms:

LookBack is a malicious threat that infiltrates a system, gains access to the Internet to connect to its creators’ server, and carries out their commands. Our computer security specialists say that the malware’s developers could be able to view, execute, and delete files on a system as well as take screenshots of a user’s desktop. Also, the threat may allow cybercriminals to view information on a device, check its processes, move or click the mouse, and even shut down a computer or remove itself from it. No doubt, such a set of functions might allow hackers to reach their goals with no trouble. It is not one hundred percent known what the cybercriminals are after, but most of the recently researched Trojans targeted at organizations record sensitive information. Whatever the malware’s developers could be up to, it is best not to hesitate and get rid of LookBack immediately. Probably, the easiest way to erase it is to use a reputable antimalware tool. The instructions available above might be helpful as well, but keep in mind there are no reassurances they will eliminate the threat entirely.