Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NewDot.Net

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

NewDot.Net

Unread postby scoutzor » November 20th, 2008, 8:08 am

AVG scan show NewDot.Net with every scan and doesn't seem to get it off the machine. Machine is also running slowly. Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:34 AM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\CESOFT~1\QuicKeys\QkEngine.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Downloaded software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-1417066420-596957751-681764103-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1417066420-596957751-681764103-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: QuicKeys.lnk = C:\Program Files\ce software\QuicKeys\QkEditor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: QuickBooks Online Backup RegCap (OLRegCap) - Intuit Inc. - C:\Program Files\QuickBooks Online Backup\OLRegCap.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10907 bytes
scoutzor
Regular Member
 
Posts: 52
Joined: August 25th, 2008, 8:47 am
Advertisement
Register to Remove

Re: NewDot.Net

Unread postby Shaba » November 22nd, 2008, 6:02 am

Hi scoutzor

Please post next AVG report :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: NewDot.Net

Unread postby scoutzor » November 22nd, 2008, 11:49 am

Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Moved to Virus Vault";"11/15/2008, 1:03:07 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Infected";"11/15/2008, 2:12:18 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Infected";"11/15/2008, 2:57:48 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Infected";"11/15/2008, 3:57:48 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Infected";"11/15/2008, 5:12:52 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Infected";"11/15/2008, 6:12:18 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Infected";"11/15/2008, 6:57:48 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Infected";"11/15/2008, 7:57:48 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Virus identified Worm/Autoit.BNI;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP416\A0030615.exe";"Infected";"11/15/2008, 8:57:48 PM";"file";"C:\WINDOWS\System32\svchost.exe"
Trojan horse Generic10.ARRO;"C:\System Volume Information\_restore{08EDBA23-6B59-425B-9628-A13CE0333693}\RP420\A0030724.exe";"Infected";"11/16/2008, 2:42:32 AM";"file";"C:\WINDOWS\System32\svchost.exe"
scoutzor
Regular Member
 
Posts: 52
Joined: August 25th, 2008, 8:47 am

Re: NewDot.Net

Unread postby Shaba » November 22nd, 2008, 12:57 pm

Those don't indicate NewDotNet infection.

Are you able to provide log file where AVG found NewDotNet?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: NewDot.Net

Unread postby scoutzor » November 22nd, 2008, 4:08 pm

Aha, guess this is what you want to see.
Thanks
Scan "Scheduled scan" was finished.
Infections found:;"0"
Infected objects removed or healed:;"0"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"27"
Information count:;"0"
Scan started:;"Saturday, November 22, 2008, 12:01:03 AM"
Scan finished:;"Saturday, November 22, 2008, 9:08:51 AM (9 hour(s) 7 minute(s) 48 second(s))"
Total object scanned:;"1123860"
User who launched the scan:;"SYSTEM"

Warnings
File;"Infection";"Result"
HKU\S-1-5-21-1417066420-596957751-681764103-1005\Software\Esaya\TrueAssistant;"Found Adware.RogueSuspect";"Potentially dangerous object"
HKU\S-1-5-18\Software\New.net;"Found Adware.NewDotNet";"Potentially dangerous object"
HKU\.DEFAULT\Software\New.net;"Found Adware.NewDotNet";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\media.adrevolver.com.5fed601d;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\media.adrevolver.com.57f415b5;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\media.adrevolver.com.539b0606;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\media.adrevolver.com.2be00b0;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\doubleclick.net.bf396750;"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\adrevolver.com.f6cfcad4;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\adrevolver.com.b595d4db;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\ad.yieldmanager.com.e762f029;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\adrevolver.com.9b9d670a;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\adrevolver.com.4a719aa9;"Found Tracking cookie.Adrevolver";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\ad.yieldmanager.com.830b6f08;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
scoutzor
Regular Member
 
Posts: 52
Joined: August 25th, 2008, 8:47 am

Re: NewDot.Net

Unread postby Shaba » November 22nd, 2008, 4:24 pm

Please download the Registry Search tool here
Save it to the desktop, unzip and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for New.net and click OK. Post the logfile from the tool here for me.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: NewDot.Net

Unread postby scoutzor » November 22nd, 2008, 11:40 pm

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "new.net" 11/22/2008 4:52:25 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"DisplayString"="New.net Name Space Provider"

[HKEY_USERS\.DEFAULT\Software\New.net]

[HKEY_USERS\S-1-5-18\Software\New.net]
scoutzor
Regular Member
 
Posts: 52
Joined: August 25th, 2008, 8:47 am

Re: NewDot.Net

Unread postby Shaba » November 23rd, 2008, 5:58 am

Go to Start > Run
Type regedit and click OK.

  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
    • Leave the "Save As Type" as "Registration Files".
    • Under "Filename" put backup
  • Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
  • Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

Code: Select all
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"DisplayString"=-

[-HKEY_USERS\.DEFAULT\Software\New.net]

[-HKEY_USERS\S-1-5-18\Software\New.net] 


Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> Image

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

Reboot.

Do another search for new.net and post back results, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: NewDot.Net

Unread postby scoutzor » November 23rd, 2008, 8:35 am

How do I merge the information with the registry?
scoutzor
Regular Member
 
Posts: 52
Joined: August 25th, 2008, 8:47 am

Re: NewDot.Net

Unread postby Shaba » November 23rd, 2008, 8:38 am

Double-click fix.reg, click Yes and OK.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: NewDot.Net

Unread postby scoutzor » November 23rd, 2008, 11:24 am

It just opens in Notepad again.
Should I include the "Windows Registry Editor Version 5.00" header?
Should I change the Encoding from ANSI? I did save as: type: "All files" (*.*).
And the icon does look like you example.
scoutzor
Regular Member
 
Posts: 52
Joined: August 25th, 2008, 8:47 am

Re: NewDot.Net

Unread postby scoutzor » November 23rd, 2008, 11:32 am

Sorry, I just figured it out. Right clicked and added to Registry. I'll post results when I get them.
scoutzor
Regular Member
 
Posts: 52
Joined: August 25th, 2008, 8:47 am

Re: NewDot.Net

Unread postby Shaba » November 23rd, 2008, 11:33 am

Glad to hear that :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: NewDot.Net

Unread postby scoutzor » November 23rd, 2008, 6:17 pm

Scan "Scan whole computer" was finished.
Infections found:;"0"
Infected objects removed or healed:;"0"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"8"
Information count:;"0"
Scan started:;"Sunday, November 23, 2008, 11:13:43 AM"
Scan finished:;"Sunday, November 23, 2008, 5:11:24 PM (5 hour(s) 57 minute(s) 41 second(s))"
Total object scanned:;"871734"
User who launched the scan:;"simon laplace"

Warnings
File;"Infection";"Result"
HKU\S-1-5-21-1417066420-596957751-681764103-1005\Software\Esaya\TrueAssistant;"Found Adware.RogueSuspect";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Cookies\simon laplace@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Cookies\simon laplace@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e762f029;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Cookies\simon laplace@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Cookies\simon laplace@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Cookies\simon laplace@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
C:\Documents and Settings\simon laplace\Application Data\Mozilla\Firefox\Profiles\1wvubuuh.default\cookies.txt;"Found Tracking cookie.Atdmt";"Potentially dangerous object"
scoutzor
Regular Member
 
Posts: 52
Joined: August 25th, 2008, 8:47 am

Re: NewDot.Net

Unread postby Shaba » November 24th, 2008, 3:25 am

That looks good.

Those are only tracking cookies which come due browser settings. I will give you instructions how to prevent them coming a bit later.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 79 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware