Win32/Adware.NdotNet.A !Need help!

Discussion in 'malware problems & news' started by smiddy, Sep 12, 2004.

Thread Status:
Not open for further replies.
  1. smiddy

    smiddy Registered Member

    Joined:
    Sep 12, 2004
    Posts:
    26
    I recentlly got this message when i ran nod32 on my Windows Xp home operating system.

    Application Win32/Adware.NdotNet.A found in operating memory. NOD32 cannot clean this infiltration. No action can be taken on a memory infiltration.

    So can someone please help me remove this i use spybot sd Zonealarm pro firewall and Nod32 Anti-virus at the moment i would really like to remove this virus i dont know what it does but i would like to keep my system clean so if anyone could help that would be great.

    Smiddy

    !HELP! :(
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Step 1. You already have this ;) Install Zone Alarm

    Step 2. Download Stinger available here: do NOT run this YET.
    http://vil.nai.com/vil/stinger/


    Step 3. MAKE SURE NOD32 IS FULLY UP TO DATE with the latest virus signatures.


    Step 4. Turn OFF System Restore, this process depends on your operating system:


    Windows XP Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on the "System Restore"
    4. Place a tick in "Turn off System Restore on all Drives"
    5. Click OK
    6. Close and restart your system.


    OR


    Windows ME Instructions

    1. Right click on the "My Computer" icon on the Windows desktop
    2. Click "Properties"
    3. Click on "Performance"
    4. Click "File system"
    5. Click "Troubleshooting"
    6. Check "Disable system restore"
    7. Click on OK
    8. Close and restart your system.


    Step 5. Delete your TEMP files by doing the following: open up Internet Explorer> Tools> Internet Options> General TAB> Temporary Internet Files> Delete Files> Delete All Offline Content.


    Step 6. Restart your system again in “SAFE MODE” by pressing/tapping F8 while booting up.


    Step 7. Start a scan with Nod32 while in SAFE MODE by doing the following: Start> All Programs> Eset> Nod32.


    CHECK THE FOLLOWING BEFORE YOU START YOUR SCAN:

    “Actions” TAB
    Make sure Quarantine is ticked, both for “If a virus is found” and “Uncleanable viruses”.

    “Setup” TAB
    Objects to diagnose – place a tick in all boxes.
    Diagnostic methods – place a tick in all boxes.
    Heuristic sensitivity – place a tick in “Deep”.
    Extensions – place a tick in “Scan all files”.

    “Scanning targets” TAB
    Double click on ALL of your Hard Drives so there is a RED tick shown
    Click “Clean”


    Make SURE Quarantine is ticked with EVERYTHING that is detected BEFORE you DELETE anything that is found. If you are not sure whether it is safe to delete an infected file, quarantine allows restoration of a file at a later time/date.


    If the scan finds a “Probable NewHeur_PE virus found”, please do the following:

    1. Place a tick in the Quarantine check-box
    2. Select Delete
    3. Send the quarantined file to Eset: samples@nod32.com this file can be found here: C> Program files> Eset> Infected


    Step 8. Run a scan with “Stinger” the program you downloaded above.


    Step 9. Reboot your system into normal mode.


    Step 10. Run a further online scan found here: http://housecall.trendmicro.com/


    Step 11. Install update and run Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor.
    http://beam.to/spybotsd


    Step 12. Install update and run Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.
    http://www.lavasoftusa.com


    Step 13. Install and run CWShredder available here:
    https://www.wilderssecurity.com/showthread.php?t=14086


    Step 14. Make sure your Windows is FULLY up-to-date by doing the following: While on the Internet, Click on Internet Explorer (the Blue “e”), Click on Tools (on the bar at the top of your screen in Internet Explorer), Click on Windows Update. This will take you to the Microsoft Windows Update page where you need to follow the on screen prompts, starting with “Scan for Updates”. Install ALL “Critical Updates” and “Service Packs”.

    WEEKLY – check this is “Up to Date”.



    REPEAT ALL THE ABOVE STEPS, this time EVERYTHING should come up clean…



    IF the above does NOT fix your problem please download and run Hijack This found here:

    https://www.wilderssecurity.com/showthread.php?t=12516


    and post your log at one of the forums found here:

    http://a-sap.org/


    For the most part what I have suggested fixes the greater majority of problems out there...

    Hope this helps…

    Let us know how you go…

    Cheers :D
     
  3. smiddy

    smiddy Registered Member

    Joined:
    Sep 12, 2004
    Posts:
    26
    Thanxs i will try this out later by the way what exactlly is stinger?
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    You should also be able to simply uninstall "New.Net (domains)" through Add/Remove Programs.

    If it isn't listed, go here for removal instructions:

    http://www.newdotnet.com/removal.html


    Good luck,
     
  5. smiddy

    smiddy Registered Member

    Joined:
    Sep 12, 2004
    Posts:
    26
    Thankyou for the help Tonyklein i didnt know that the new.net stuff was at fault i also found some extra spyware in my system thanks to blackspear so thanks for that but why do you think Nod detects new.net and what does it do? o_O
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Here's some reading on New.Net, which will also explain why, just like other unsolicited software/adware, it is targeted by Nod32:

    http://www.cexx.org/newnet.htm

    As this software tends to be tightly integrated into the operating system, it's best to uninstall it as described earlier.
     
  7. smiddy

    smiddy Registered Member

    Joined:
    Sep 12, 2004
    Posts:
    26
    Thanks for that wow i just got two trojan alerts and Nod32 deleted them no problem at all
     
  8. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    That's good to hear! :)
     
Loading...
Thread Status:
Not open for further replies.