NEWDOT~2.DLL CAN'T FIND.

Hi forum members,

After scanning an XP SP2 system with X-Clean Micro, it found 180-solution scumware. I let the program tackle it. After a reboot, the system brought up an error that it could not find RUNDLL C:\PROGRA~1\NEWDOT~1/NEWDOT~2.DLL - In the browser a redirect was found to a quicksearch.page. Could restore the system, did a full scan with Avast and Anti-spyware programs, and all was fine. What happened here, and how to clean this computer
without these errors and browser hijacks. Do this have to be done all manually, is their a tool of choice to tackle the variants of 180 solutions (e.g. quicksearch), after de-install ZA blocked probes from urls like 62.234.120, 62.234.4.18 and 62.234.129.170 Toolbarcop found refiebarr and TINTSETUP.EXE.
are those legit?

polonus

Hi Polonus,

newdot~2.dll is a nasty. It would’ve been safe to remove the startup entry with HijackThis! or AutoRuns etc, I think?

http://process.networktechs.com/newdot~2.dll.php

Hi FwF,

This is the information, I found later: http://www.neuber.com/taskmanager/process/newdot~2.dll.html
But in the process of helping the guy out, I lost Internet connection, so I had to manouvre only according to my gut feelings. Made some notes now. He can use his computer now safely, and we give it a look later to move out all the traces of this unwanted cummercial quicksearch browser add-on.

polonus

the newdot thing but it took me about 10mins to rid it

runs msconfig.exe—stop any bodgy start ups and disable any wierd services,if you dont know what is good to keep running and what is not,nows a time to learn.
run bootscan,it will prohably detect a few infected files–delete them
run a reg vac i have regvac and reg seek,also have hijackthis
always empty your tempinternetfiles,check program files for wierd progs,you will prohably find one in there called newdotnet.
check your startup folders,run the reg vacs,these often delete unassociated links and suspect enrties
go to the registry manual edit delete anything that says newdot net,run the regvacs again,check task manager for runnign apps .

do another boot scan,no of infected files =0…okay
boot up,do reg vac run hijack this
dlete ant newdot net folders or any wierd progs in program files or installed program files in windows.check start up folders and any folder in documents and settings that yuo think might hold a prog

run the reg vac ect
i keep doing this until i have disabled the virus startup association keys and files and services
keep doing this
till its gone

if it persists,its hanging off somthing,then yuo might have to do manual regedit again .

Hint,when it infected my computer there was a newdotnet folder in my program files that kept rewriting
Hint set you page file to clear on exit—its a reg edit
hint–learn how to tweak your internet seetings
for security and how to make small edits in the registry that can make a large difference.
cheers

just an edit,i almost forgot,while doing all this dissconnect yuor machine from the internet :smiley:
and also file shredders are great for those stubborn files .

i also have Kerio firewall it alerts yuo when anything is on the move locally,neat
and vision will alert yuo with registry changes on the move

both software allow you to deny changes and continue,…with what your doing ,great stuff ;D

Avast resident security set to high.

Hi squidhead,

Thanks for the detailed information, it goes into my manual ;D.
The variant I was confronted with the other night, was this nasty:
http://securityresponse.symantec.com/avcenter/venc/data/spyware.quicksearch.html
There is a first time for every malware type unload, and I was not familiar with this one, and it was while helping a person who is accident pr0ne in this respect. My own system has been clean for half a year as far as I am aware. But you know how it is a lot of n33bs just click, and think later, and then they have a wrong BHO, but it could also been silently loaded. I for one think, Squidhead, that ad- and spyware is more of a threat now than the common virus and worm. Don’t you agree. Quicksearch spyware, better be without it.

polonus

hi
im pretty sure the newdot net virus was the result of an internet download
and avast detected it pretty quick.
most detected viruses i can get rid of,and im not a great computer technician or anything.
However its the unseen virus that remain silent on the system that bother me and these email viruses ,Polonus …anything i have written in here is simply what i myself have had small successes with,and have so far not had any system reprucussions from it.
Basically im a bit of a novice,but isnt the spk2 in windows XP meant to
deny local machine permissions to external files or somthing like that,i think,and now this is just the point of veiw of a novice that its a vast subject,things like the windows inbuilt vb script host,unix support
and advances in code flexibility in codes like vb.net will all keep people busy for years to come,like i said im just a novice but i will surely
post any relevant info up here for others to see from time to time,
(feedback is good)

also yes thats a great link im just checking it out right now
i have my internet explorer toolbar locked so it cannot access internet options from the tool bar only control panel and have locked my homepage (although this newdot net thing did manage to add some entries that disrupted internet access).But internet access was back after i deleted the entries with hijackthis.
In future ill document this stuff better,for veiwing on this site…
as far as i can remember the newdotnet did install some progs,
(so who knows maybe i still have some problems ;D…i have disabled the windows installer service,and enable it when i have to…(might help dont know?)

the keys i removed where one that set my hompage to, = and another that was an enrty for a proxy server ip,lost me but when they where gone it all worked well

thx great site.