AVAST this morning is preventing internet access by blockin the file NEWDOTNET7_22.dll.
This is definatley a false positive yet it is reported as adaware.
In the meantime I’ve added it to an exclusion list.
Read this link…
Yes i realise it’s spyware, but removal / blocking of it prevents users accessing some network based applications etc.
Any idea why?
Because of its aggressive system integration, repair Winsock with http://www.cexx.org/lspfix.htm.
Nick, how many machines does this apply to? (in your case)
AFAIK avast should be removing the associations (e.g. LSP) automatically.
It would be useful to know what exactly failed to be removed - this way we’ll be able to improve the removal in the next update.
Thanks
Vlk
The actual DLL mentioned earlier cannot be removed as it’s in use.
A boottime scan gets rid of it.
Once I’ve done this, i can then run the fix mentioned earlier (many thanks for that tip).
This restores the PC to functionality.
Still trying to puzzle out how it got onthe users PC’s though. They all deny installing anything (they would though).
The actual DLL mentioned earlier cannot be removed as it's in use. A boottime scan gets rid of it.
Did you try simply deleting the file with the “delete during next reboot” option? (i.e. not running a boot-time scan, but rather simply setting the action to delete after reboot)?
Thanks
Vlk
Yes i did, unfortunatley this did not seem to work.
Boot time scan is just as fast expecially if I limit it to just the NEWDOTNET folder.
Hello folks,
I do not like the subject title here. This could lead people to believe that NEWDOTNET or Webhancer are FP’s and therefore harmless, this is malicious so-called foistware or trackware. Read here:
http://www.cexx.org/newnet.htm
And if you try to remove it in a wrong manner, you can run into serious trouble. It is the most prevailing infection lately that victims of this malware here ask to be helped with to conquer. Trojan downloaders and these kind of aggressive adware spreading "stuff"is the main menace to users of the Internet to-day.
All bho’s or plug-ins that try to hijack your machine are imo malware ad hoc, and no FP’s or harmless services. That is the same as calling SpyBouncer a good anti-malware solution for spyware. No it is roque, and does not belong on a clean machine.
What are the affiliates, what is the problem with so-called “grey-nets”, and where big money and Zango come in, you can read from here: http://blog.spywareguide.com/2006/06/botnet_installer_launches_zang.html
If you read that carefully, you can come up with your own conclusions.
polonus
So, even if you asked avast! to delete the file and checked the “Delete locked files on the next reboot” option - you still got the message that it cannot be done since the file is in use?
Yes, after it had rebooted, Avast detected the malware again.
This led me to do a boot scan to be sure.
That’s not really what I meant.
I thought that you chose “Delete file” from an ordinary Windows scan, checked the “If necessary, delete file(s) at the next system start” - but got an error message that it cannot be done since the file is in use, or something like that…
This is real nasty stuff. Even if you remove the program from your PC you can still end up with no internet access (as noted) & Ive had no less than 3 machines affected by it that Ive decided to format (havent tired the winsock fix as yet however I dont have a high success rate with these types of programs).
Anyone know how this crap gets on the PC to start with? Ive had customers infected by it after only 2 weeks of buying a new PC & they are hardly the types that would visit dodgy websites that might install this stuff automatically?
Hi dscomp,
It comes with other stuff, they used to offer a 5- to 10-cent “bounty” for each copy of New.Net you installed; that’s why it was bundled with a lot of other programs.The bounty program was discontinued, however.
If the above mentioned instruction in this thread, should not work, which we doubt, the easiest way to delete New.Net is to do the following:
- remove it using “Add/remove” programs
- if still not working, remove the WinSock and WinSock2 registry keys from CurrentControlSet
- Go to network settings on win98 or on 2000/XP, just go into the properties of your network connection and if possible, remove tcp/ip. On XP this is impossible, so ignore this step
- Add new service. If you’re not on XP, just reinstall tcp/ip. On XP, select “have disk” and point it at C:\windows\inf. Then select tcp/ip and install it
- clean up any newdotnet files lying around. Here you also could use
a hjt log, pre-analyzed.
Optional: 6. Join a class-action lawsuit against the company that makes this piece of crapware. No one in his right mind knows why lawmakers tolerate this sort of Internet-harassment.
Be aware that these steps can cause problems with programs like cyber-sitter or firewalling programs that modify the networking stack. Do this then at your own risk.
This is very prolific.
Thanks polonus. I wont be surprised to get more of these & will see if this workaround can save some time.
To solve issue, just do start/run ant type in
netsh winsock reset
Hit ok and reboot, will be OK.
no more manipulations are needed…
We got about 60-70 customers with this issue, all of them solved the issue with this manipulation.
Hi all ( and Noz ) :
As I said in the other thread, "netsh winsock reset" works
ONLY if one has Win XP SP2 .
yeah you’re right in extremes.
But as the probleme seems to be in closed relation with the SP2 firewall, i supposed that this issue can only appears with SP2?? perhaps i’m wrong!
we didn’t had any customers with this problem under any other OS…
can anyone here tell me if he had this under SP1 or something else?
by the way thx all for infos, i need a maximum of informations to answer our cust’s questions 
Hi Noz :
If one has Win XP SP1, then use the "Winsockfix" program
instead of the "netsh winsock reset" command" .