Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With Desktop


  • Please log in to reply
12 replies to this topic

#1 sumiq8

sumiq8

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 30 July 2008 - 06:06 AM

Or at least I thought that is what it was. Yesterday when I clicked on any icon on the desktop the program would open 30 times. And some programs opened by themselves like a ghost was doing it...lol.

I ran Norton and there were 6 viruses found. I think they were only adware. I deleted them all. Then I ran Super Anti Spyware. 67 threats were found.

I ran it again. Now 5 threats remain:

Memory: 2

Files: 3

They are:

Trojan NewDotNet
TrojanNew Dot Net Installer


I assume that the ones in the memory are the problems. They wont budge. How do I remove them??

Please help! xoxox

Edited by garmanma, 30 July 2008 - 11:08 AM.
Moved to appropiate forum


BC AdBot (Login to Remove)

 


#2 Dr_Manhattan

Dr_Manhattan

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles Califronia
  • Local time:04:54 AM

Posted 30 July 2008 - 10:04 AM

You can try removing them in safe mode if that helps at all. Make a note of where the bad file is located, reboot the computer and boot into safe mode, and then remove the files manually and see if removing them manually fixes your issues.

#3 sumiq8

sumiq8
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 30 July 2008 - 11:55 AM

Hi,

I just ran anti spyware again and saw the file is located in my documents program files. I tried to delete 2 folders 'NewDotNet' and 'NetMeeting'

For newdot net it says access denied and I cannot delete it. Is NetMeeting also spyware?? I am super confused.

Plz tell me how to get rid of the NewDotNet file. I remove it in spyware but it does not actually go. HELP!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:54 AM

Posted 30 July 2008 - 06:14 PM

Hello are you using XP??
Did you run the last scan from Safe Mode?
Post a SuperAntispyware and the following MalwareBytes log.

How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Then run this scan tool from regular mode.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Reagardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sumiq8

sumiq8
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 04 August 2008 - 11:19 AM

Hi All,

Ok BoopMe, I downloaded the program. Your directions were excellent! it says everything was removed. Here is the report. Also, I did not do the F8 thing because I kept tapping and Safe Mode would not open.

Please tell me what this means and thank you!

Malwarebytes' Anti-Malware 1.24
Database version: 1024
Windows 5.1.2600 Service Pack 1

7:08:00 PM 8/4/2008
mbam-log-8-4-2008 (19-08-00).txt

Scan type: Quick Scan
Objects scanned: 52939
Time elapsed: 19 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 73

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\comload.loader2 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comload.loader2.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comload.loader.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{19e91d82-7ad7-419f-866a-58c122db1459} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f5f779a9-24e5-4bcd-9ae5-6313d4b5ac24} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dctl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Fonts\0171_kaileen.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\0473_circus.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\0586_julies.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\0643_musicals.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\0831_monika.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\0967_divo.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1057_angelica.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1064_blomster.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1072_caffelatte.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1114_sunflower.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1604_gayane.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1607_hurryup.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1621_alphaflowers.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1630_bajareczka.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1697_teazer.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1735_bingostar.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1944_flower3.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\1966_leaf1.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2113_override.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2226_atlas.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2231_bubblegumrock.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2247_twinkle.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2250_copasetic.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2258_cakefrosting.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2264_spinach.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2266_vilamorena.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2271_narnia.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\2275_daisyscript.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\AajaxSurrealFreak.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Abduction.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Abduction2002.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\AceCrikey.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\ACutAboveTheRest.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\alcohole.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\AnAkronism.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Anticlimax.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\asmatfont2007.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Automania.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\birds_of_a_feather.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\border_corners.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\border_corners_2.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Bradley-Hand-ITC.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\calvin_and_hobbes.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\complete_in_him.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\dragonfly.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\eller.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\exotica.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\fantastic_pete.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\floralia.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\florals_2.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\flower_ornaments.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\fontco_fences.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\jasmine.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\junglelife.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\kalocsa_flowers.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\kitchen_tile.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\kr_cuori_divertenti_5.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\kr_lippy.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\kr_starry_eyed.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\lp_flowers_2.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\madfont.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\nostalgic.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\RdHoney.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sakabe_animal_03.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\samurai.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sarus_flower_ding.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\seeing_stars.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sexyrexy_smitten.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sfzerograv.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sloneczko.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\vtks_bandana.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\vtks_estilosa.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\wm_designs_1.zip (Trojan.Downloader) -> Quarantined and deleted successfully.

#6 sumiq8

sumiq8
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 04 August 2008 - 11:32 AM

Hi,

Ok I just ran Super Anti Spyware and it says my PC is STILL infected!! Please help.....

Its the same TrojanNewDot Net
TrojanNewDot Net.installer
Adware.tracking cookie

Should I use the 'file assassin' to delete the Trojan new dot from my program files?

Please again help....I am almost in tears. Microsoft Word is freezing up on me today. And I have a VITAL presentation I have to prepare for this Thursday for my 3rd interview for a copywriting job. This is the absolute worst time for me to have computing problems! xoxox

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:54 AM

Posted 04 August 2008 - 04:10 PM

First please check for an update then run the Malwarebytes again. Post a new log. It will find more,I'm almost certain.

Edited by boopme, 04 August 2008 - 04:10 PM.
shpelling

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 sumiq8

sumiq8
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 06 August 2008 - 11:54 AM

Hi,

Ok...here is the new log. I just did the update. Nothing was found. Is the program "Super Anti Spyware' giving me false positives or what??
--------------------------------

Malwarebytes' Anti-Malware 1.24
Database version: 1028
Windows 5.1.2600 Service Pack 1

7:53:51 PM 8/6/2008
mbam-log-8-6-2008 (19-53-51).txt

Scan type: Quick Scan
Objects scanned: 52789
Time elapsed: 20 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:54 AM

Posted 06 August 2008 - 12:15 PM

Well it's good that MBam got it on the first pass. Is the PC still having signs of infection?/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 sumiq8

sumiq8
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 06 August 2008 - 12:22 PM

Hi,

No signs of infection but if I run the other Anti spyware program it comes up with like 20 threats and trojandotnet is one of them. Should I just ignore it??


And thank you from the bottom of my heart for all of your help. You have no idea how much I appreciate it! xoxoxox

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:54 AM

Posted 06 August 2008 - 01:35 PM

you're quite welcome..

Click on Start.
Select Settings.
Click on Control Panel.
Double-click on the Add/Remove Programs icon.
Select the New.net Application.
Click on the Add/Remove button.
Once the program has uninstalled, click on the OK button.

After completing all of these steps, please reboot the computer


it should be gone now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 sumiq8

sumiq8
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 12 August 2008 - 04:22 AM

Hi,

Ok I did what you said. NewDotNet is not in the add/remove programs section. I went to my computer and then program files.

It is right there! I tried to delete it and it said 'Access Denied'

It says 'make sure the disk is not full or write protected and that the file is not in use'

Is 'file assasin' something I can use to get rid of this?? xoxoxo

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:54 AM

Posted 12 August 2008 - 10:29 AM

Yes, use File assassin in the Malwarebytes tool. Open Mbam and select more tools.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users