Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backspace? Newdotnet? And More! T_t


  • Please log in to reply
5 replies to this topic

#1 butterfly_collector

butterfly_collector

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 19 May 2007 - 03:49 PM

my sophos virus scan found backspace, newdotnet, nircmd and ucmore. unfortunately, it doesn't give me the option to delete them, only to "authorize" (like i'd actually do that. -_-) i ran spybot and adware and used a different virus scan program but it doesn't find/recognize them. should i just do and find the files associated with those applications and delete them manually or is there a different program that will recognize and allow me to delete them? thank you very much!!!

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:07:43 PM

Posted 19 May 2007 - 03:51 PM

Fully updated spybot will find and remove Newdotnet, you must run a full scan in safe mode.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 PM

Posted 19 May 2007 - 04:06 PM

Be sure to download the LSPFix or Winsock XP Fix mentioned and linked in this article before removing Newdotnet.
Removal Instructions:
http://www.pchell.com/support/savenow.shtml

Recommend also that you use AVG 7.5 Antispyware free for home users. That should take care of ucmore.
http://free.grisoft.com/doc/20/lng/us/tpl/v5

Edited by buddy215, 19 May 2007 - 04:32 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 butterfly_collector

butterfly_collector
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 21 May 2007 - 05:33 AM

i'm still having problems getting rid of backspace. my darn sophos antivirus won't do anything about it. spybot and adware and a-squared don't ever detect it so i'm just concerned. argh! i tried searching the forum but nothing. if anyone has any suggestions ... should i just go and delete the damn file? ---> c:\windows\cfg32.exe

#5 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:03:43 AM

Posted 21 May 2007 - 05:45 AM

start with checking for malware causes to your problem.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/]SuperAintiSpyware

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
Bitdefender


After that, download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

#6 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:43 PM

Posted 21 May 2007 - 06:26 AM

This is what Sophos is identifying as "Backspace".
http://www.bleepingcomputer.com/startups/c....exe-15363.html

If you have used AVG 7.5 Antispyware and along with the other programs you used, and it is still on your computer, please post a Hijack This log in the Hijack This Forum. Use the instructions in the link below.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users