virus chest

[ossieb]

First post so be kind 

I have several files in the chest but now want to restore them since it is giving me problems.IE can't install outlook and some newdot error. can I clean these files and them restore them? If so how?

Thx
Ossie

[igor]

What are the exact files (filenames) you have in Chest and want to restore, and what virus was detected in them?

[ossieb]

Hi, thx for replying

The contents of my virus chest are:

 A0039572.dll      - win32:kuang2
A0041626.dll     - No virus
A0042005.dll     - win32:ctx
ossmtp.dll         - no virus
pskaus.dll        - win32:ctx

When I boot I get the message

Error loading c:\program~1\newdot~1\newdot~2.dll
The specified module could not be loaded

I'm wondering if restoring one or more of these files would stop the error message and I would allow outlook to load properly.
What do you think?

Thx
Ossie

[galooma]

HI and welcome Ossieb,
odds are you have something you havent mentioned thats protecting you .
newdotnet is a bad guy and if it has loaded you can go here http://www.spywareguide.com/product_show.php?id=417 to remove it.
good luck

[DavidR]

Well what this looks like is a registry entry run command can't find a file what you have to decide is, is the registry entry a remnant of previous spyware or an indication that a file is missing.

A registry cleaning tool or hijackthis could remove the entry and avoid the boot message.
Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.
OR - Post your hijackthis-Log here for a diagnosis: tomcoyote.org/hjt

A google search for newdot~2.dll returns many hits, here are two:
http://www.neuber.com/taskmanager/process/newdot~2.dll.html

"NEWDOT~2.DLL" or 'newdotnet_(number).dll' is an InternetExplorer Add-on that allows you to access non-standard domains such as .shop, .med, .mp3, and it provide search results when an user enters keywords in the address browser address bar or attempts to resolve a mistaken or non-existing URL. It is not overtly harmful in intent, but counts as Unsolicited Commercial Software as it installs behind your back and its purpose is to generate revenue for its manufacturer.

A very large range of software installs New.Net, including RealOne, AudioGalaxy, KaZaA, iMesh, Grokster, BearShare, Babylon and Radlight.

and
http://process.networktechs.com/newdot~2.dll.php

[ossieb]

OK so can the contents of my chest be cleaned and the file put back from where the came from??? If so how??

Thx
Ossie

[DavidR]

If a file could be repaired (when detected) then Repair would have been on of the selectable options along with send to the chest. So you should start with the least harmful option, repair, move to chest and the nuclear option delete. However, for me deletion is never an option, move to chest gives time to investigate and files can be deleted in the future from the chest.

Trojans generally can't be repaired (either by the VRDB or avast virus cleaner), because the entire content of the file is malware, so it is either move to chest or delete, move to the chest being the best option (first do no harm). When a file is in the chest it can't do any harm and you can investigate the infected warning.

The VRDB only protects certain files, .exe, dll and other system files, it doesn't protect data files or all files, it is not a back-up program, so there are going to be many occasions where repair won't be an option.
Only true virus infection can be repaired, e.g. when a virus infects a file it adds a small part to it, provided that file is one that avast's VRDB would monitor and you have run the VRDB, then it may be possible to repair the file to its uninfected state.
However, for the most part so called viruses, trojans (adware/spyware/malware, etc.) can't be repaired because the complete content of the file is malicious.

As far as I'm aware files can't be repaired in the chest, you would have to copy it out to a temporary location and scan it again, the detection process may give repair if it is feasibly possible.

The two that are in the chest that are now shown as No virus (I assume they were previously detected as viruses ?), you can right click on them and select restore.