Win32:Adware-gen [Trj] & Win32:Spyware-gen [Trj]

[Poppyfish]

My laptop has been infected by two trojans; Win32:Spyware-gen [Trj] and Win32:Adware-gen [Trj]. The trojans have infected 5 of my files, including 3 system volume information files and 2 uninstall files. I have read in other forum threads about NewDotNet being a source of malware. My system has NewDotNet installed on it, but was preinstalled when I got the laptop. The 2 uninstall files that were infected were the ones used for uninstalling NewDotNet. I have since moved all the infected files to the chest awaiting some advice as to what to do with them. How am I to repair these files? A consequence of the infection was that I am unable to use the internet. I am able to connect to the internet via a dialup connection but am unable to use browsers, messenger, outlook etc. Could you suggest a solution to my problem? I have downloaded LspFix but am unsure as to how to use it.

[Poppyfish]

I forgot to mention, that I am currently running Windows XP Professional SP2.

[Spiritsongs]

   Hi Poppyfish :

     Some of the Posters on this forum recommend "rare"
     programs, but do NOT mention where the "tutorial" is
     located. This one is at : www.bleepingcomputer.com/tutorials/tutorial59.html .
     Simply amazing that NewDotNet was preinstalled !?
     If Ad-aware was pre-installed, I heard that program
     easily removes "NewDotNet".
     When using XP SP2, to "restore" an internet connection,
     try : clicking "Run", type "cmd", click "ok", enter "netsh
     winsock reset" and go from there .

[Poppyfish]

Should I repair winsock and the internet connection before dealing with the infected files? I wish to remove NewDotNet from my computer but the uninstall files has been infected. (ie. uninstall7_22.exe & NDNuninstall7_22.exe) Am I still able to remove NewDotNet from my computer? Should I remove it before attempting to repair winsock? As for the other files, which are system restore files, what should I do with them. Should I just leave them in the virus chest?

[MegletTX]

Hey I had this SAME EXACT PROBLEM and the folks at www.geekstogo.com suggested I get Winsock Fix and I did...ran it and it fixed it for me!!  Winsock is free by the way...

[Poppyfish]

I made a mistake when starting this topic. The two viruses are actually Win32:Adware-gen [Adw], Win32:Spyware [Trj]

[Spiritsongs]

   Hi Poppyfish :

     I will ask the question bluntly : do you have Ad-Aware
     currently on your computer ? If yes, how recently did
     you update it ? Your answer depends on if you should
     1st "restore" your internet connection .
     "Adware" & "Trojan(s)" are more "Spyware" than
     "Virus" to me; hence I feel programs geared to them
      should be used 1st .
      Just curious : did you buy a new laptop or a used laptop ?

[Poppyfish]

I do not have Ad-aware on my computer. I bought a used laptop. By preinstalled, I meant it was already on there when I got it. I'm just wondering if whether I should try to kill the trojan first before restoring by internet connection.

[Poppyfish]

I have been able to repair the internet connection. (Hooray for WinsockXpFix!!) But I am still unable to remove NewDotNet from my system. As I said before, the uninstall files are infected and I risk creating more damage by running them. I have tried to download a new installer but the ones that i download are infected. What should I do to remove it? I have also since installed ewido onto my computer and it picked up 70 infected files, which I have also deleted.

[polonus]

Hi Poppyfish,

This could be a helpful link for you:
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t28301.html

polonus

[Poppyfish]

Am I able to just remove the newdotnet dll's manually by deleting them from the windows registry? Is this a safe option to take or should I look for another solution. the link you provided me is not 100% relevant to my particular problem but thanks anyway.

[polonus]

Hello Poppyfish,

Newdotnet is one of the nastiest forms of crapware as Internet users experience it. For a particular answer to your question read what I put in this thread here: http://forum.avast.com/index.php?topic=21608.0

The newdotnet crapware came bundled in the past with a lot of downloads, because they paid a bounty of 5 to 10 cents for every install, this has now been discontinued, but apparently there is still a lot of this around. To avoid getting this foistware, crapware etc. the next time around, install siteadvisor in either IE browser, Firefox or Flock. Then install the DrWeb pre-hyperlink scanner plug-in for IE or FF so you can scan every hyperlink before clicking to a next infection. Use NoScript so secret installs have no chance on webpages you haven't visited before, and you know are not absolutely free of silent installs. Update your OS and the programs on it, and surf the net with normal user's rights (only use admin rights when not connected to the Internet, or when absolutely necessary (things you cannot do as a normal user)).

polonus