Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows XP

Started by Deb227 , Jun 06 2005 08:55 PM

  • Please log in to reply

#1
Deb227
Posted 06 June 2005 - 08:55 PM

Deb227

    Member

  • Member
  • PipPip
  • 61 posts
I was told that new.net is something that you don't want. Does anyone out there know exactly what it is?? :tazz:
  • 0

Advertisements

#2
kool808
Posted 08 June 2005 - 04:15 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
New.net is a malware usually bundled with unclean P2P programs installed, see HERE for referrences.

For uninstallation and infos, see HERE HOW.

If you are unsure how to do it, please ask assistance in this forum. A wrong procedure for the removal of New.net may caused you to lose your internet connections.
  • 0

#3
Deb227
Posted 08 June 2005 - 08:21 PM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Not too familiar with the lingo, so what is a P2P program and how would it get installed? Thanks for your help
  • 0

#4
Retired Tech
Posted 08 June 2005 - 08:25 PM

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Peer to Peer / person to person file sharing, someone could have used your PC to do this, in general, these files are best avoided.
  • 0

#5
kool808
Posted 09 June 2005 - 03:53 AM

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
that is correct P2P is peer-to-peer/ person-to-person sharing files through a network. The link that I had provided you with regards to clean and infected P2P programs will present with you the known P2P programs that when it is installed in the system allows you to have access to sharing files from other people, however some of this programs come bundled with them malwares so they were classified under the infected ones.

On the case of New.net it is usually bundled with iMesh P2P, and other programs.

See HERE AGAIN to determine which P2P are clean and infected.
  • 0

#6
Deb227
Posted 11 June 2005 - 11:43 AM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
this kind of thing happens even though I'm not networked with anyone? No one uses my computer that is not in this household. It is used specifically for homework and information off the internet. Should I still do what you ask?? Will I screw up something else by doing this? Thanks for your help!!
  • 0

#7
Retired Tech
Posted 11 June 2005 - 01:50 PM

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
You should use the link from kool808 to remove new.net

Then go here

http://www.geekstogo..._Log-t2852.html

Run the programmes as advised in the list then post a Hijack This log to the malware section

This will make sure you have nothing untoward affecting the PC
  • 0

#8
Deb227
Posted 12 June 2005 - 09:37 AM

Deb227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I've done everything. I had already had sypbot, adaware, norton, sypblaster, a2squared CW shreader on my computer. I also ran yahoo anti spy. I appreciate all your help. Here is the log from the online scan as you requested and also my hijack: Thanks again.

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:38:52 PM, 6/11/2005
+ Report-Checksum: C7816F7D

+ Date of database: 6/11/2005
+ Version of scan engine: v3.0

+ Duration: 112 min
+ Scanned Files: 113479
+ Speed: 16.76 Files/Second
+ Infected files: 24
+ Removed files: 24
+ Files put in quarantine: 24
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\Documents and Settings\Gina\Cookies\gina@66693905[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\gina@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\gina@imixserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gina\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Hernandez\Cookies\hernandez@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@LPpacificsunwear[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Tony\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@S002-00-11-2-203467-34137[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@S003-00-8-8-170247-21831[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@S008-00-11-10-170247-35529[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Tony\Cookies\tony@S008-00-9-5-182829-25672[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Tony\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Tony\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\WINDOWS\iNetPal\3ASavers_Om3IC.exe -> TrojanDropper.Mudrop.o -> Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.VirtualBouncer.d -> Cleaned with backup
C:\WINDOWS\system32\in10b6.dll -> Trojan.Revop.c -> Cleaned with backup
C:\WINDOWS\system32\msbb321.dll -> Spyware.180solutions -> Cleaned with backup


::Report End

Logfile of HijackThis v1.98.2
Scan saved at 10:36:49 AM, on 6/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CCPDPSRV.EXE
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Shutterfly Express\SflyMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Hernandez\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bhawk.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\ycomp5_6_2_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CCPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CCPDPSRV.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SflyMon.lnk = C:\Program Files\Shutterfly Express\SflyMon.exe
O4 - Global Startup: CPQ1400P.lnk = C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Personal Coach.lnk = ?
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B49FDE2A-2F29-460A-870A-B6A021D64A6E}: NameServer = 12.30.159.195 12.30.159.198
  • 0

#9
Retired Tech
Posted 12 June 2005 - 11:00 AM

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Both logs needs to be posted to the malware section

http://www.geekstogo...o_Here-f37.html

Edited by Keith, 12 June 2005 - 11:01 AM.

  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP