Just an update to this pesky little malware...NewDotNet ranks as the top spyware for the month of October 2005 according to Panda software.
I have seen a few cases myself in the past few weeks and one was particularly pesky in getting rid of the residual boot error message that appears every time after the Windows login:
Error loading C:\PROGRA~1\NEWDOT~\NEWDOT~2.DLL
Time-saving tip:
If you attempt to delete the boot message NewDotNet value in the registry using regedit or any other registry editor (HijackThis, Registrar Lite, etc...) AND it refreshes itself repeatedly...grrrr....then do what I did.
Boot to Safe Mode (hit F8 key repeatedly during boot and select Safe Mode) and run regedit or HJT there. It will certainly die this time. *;-)
Run regedit.exe from the Start/Run line and then use Edit/Find in the Registry Editor (search term: NewDot ) to find the key. With the error message key highlighted press the Delete key.
Symantec also has a new removal tool for NewDotNet and while I tried it and the final screen said it did remove 2 NewDotNet items, it did not kill the bootup error message value. I assume it probably would have worked if I had run it in Safe Mode.
The Symantec information on NewDotNet is located on this page. The direct link for the removal tool is on this page.
BTW... I don't recommend using the System Configuration Utility (MSCONFIG.EXE) to make "permanent" changes to bootup problems. It is not designed for that task. MSCONFIG was designed by Microsoft engineers to be a diagnostic utility.
For permanent changes a user should make the necessary program removals or registry edits. I realize this is not something most technical support technicians want people to do, but for the power users msconfig is a diagnostic utility, not a repair tool. YMMV *;0
All the best,
Texruss
I have seen a few cases myself in the past few weeks and one was particularly pesky in getting rid of the residual boot error message that appears every time after the Windows login:
Error loading C:\PROGRA~1\NEWDOT~\NEWDOT~2.DLL
Time-saving tip:
If you attempt to delete the boot message NewDotNet value in the registry using regedit or any other registry editor (HijackThis, Registrar Lite, etc...) AND it refreshes itself repeatedly...grrrr....then do what I did.
Boot to Safe Mode (hit F8 key repeatedly during boot and select Safe Mode) and run regedit or HJT there. It will certainly die this time. *;-)
Run regedit.exe from the Start/Run line and then use Edit/Find in the Registry Editor (search term: NewDot ) to find the key. With the error message key highlighted press the Delete key.
Symantec also has a new removal tool for NewDotNet and while I tried it and the final screen said it did remove 2 NewDotNet items, it did not kill the bootup error message value. I assume it probably would have worked if I had run it in Safe Mode.
The Symantec information on NewDotNet is located on this page. The direct link for the removal tool is on this page.
BTW... I don't recommend using the System Configuration Utility (MSCONFIG.EXE) to make "permanent" changes to bootup problems. It is not designed for that task. MSCONFIG was designed by Microsoft engineers to be a diagnostic utility.
For permanent changes a user should make the necessary program removals or registry edits. I realize this is not something most technical support technicians want people to do, but for the power users msconfig is a diagnostic utility, not a repair tool. YMMV *;0
All the best,
Texruss