pwolcott Posted May 24, 2003 Share Posted May 24, 2003 I was caught off guard when using Ad-aware 6.0. Ad-aware found various instances of new.net objects and one .dll file (newdotnet?_??.dll). I picked remove all objects. The .dll couldn't be removed becausing windows was using it. After quiting out of the program I was unable to access the internet or email. Internet Explorer or Mozzila's Phoenix would get a fatal exception error. I then booted to DOS and renamed the .dll file. Still no luck with accessing the web. I then went into the registry and searched for instances of newdotnet. I found it in HKEY_LOCAL_MACHINE, System, CurrentControlSet, Services, Winsock2, Parameters, NameSpace_Catalog5, Catalog_Entries, 000000000002 (if you have it, it could be in a different entry) and HKEY_LOCAL_MACHINE, System, CurrentControlSet, Services, Winsock2, Parameters, Protocol_Catalog9, Catalog_Entries, 000000000004 (if you have it, it could be in a different entry). I simply removed the entry from Catalog5 and in Catalog9 tried to rename the key values to an almost identical machine. This didn't work but got me out of the fatal errors. At work I did a search through Google on new net, inc. http://www.cexx.org/newnet.htm was returned. Excellent information here a must read before doing what I did above with Ad-aware. There is links to utilites one of which I used to repair my now screwed up winsock entries. I used w2fix.exe by Tom Knych which repaired the entries and solved my problem. Quote Link to comment Share on other sites More sharing options...
nlinecomputers Posted May 24, 2003 Share Posted May 24, 2003 New Dot Net is one of those "add-on" Domain registries. They sell you a so called domain with an illegal extention. Not .com or .org or even the new .ws or .biz domains. It really is what ever they sell you with .newdot.net slapped on the end of it to make it comply with the rest of the world. They have to load a patched Winsock on your system in order to fool your computer into using the improper domain names. (or you'd have to type .newdot.net on the end of every non-standard name.)So in other words they sell you a domain that nobody except there modified users can find on the internet as a "cheap" alternative to a real domain. Obviously for people to in the dark to have ever heard of GoDaddy.Also I have no prove but I suspect that the add-on also probably tracks your internet usage so that makes it a freaken' trojan as well.Bad stuff. Glad you got rid of it. I think that Spybot S & D would have removed the item without damaging your Winsock. Better product in my opinion though I use both as a means to double check yourself. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted May 24, 2003 Share Posted May 24, 2003 Yes, SpyBot S&D has removed it without damaging the Winsock for me too.If it every happens again. In Ad-aware, you can still get rid of it without it killing your internet in most cases by rebooting right away without trying to get to the Internet, and then running Ad-aware one more time prior to trying to run any Internet programs on the new boot. Then it seems to be able to remove the remnants successfully.I have successfully done it on many computers with both Ad-aware 6.x and SpyBot S&D .. but SpyBot does it the first time, every time from what I've seen to date. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.