newdotnet

Discontinued Products Comodo BOClean Anti-Malware
#1

I have noticed newdotnet on bocleans malware list! After doing a scan with spybot I found newdotnet on my pc but when removed it caused problems with winsock. My question is will boclean deal with NDN when the time comes or what utilities can safely remove it?

#2

Hi,

Not sure exactly what newdotnet is or what implications this has on your system. CBOclean should stop this process should it ever try and execute. I believe CBOclean should also delete the file in question.

Jim

#3

here’s where google is your friend. Just enable dr web or site advisor or something to verify the links are OK before you follow them, and of course choose reliable sources of information to click on.

for example: Winpatrol site lists it (note I have never encountered new.net myself & don’t know if this solution is best, if it will work on your machine, or most important, whether doing this or something like it is even necessary using Boclean.) I do know Winpatrol is reputable, though, so it’s a good source of information about the malware. Hope this helps!

Source:
http://www.winpatrol.com/db/freesample/newdotnet.html?netdotnet.dll

NETDOTNET.DLL

NewDotNet may be installed on your system with or without your knowledge. A few years ago, a company called NewDotNet decided to start selling nonstandard Toplevel Domain names. At the time, the only valid domain names were .com, .org, .edu, .gov, .mil, and .net. NewNet decided to make up it’s own domain names including things like .law, .club, .tech, .xxx and so on. You could pay to register a domain name through New.Net. The catch is that nobody would see your domain unless they had the NewDotNet plugin installed on their computer. For that reason, it became important for NewNet to get their software installed on as many computers as possible. They did this in several ways. Now that many new toplevel domain names have been approved by InterNIC, this new.net functionality is even less useful.

NewDotNet is good example of what’s being referred to as Foistware. Foistware is software that adds hidden components to your computer. Usually it’s done without your knowledge when you install some other program that would be useful to you.

This program is has been known to be installed along with KaZAa, Earthlink, @Home (ComCast), Juno, Webshots, NetZero, AudioGalaxy, Bearshare and a host of other programs.

The DLL component is a plugin to your Internet Explorer Browser. It adds some internet functionality but nothing of real use. It’s sneaky in how it gets on your system and it will also update itself without letting you know. It’s unknown what new updated versions may do on your system. It has also been known to cause crashes so we recommend removing it from your system.

You can disable this DLL using WinPatrol but it’s recommended you also use Add/Remove programs to remove the entire application. This DLL ties closely into the WinSock communication so if you just delete the DLL you’ll ■■■■■ up your system. You can use this utility to repair a damanged winsock.dll file: LSP-Fix - a free program to repair damaged Winsock 2 stacks.

Foistware: New Net, Inc (NewDotNet.DLL)

#4

Lyn,

newdotnet is definitely malware, and it adds an additonal LSP. To fix the IP stack after newdotnet gets its hooks into you, you need to either A) run lspfix.exe (from www.cexx.org) or 2) at the command prompt, type in “netsh winsock reset” (without the quotes, of course).

#5

I have tried spyware doctor, spybot and avg to clear newdotnet and marketscore. With the latter I also cleared it from the registry but its back when I run reg edit although now when I scan for it all is clear! What,s my next move?

#6

Hi, Lyn,

I. Did you try removing the malware from safe mode? Spyware can remain in system restore, so you need to turn SR off before removing it.

II. fwiw, I have Avira PE & it (also) lists it as malware it detects - note that they list all nakware they detect & can remove “most”. You can download the free - classic version from here if you want to try it:

III. You could try other online scanners: (turn off your own av guards / boclean first or they will fight.)

http://virusscan.jotti.org/
http://www.bitdefender.com/scan8/ie.html

IV. You could ask for help on a malware removal forum such as Castlecops.

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://www.castlecops.com/forums.html

Good Luck!

#7

When I run REGEDIT now newdotnet is no longer detected and marketscore appears in a spybot zipfolder. When I use tune up utilities reg editor samploes turn up! I also tried a site which claims to test for marketscore as its an ie proxy this came up clean. I know how to gewt into safemode but how do you get out of it? Thanks

#8

Sorry for the delay … been WAY too overbusy lately … newdotnet is actually one of the lesser threats … the “add/remove” from the control panel on the “newdotnet” stuff actually SUCCESSFULLY removes it, and while BOClean will detect and nail it upon install, you’re actually just as well off hitting up the control panel, find “new.net” and remove it THAT way than letting other “panicware” kill it for you since LSP stacks can get REALLY ■■■■■■■ up if it isn’t done properly.

BOClean always had its own “LSPfix” code, and if BOClean detects it, it will automatically repair the winsock stack so it’s rather obvious “we” weren’t involved in this mess … heh. But if “newdotnet” is detected, all it does (what ELSE might be added notwithstanding - we GET that) is add some domain extensions not officially “internic” to your browser … removal from control panel HARMLESSLY gets rid of that, and it actually WORKS!

I’m all for tinfoil helmets … they provided me a PAULTRY income for years … heh. But if all that was there was newdotnet … it can be “add/remove software” from the control panel … WE worried about actual trojans that USED their domains … that’s what we remove. :slight_smile:

#9

Thanks Kevin! Does the above apply to marketscore?

#10

Lynn, To get out of safe mode, all you need to do is shut down (doesn’t matter if you choose “shutdown & restart” aka warm reboot or shutdown fully, then turn the machine back on aka cold reboot). Once you are re-starting the system, as long as you DON’T choose to run in safemode, you will boot up normally.