Solved

NewDotNet and HuntBar-how do I get rid of these unwanted programs?

Posted on 2004-03-27
7
348 Views
Last Modified: 2010-04-11
Sptbot S&D, Adaware 6.018 and McAfee Virus Scan have all pinpointed NeDotNet and HuntBar/BTIEIN as the unwanted programs that have taken control over IE and redirect it to unwanted and unsolicited web pages.  However, none of these spyware protection programs have been able to eliminate or disable these unwanted programs.  I have tried running both Adaware and Spybot S&D on startup (as recommended), disabling NewDotNet on the msconfig startup manager and using uninstall.  Nothing has worked so far.  Does anyone have a solution to this problem? Help!
0
Comment
Question by:rwrudd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 250 total points
ID: 10697156
Try these programs

CWShredder: http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

Also check these registry entries and delete them if you find them there


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant
HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10697158
0
 
LVL 7

Expert Comment

by:hladamjr
ID: 10708571
You say you tryed ADaware but you need to be sure you have the latest refernce file installed also. If you downloaded Adaware and ran it it probably didn't catch 50 % of what you have installed. Be sure to use the latest refence file to get it go here:

http://www.lavasoft.de/update/refs/reflist.zip

Download the zip and extract the file in C:\ Program Files \Lavasoft \adaware and replace the file that currently resides there and then re-run the Adaware scan. Bet you find tons of stuff that can be removed

Hope this Helps

Hank
0
 
LVL 3

Expert Comment

by:zapthedingbat
ID: 10764660
NewDotNet.
litraly makes me want to vomit with loathing and contempt.

http://www.newdotnet.com/#remove

<rant>
whilst im on the subject of this vomit indusing crap
its intresting to note that having a poke about inside NewDotNet's guts with a hex editor you will see some of the following hard coded content...

RETR  
Return-Path:    
Bcc:
Cc:
To:
From:
POP3
EHLO
HELO
RSET
MAIL FROM:
DATA
RCPT TO:

netscape.com/webmail/br/compose.tmpl    
/webmail/br/compose.tmpl    

visto.com/mail/new.html /mail/mail=send.html
netaddress.com/tpl/Message
/tpl/Send

excite.com/ExciteMail/compose  
/ExciteMail/compose

www.mail.com/mailcom/writemail.jhtml
/mailcom/writemail.jhtml

mail.yahoo.com/ym/Compose?  
/ym/Compose?

hotmail.msn.com/cgi-bin/compose?
/cgi-bin/premail

now theres only one reason, i can think of that this evil scum might be hard coding the URLs and querystrings of popular web based email services and Chunks of POP3 Protocol into their widly distributed winsock layer...

and that would be that they are harvising the email addresses of everysingle person you send email to so they can hose them with showers of stinking spam.
and we wonder why the web is drowning in a sea of putrid, uncolidited, crap while new.net proudly bosts 174,661,619 users

oh unless anyone can think of a better explanation...of course

</rant>

grrr, arrg

ZapTheDingbat
http://www.zapthedingbat.com
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10792427
I agree with zapthedingbat.
Also, when you run Adaware, make sure you follow the directions posted on their website for running a "Custom" scan the
first time.
Make sure you get the latest version of CWShredder (ver 1.55, I think) - Cool Web Search has been rewritten to try and
block CWShredder.

Good luck!
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2-Factor authentication VPN for staff and suppliers 6 47
Cisco Router Security Commands. 2 46
Malware infection with local user rights? 6 47
Need a modeling tool 2 39
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question