Firewall disabled, IE blank page - Virus, Trojan?

Firewall disabled, IE blank page - Virus, Trojan?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Firewall disabled, IE blank page - Virus, Trojan? Milo 06-14-2006
Posted by Milo on June 14, 2006, 7:43 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

a few days ago I booted my computer and had the following problem:

Taskbar seemed to have been blanked out. Quick launch area disappeared
and it looked like the language bar had been stretched right over to
the start button.

Windows Firewall disabled and cannot be restarted.

Launching any program results in no taskbar button, taskbar remains
blank and can only get to different full-screen windows by alt-tab.

IE doesn't open any pages, remains blank and seems to not be detecting
my internet connection which is definitely up as I have another
computer using the same shared conection (modem and router)

Avast Antivirus cannot start in scan mode, stays hanging with 'virus
scanning engine initialising' message on the console. Background plugin
scan seems to be running but not picking anything up. Earlier Avast did
pick up some infections but I managed to quarantine and then delete
them....

I tried to do system restore to a point about a week old, it helped in
that now I have programs on the taskbar again and got the quick launch
back but still having IE problem amongst others.

Does anyone recognise this trojan/virus behaviour? A friend of mine got
it as well, so maybe it is spreading through an address book exploit of
some kind. I would really like to get rid of this beast without having
to role back to my rather old backup (2 months old). Thanks for all of
your help in advance.


Posted by Malke on June 14, 2006, 8:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Milo wrote:

> Hi,
>
> a few days ago I booted my computer and had the following problem:
>
> Taskbar seemed to have been blanked out. Quick launch area disappeared
> and it looked like the language bar had been stretched right over to
> the start button.
>
> Windows Firewall disabled and cannot be restarted.
>
> Launching any program results in no taskbar button, taskbar remains
> blank and can only get to different full-screen windows by alt-tab.
>
> IE doesn't open any pages, remains blank and seems to not be detecting
> my internet connection which is definitely up as I have another
> computer using the same shared conection (modem and router)
>
> Avast Antivirus cannot start in scan mode, stays hanging with 'virus
> scanning engine initialising' message on the console. Background
> plugin scan seems to be running but not picking anything up. Earlier
> Avast did pick up some infections but I managed to quarantine and then
> delete them....
>
> I tried to do system restore to a point about a week old, it helped in
> that now I have programs on the taskbar again and got the quick launch
> back but still having IE problem amongst others.
>
> Does anyone recognise this trojan/virus behaviour? A friend of mine
> got it as well, so maybe it is spreading through an address book
> exploit of some kind. I would really like to get rid of this beast
> without having to role back to my rather old backup (2 months old).
> Thanks for all of your help in advance.

There are many viruses and malware in existence. Guessing what your
computer may be infected with without even seeing the machine is
fruitless.

Go through the removal steps at the link below. Include the scan with
either Sysclean or David Lipman's Multi_AV.

http://www.elephantboycomputers.com/page2.html#Removing_Malware

If the procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a professional
computer repair shop (not your local version of BigStoreUSA).

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by Milo on June 14, 2006, 10:48 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi Malke,

thanks for your reply. The page you linked to is very comprehensive
indeed! I am not worried about going through a lengthy procedure, it
does bore me stupid though and i think malware, adware and virus
developers shuld get stiff jail sentences in the nastiest jails the
world has to offer, but rant over, here is some news on this topic.

I started to get this message after booting:

RUNDLL ERROR
Error loading C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
The system cannot find the path specified.

I then remembered that I had found this file and some associated
uninstall files in the above mentioned directory. The associated files
seemed to be almost identical uninstall.exe files for the NewDot
adware. Upon running one of these uninstalls I got warnings from Avast
that an infection had been found. I guess that I forgot these details
in the frustraing panic that always occurs after your PC stops working!

Anyway, I have found some procedures involving repairing the winsock
stack which I will try out this evening.

Newdot.dll seems to date from at least 2002 so it surprised me that I
didn't find more posts refering to it. However here are the most useful
ones that I found in case somebody has a similar problem to mine:

Forum thread to guide:
http://forums.techguy.org/security/443788-trojan-horse-dialer-17-e.html
Another forum thread
http://www.annoyances.org/exec/forum/win98/t1035070619
Removal procedure: http://www.techspot.com/vb/topic17297.html
Necessary tool: http://www.cexx.org/lspfix.htm
Background on the why? http://www.cexx.org/newnet.htm
Possible secondary candidate:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2EAMW&VSect=Sn


Posted by =?Utf-8?B?UGFuZGFfbWFu?= on June 14, 2006, 11:36 am
If you were  Registered and logged in, you could reply and use other advanced thread options
My reply is at the bottom of your message :


"Milo" wrote:

> Hi Malke,
>
> thanks for your reply. The page you linked to is very comprehensive
> indeed! I am not worried about going through a lengthy procedure, it
> does bore me stupid though and i think malware, adware and virus
> developers shuld get stiff jail sentences in the nastiest jails the
> world has to offer, but rant over, here is some news on this topic.
>
> I started to get this message after booting:
>
> RUNDLL ERROR
> Error loading C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
> The system cannot find the path specified.
>
> I then remembered that I had found this file and some associated
> uninstall files in the above mentioned directory. The associated files
> seemed to be almost identical uninstall.exe files for the NewDot
> adware. Upon running one of these uninstalls I got warnings from Avast
> that an infection had been found. I guess that I forgot these details
> in the frustraing panic that always occurs after your PC stops working!
>
> Anyway, I have found some procedures involving repairing the winsock
> stack which I will try out this evening.
>
> Newdot.dll seems to date from at least 2002 so it surprised me that I
> didn't find more posts refering to it. However here are the most useful
> ones that I found in case somebody has a similar problem to mine:
>
> Forum thread to guide:
> http://forums.techguy.org/security/443788-trojan-horse-dialer-17-e.html
> Another forum thread
> http://www.annoyances.org/exec/forum/win98/t1035070619
> Removal procedure: http://www.techspot.com/vb/topic17297.html
> Necessary tool: http://www.cexx.org/lspfix.htm
> Background on the why? http://www.cexx.org/newnet.htm
> Possible secondary candidate:
>
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2EAMW&VSect=Sn
>
>


Milo , New.net is a nasty malware which you managed to kill . This appears
because you successfully deleted the DLL file in C:\Program files\Newdotnet
this dll is the most important part however there are still some reg files
in your Windows registry which should be deleted .

In your first post you say "Windows Firewall" so I guess you have Windows XP
with SP2 .

Now download this free tool from Symantec and run it to fully eliminate
Net.net
http://securityresponse.symantec.com/avcenter/venc/data/adware.ndotnet.html

Then restart and
Start -> Run -> type
cmd
[ENTER]

Now type:
netsh winsock reset
[ENTER]

Restart immediately
[ENTER] means you need to hit enter from the keyboard

Panda_man
--
Bronze level Contributor
http://pandaman.my.contact.bg
Please , rate posts

Posted by Milo on June 16, 2006, 12:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi Panda man,

I actually managed to resolve the problem in another way, but the final
step was the same, that being the resetting of the winsock stack. As
soon as I did that all of the other symptoms I was seeing disappeared
and all was back to normal. Your solution seems to be sound and it is
great to know that there are people out there who are competent enough
to know the solution to these difficult-to-troubleshoot problems.

At the end of it all I am not sure if my problems were down to just
newdot.dll or if they were caused by one of the uninstallers in the
c:/program files/newdot (there were two) being infected with either
Agobot or Cool web search. It is hard to say, but I saw evidence of
both having infected my system.

In a possibly related issue my external modem now seems to have given
up and although it shows that it is connected to my ADSL connection I
can't actually connect through it. I am having to use a backup USB
modem.

Anyway, that is a different story and I have only spent a few minutes
trying to find out the cause of that problem. Why can't computers just
work and why do people insist on writing crappy spyware and viruses?
How do normal everyday users put up with this aggrevation?


Similar ThreadsPosted
firewall disabled by a virus July 20, 2007, 9:53 am
Windows Firewall automatically disabled August 23, 2005, 12:30 am
disabled virus software October 7, 2005, 9:21 pm
Monitors go blank - have to reboot - could this be a virus? July 7, 2006, 11:56 am
start Page virus December 30, 2005, 9:11 pm
The default page was set to www.msn.com occasionally. Is it possible be virus? September 6, 2005, 7:39 am
Virus on yahoo.com home page February 6, 2006, 2:04 pm
about:blank July 18, 2005, 6:22 pm
about.blank January 25, 2007, 9:34 pm
about:blank April 11, 2007, 2:17 pm

The site map in XML format XML site map

Contact Us | Privacy Policy