News | Forum | Free Software | Online Scanners | Tutorials - HowTo
1. Been infected with spyware? Tell us about your problem.
2. Protect your PC from viruses, spyware.
3. For fast automatic spyware removal, try CounterSpy, SUPERAntiSpyware

How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: NewDotNet

Then using Windows Explorer, delete the following folder:
C:\Program Files\NewDotNet
C:\Program Files\MsMovies

Please Download LSPFix from here and Run the Program.
Disconnect from the Internet and close all Internet Explorer Windows.
Check the “I know what I’m doing” Button and move all instances of newdotnet7_14.dll from the left panel to the right panel then click ‘Finish’

Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.

Download Alcan.zip and unzip it to your desktop.
# Reboot into Safe Mode
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
# Enter the AlcanFix folder and double-click AlcanFix.bat to run the tool.

Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):

O2 - BHO: - {2BAF9250-30AF-4235-80FA-22FB05997124} - C:\WINDOWS\lbbho.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Finally, restart your computer, run your anti virus.

Also download and run ATF Cleaner.
Under Main choose: Select All. Click the Empty Selected button.

January 31, 2006 on 11:58 pm | In Tutorials - "How to" | |
Submit to: Digg | SlashDot | Del.icio.us

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 8 chars within 0..9 and A..F, and submit the form.

  

Oh no, I cannot read this. Please, generate a


MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds. Valid XHTML and CSS. ^Top^