MyAntiSpyware

How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)

Myantispyware team January 31, 2006

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: NewDotNet

Then using Windows Explorer, delete the following folder:
C:\Program Files\NewDotNet
C:\Program Files\MsMovies

Please Download LSPFix from here and Run the Program.
Disconnect from the Internet and close all Internet Explorer Windows.
Check the “I know what I’m doing” Button and move all instances of newdotnet7_14.dll from the left panel to the right panel then click ‘Finish’

Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.

Download Alcan.zip and unzip it to your desktop.
# Reboot into Safe Mode
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
# Enter the AlcanFix folder and double-click AlcanFix.bat to run the tool.

Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):

O2 – BHO: – {2BAF9250-30AF-4235-80FA-22FB05997124} – C:\WINDOWS\lbbho.dll
O2 – BHO: RXResultTracker Class – {59879FA4-4790-461c-A1CC-4EC4DE4CA483} – C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 – BHO: URLLink – {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} – C:\Program Files\NewDotNet\newdotnet7_14.dll
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 – HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 – HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O18 – Filter: text/html – {2AB289AE-4B90-4281-B2AE-1F4BB034B647} – C:\PROGRA~1\RXTOOL~1\sfcont.dll

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Finally, restart your computer, run your anti virus.

Also download and run ATF Cleaner.
Under Main choose: Select All. Click the Empty Selected button.

Tutorials - HowTo

How to remove AdwarePunisher – rogue anti spyware

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)

How to remove AdwarePunisher – rogue anti spyware

How to remove VideoCodec3_05b – ICQCHK.exe – MSX.DLL

Leave a Reply Cancel reply

New Guides

Anchomoross.com Virus Removal Guide

Fake or Real? You Visited Some Hacked Websites With Exploit Email Scam Explained

Spotify Can’t Process Your Payment Scam Alert: A Phishing Email to Avoid

IFMAGIC GLP-1 Pro Weight Loss Oral Solution Review, Scam or Legit? What You Need to Know

LilCooler Portable AC Review, Scam or Legit? What You Need to Know

Follow Us

Search

Useful Guides

How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]

AdwCleaner – Review, How to use, Comments

How to remove Chrome extensions installed by enterprise policy

Chrome Managed by your organization malware removal guide

Recent Guides

How to remove AdwarePunisher – rogue anti spyware

Winamp 5.13 released

Malware Domain List – Updated

First reports of Nyxem damage

ActiveX Blocklist Release 2006-01-30

Myantispyware.com

Pages

How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)

Leave a Reply Cancel reply

New Guides

Follow Us

Search

Useful Guides

Recent Guides

Social Links