• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Tutorials - HowTo › How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)

How to remove BackDoor.SdBot.MYX (oo.exe, newdotnet)

Myantispyware team January 31, 2006     No Comment    

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: NewDotNet

Then using Windows Explorer, delete the following folder:
C:\Program Files\NewDotNet
C:\Program Files\MsMovies

Please Download LSPFix from here and Run the Program.
Disconnect from the Internet and close all Internet Explorer Windows.
Check the “I know what I’m doing” Button and move all instances of newdotnet7_14.dll from the left panel to the right panel then click ‘Finish’

Download HijackThis and save the file to your desktop.
Double click on the file to extract it to it’s own folder on the desktop.

Download Alcan.zip and unzip it to your desktop.
# Reboot into Safe Mode
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
# Enter the AlcanFix folder and double-click AlcanFix.bat to run the tool.

Now you need to run HijackThis and click “Do a system scan only.” Place a check next to the following entries (if they are still there):

O2 – BHO: – {2BAF9250-30AF-4235-80FA-22FB05997124} – C:\WINDOWS\lbbho.dll
O2 – BHO: RXResultTracker Class – {59879FA4-4790-461c-A1CC-4EC4DE4CA483} – C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
O2 – BHO: URLLink – {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} – C:\Program Files\NewDotNet\newdotnet7_14.dll
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 – HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 – HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe
O18 – Filter: text/html – {2AB289AE-4B90-4281-B2AE-1F4BB034B647} – C:\PROGRA~1\RXTOOL~1\sfcont.dll

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Finally, restart your computer, run your anti virus.

Also download and run ATF Cleaner.
Under Main choose: Select All. Click the Empty Selected button.

Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

unwanted ads
How to uninstall OpticalPartition app/extension from Mac
1Eoa3BK72WShXg54Vi455rvGH6Bpm5KvZD SCAM
1Eoa3BK72WShXg54Vi455rvGH6Bpm5KvZD Bitcoin Email Scam
Admitteesac.top
How to remove Admitteesac.top pop-ups (Virus removal guide)
t4bkh24c5.com
How to remove T4bkh24c5.com pop-ups (Virus removal guide)
unwanted ads
How to uninstall ProductUpgrade app/extension from Mac

Follow US

Search

Useful Guides

DNSChanger
How to remove DNSChanger malware virus [Updated Apr. 2018]
How to reset Mozilla Firefox (Updated Apr. 2018)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
How to reset Internet Explorer settings to default
How to reset Google Chrome settings to default

Recent Posts

How to remove AdwarePunisher – rogue anti spyware
Winamp 5.13 released
Malware Domain List – Updated
First reports of Nyxem damage
ActiveX Blocklist Release 2006-01-30

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.