Adaware.NDotNet Šta je ovo
Otkrio ga je Norton.Međutim ne može da ga izbriše.Pogledao sam o njemu na netu i izgleda da treba sam da ga deinstaliram i da počistim i registry base , međutim u opšte ne mogu da ga nađem na hardu u a izgleda da nije ništa ni uneo u reg .O čemu se radi ?
NDNuninstall5_64.exe
Adaware.NDotNet
Ovo su podaci o , čak se i ime malo razlukuje od ovog koje je meni norton prijavio.
Behavior
Adware.NDotNet is an adware program that displays advertisements based on keywords. This adware component works as a Browser Helper Object.
Symptoms
Your Symantec antivirus program detects Adware.NDotNet.
Transmission
This adware component must be manually installed or installed as a component of another program that you install.
File names:
Newdotnet3_88.dkk
Nnezt388.exe
NDNuninstall6_38.exe
tldctl2.inf
tldctl2.ocx
newdotnet6_38.dll
uninstall6_38.exe
When Adware.NDotNet is installed, it performs the following actions:
Creates the folder, %ProgramFiles%\NewDotNet, and copies files into it.
Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Adds the value:
"New.net Startup" = "rundll32 C:\Progra~1\Newdot~1\Newdot~1.dll, NewDotNetStartup"
to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Creates the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c.1
HKEY_CLASSES_ROOT\Tldctl2.URLLink
HKEY_CLASSES_ROOT\Tldctl2.URLLink.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD521A1D-1F98-11D4-9676-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage
\C:/WINDOWS/Downloaded Program Files/tldctl2.ocx
Attempts to automatically update itself.
--------------------------------------------------------------------------------
Notes:
Adware.NDotNet runs as a Browser Helper Object, which means that the adware component receives information regarding all the actions inside Internet Explorer. This Browser Helper Object requires Internet Explorer 4.0 or later to function.
This adware component appears to track Internet usage habits, but without using any identification parameters. It does not appear to track personally identifiable information.
--------------------------------------------------------------------------------
This adware program must be manually installed. However, there are several known programs that have Adware.NDotNet within them and that install it as the program itself is installed.
--------------------------------------------------------------------------------
Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.
--------------------------------------------------------------------------------
The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
Update the definitions.
Uninstall New.net using the Add/Remove Programs utility in Control Panel or NDNuninstall6_38.exe found in the %Windows% folder.
Run a full system scan, and delete all files that are detected as Adware.NDotNet.
Delete the value that was added to the registry.
For specific details on each of these steps, read the following instructions.
1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
2. To uninstall the Adware
Do one of the following:
On the Windows 98 taskbar:
Click Start > Settings > Control Panel.
In the Control Panel window, double-click Add/Remove Programs.
On the Windows Me taskbar:
Click Start > Settings > Control Panel.
In the Control Panel window, double-click Add/Remove Programs.
If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."
On the Windows 2000 taskbar:
By default, Windows 2000 is set up the same as Windows 98, so follow the instructions for Windows 98. If otherwise, click Start, point to Settings > Control Panel, and then click Add/Remove Programs.
On the Windows XP taskbar:
Click Start > Control Panel.
In the Control Panel window, double-click Add or Remove Programs.
Click New.net Domains 3.88.
--------------------------------------------------------------------------------
Note: You may need to use the scroll bar to view the entire list.
--------------------------------------------------------------------------------
Click Add/Remove, Change/Remove, or Remove (depending on the operating system). Follow the prompts.
3. Scanning for and deleting the files
Start your Symantec antivirus program, and run a full system scan.
If any files are detected as Adware.NDotNet, click Delete
--------------------------------------------------------------------------------
Notes:
If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
If you ran the Add/Remove programs applet as described in the previous section, it is possible that all files were removed; therefore, none will be detected.
--------------------------------------------------------------------------------
4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document, "How to make a backup of the Windows registry," for instructions.
Click Start > Run.
Type regedit
Then click OK.
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"New.net Startup"="rundll32 C:\Progra~1\Newdot~1\Newdot~1.dll, NewDotNetStartup"
Navigate to and delete the subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c.1
HKEY_CLASSES_ROOT\Tldctl2.URLLink
HKEY_CLASSES_ROOT\Tldctl2.URLLink.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD521A1D-1F98-11D4-9676-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage
\C:/WINDOWS/Downloaded Program Files/tldctl2.ocx
Exit the Registry Editor
 |  |
 |
Re: Adaware.NDotNet Šta je ovo
