salve alfonso ho fatto una scansione ad aware spyobt e cwsredder ma non hanno trovato nulla.la vado a fare con norton e ottengo come risultato:NDNuninstall4 85.exe
NDNuninstall5 48.exe NDNuninstall5 64.exe NDNuninstall6 10.exe affetti da un ADWARE.NDotNet.sono andato sul sito di norton e mi è uscito questa spiegazione
Adware.NDotNet
Last Updated on: March 09, 2005 01:33:27 PM






Type: Adware

Name: n/a
Version: 3.8
Publisher: NewDotNet
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP


Risk Impact: High




Intelligent Updater Definitions*
February 05, 2004


LiveUpdate™ Definitions **
February 11, 2004


*
Intelligent Updater definitions are released daily, but require manual download and installation.
Click here to download manually.

**
LiveUpdate definitions are usually released every Wednesday.
Click here for instructions on using LiveUpdate.





This risk can be detected only by Symantec products that support security risks. For more information on security risks, please go here.




Behavior
Adware.NDotNet is an adware program that displays advertisements based on keywords. This adware component works as a Browser Helper Object.

Symptoms
Your Symantec antivirus program detects Adware.NDotNet.

Transmission
This adware component must be manually installed or installed as a component of another program that you install.




File names:
Newdotnet3_88.dkk
Nnezt388.exe
NDNuninstall6_38.exe
tldctl2.inf
tldctl2.ocx
newdotnet6_38.dll
uninstall6_38.exe

When Adware.NDotNet is installed, it performs the following actions:


Creates the folder, %ProgramFiles%\NewDotNet, and copies files into it.

Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.


Adds the value:

"New.net Startup" = "rundll32 C:\Progra~1\Newdot~1\Newdot~1.dll, NewDotNetStartup"

to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Creates the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c.1
HKEY_CLASSES_ROOT\Tldctl2.URLLink
HKEY_CLASSES_ROOT\Tldctl2.URLLink.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD521A1D-1F98-11D4-9676-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage
\C:/WINDOWS/Downloaded Program Files/tldctl2.ocx


Attempts to automatically update itself.

---

Notes:
Adware.NDotNet runs as a Browser Helper Object, which means that the adware component receives information regarding all the actions inside Internet Explorer. This Browser Helper Object requires Internet Explorer 4.0 or later to function.
This adware component appears to track Internet usage habits, but without using any identification parameters. It does not appear to track personally identifiable information.

---

This adware program must be manually installed. However, there are several known programs that have Adware.NDotNet within them and that install it as the program itself is installed.

---

Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.

---

The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

Update the definitions.
Uninstall New.net using the Add/Remove Programs utility in Control Panel or NDNuninstall6_38.exe found in the %Windows% folder.
Run a full system scan, and delete all files that are detected as Adware.NDotNet.
Delete the value that was added to the registry.

For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To uninstall the Adware
Do one of the following:
On the Windows 98 taskbar:
Click Start > Settings > Control Panel.
In the Control Panel window, double-click Add/Remove Programs.


On the Windows Me taskbar:
Click Start > Settings > Control Panel.
In the Control Panel window, double-click Add/Remove Programs.
If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."


On the Windows 2000 taskbar:
By default, Windows 2000 is set up the same as Windows 98, so follow the instructions for Windows 98. If otherwise, click Start, point to Settings > Control Panel, and then click Add/Remove Programs.


On the Windows XP taskbar:
Click Start > Control Panel.
In the Control Panel window, double-click Add or Remove Programs.


Click New.net Domains 3.88.

---

Note: You may need to use the scroll bar to view the entire list.

---

Click Add/Remove, Change/Remove, or Remove (depending on the operating system). Follow the prompts.

3. Scanning for and deleting the files
Start your Symantec antivirus program, and run a full system scan.
If any files are detected as Adware.NDotNet, click Delete

---

Notes:
If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
If you ran the Add/Remove programs applet as described in the previous section, it is possible that all files were removed; therefore, none will be detected.

---

4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. Read the document, "How to make a backup of the Windows registry," for instructions.


Click Start > Run.
Type regedit

Then click OK.


Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete the value:

"New.net Startup"="rundll32 C:\Progra~1\Newdot~1\Newdot~1.dll, NewDotNetStartup"


Navigate to and delete the subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
HKEY_LOCAL_MACHINE\SOFTWARE\New.net
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2
\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c.1
HKEY_CLASSES_ROOT\Tldctl2.URLLink
HKEY_CLASSES_ROOT\Tldctl2.URLLink.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD521A1D-1F98-11D4-9676-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage
\C:/WINDOWS/Downloaded Program Files/tldctl2.ocx


Exit the Registry Editor

ora per me è ostrogoto quel poco che ho capito...alfonso dammi tu una mano!!

Vai a questo indirizzo, e segui le istruzioni, fai la scansione antivirus in modalità provvisoria e sempre in provvisoria lancia Ad-aware e Spybot

poi riavvia in modo normale, fai il log con Hijack e inseriscilo qui nel forum

http://www.aiutamici.com/software/descrizione.asp?CodSw=1175

---

Collaboratore Aiutamici

Il log e pulito da spyware, se fai il controllo antivirus in modalità provvisoria e l'antivirus trova ma non rimuove i file infetti, non rimane che formattare il disco e reinstallare tutto.

Anche se segui le indicazioni indicate penso non risolvi nulla in quanto il norton dovrebbe rimuovere da solo quel problema e se non ci riesce e inutile farlo manualmente.

Prima di fare la scansione in modalità provvisoria, devi disattivare il ripristino di configurazione, leggi questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

---

Collaboratore Aiutamici