A Look Inside a Dirty Computer
Once again this week I had the opportunity to look at a computer that had been visited by the world of NEWdotNET.
The initial complaint from the computer's owner was that they couldn't connect to the Internet anymore. The error they were getting was "An error occurred while renewing interface Local Area Connection: the requested service provider could not be loaded or initialized.", along with various protocol errors. Another error indicated that there was a socket error. Upon initial investigation I found that NEWdotNET was installed on the computer.
Ok now the winsock is reset. What about TCP/IP? I found another article on Microsoft's Knowledge base that dealt with the TCP/IP stack and the need to reset it after a winsock error. So now, step by step I repair the TCP/IP stack as well.
http://support.microsoft.com/kb/299357/en-us
All is well the computer is once again running. All of the NEWdotNET leftovers have been removed.
So what is NEWdotNET? As far as I can tell they are a DNS provider. From their website "NEW.NET seeks to become the world's leading domain name registry by introducing and selling domain names with new extensions that offer greater relevance and meaning than current Web site addresses ending in .com, .net, and other existing top-level domains. We are making this possible initially by encouraging millions of users to activate their Internet browsers to recognize NEW.NET domain names and partnering with leading Internet Service Providers to activate our domain names automatically at the network level."
"The NewDotNet software is what we like to call Foistware: it's something that you probably didn't ask for, and never felt a need for, but it came along anyway with an unrelated program you downloaded. NEWdotNET accomplishes this by compensating the authors of unrelated third-party software, which has ranged from media players to peer-to-peer file sharing programs, for "bundling" the browser plugin with their program. At one time, NEWdotNET advertised a 5 cent commission for each system the plugin was successfully installed on; however, we are unable to find current published figures for compensation."
It appears that NEWdotNET is not happy about the adverse publicity that their software has received over the years. They claim that their software is not being installed without the permission of the owner of the computer. I really take issue with this. Of the computers that I have worked on that have had the software installed, I can not find one person who confirmed that they knew that NEWdotNET was being installed and agreed to the installation.
From the website? they themselves claim to have 174,661,619 enabled users. My question is how many of the nearly 175 million users even know that the software is installed? How many agreed to the installation? How many realize that the software leaves the computer open so that newdotnet can update the software whenever an update comes along (and by the way doesn't inform the user that an update is being done)?
(I would really like to know how many people actually remember being asked to install the newdotnet software.)
This computer may well have been the biggest challenge that I dealt with in 2006. Some of you are probably saying, "Man why don't you just format and reinstall". Sometimes I do, but if I didn't go through these types of exercises I would never know how this stuff works, I would not understand what to look for next time and would not be able to help people understand the importance of things anti-virus software, anti-spyware software and firewalls.
With that I wish each and every one of you a Happy New Year and a safe and prosperous 2007.
Windows Defender expires today
We have received a report from one of our readers that his Windows Defender install just stop working, no warning other than a service failed to start. Thanks for reporting this to us Karl. Is anyone else seeing this behaviour?
If you are running Windows Defender you may want to do the update today.
Update: It has been brought to our attention that Microsoft Windows Defender is no longer intallable or supported for Windows 2000. Microsoft states that W2K is out of lifecycle and is no longer supported. So those of you running Windows Defender on Windows 2000, you will need to look for another program.
Update on Postcard virus emails
Thanks Karl for the information.
Comments