Adware.NDotNet

Printer Friendly Page

Updated: February 13, 2007 11:43:39 AM

Type: Adware

Version: 3.8

Publisher: NewDotNet

Risk Impact: Low

File Names: Newdotnet3_88.dkk Nnezt388.exe NDNuninstall6_38.exe tldctl2.inf tldctl2.ocx newdotnet6_38.dll

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.NDotNet is installed, it performs the following actions:

Creates the folder %ProgramFiles%\NewDotNet, and copies files into it.

Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
Adds the value:

"New.net Startup" = "rundll32 C:\Progra~1\Newdot~1\Newdot~1.dll, NewDotNetStartup"

to the registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

so that the risk runs every time Windows starts.
Creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\New.net HKEY_LOCAL_MACHINE\SOFTWARE\New.net HKEY_CLASSES_ROOT\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.Tldctl2c.1 HKEY_CLASSES_ROOT\Tldctl2.URLLink HKEY_CLASSES_ROOT\Tldctl2.URLLink.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID \{DD521A1D-1F98-11D4-9676-00E018981B9E} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Tldctl2.URLLink.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ModuleUsage\C:/WINDOWS/Downloaded Program Files/tldctl2.ocx
Modifies the following registry subkeys:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 \Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries\000000000015to insure that the risk is used whenever the internet is accessed.
Attempts to automatically update itself.
Adds the following files:

%UserProfile%\DESKTOP\Get 100, 000 Emoticons!.url
%UserProfile%\DESKTOP\Sherv.NET - Animated Emoticons, Winks, Display Pics and more!.url
%UserProfile%\Favorites\Get 100, 000 Emoticons!.url
%UserProfile%\Favorites\Sherv.NET - Animated Emoticons, Winks, Display Pics and more!.url
%UserProfile%\Favorites\Free Weather Toolbar and Smileys!.url
%UserProfile%\Favorites\Get 100, 000 Smileys and Emoticons.url
%UserProfile%\Favorites\Sherv.NET - MSN Emoticons, Display Pics, Winks, and lots more!.url
%UserProfile%\Favorites\Free Weather Toolbar adn Smileys!.url
%UserProfile%\Start Menu\Get 100, 000 Smileys and Emoticons.url

Note: %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).

Notes:
- Adware.NDotNet runs as a Browser Helper Object, which means that the adware component receives information regarding all the actions inside Internet Explorer. This Browser Helper Object requires Internet Explorer 4.0 or later to function.
- This adware component appears to track Internet usage habits, but without using any identification parameters. It does not appear to track personally identifiable information.

Removal

Summary

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}