XP Home Bootable CD for removing DLLs

Discussion in 'Computer Support' started by ng_reader, Jan 15, 2006.

  1. ng_reader

    ng_reader Guest

    Hello,
    I seem to be having a rather sticky time removing from my kids PC an
    instance of NewDotNet .

    I think alls I need to do is remove a folder from my C:\Program Files\
    directory, however the folder contains a Dynamic Library Link (*.dl) that is
    not removable from *within* windows.

    So, I tried to make a bootable 1.44 FD, but that is a struggle. (WTF - load
    command interpreter?)

    But now I just want to create a CD that I can boot from, and would
    appreciate a link, or an FTP site, or a warez that will help.

    Of course I am going a little crazy. But the good news is, once I learn
    this, it's very unlikely I will ever forget it.

    And, I *think* I might just turn on administrative rights with my children's
    pc. (If that will help)

    Thanks, in advance.

    My email works, and gets very little spam. Which is cool.
     
    ng_reader, Jan 15, 2006
    #1
    1. Advertising

  2. ng_reader

    Tony Guest

    "ng_reader" <> wrote in message
    news:...
    > Hello,
    > I seem to be having a rather sticky time removing from my kids PC an
    > instance of NewDotNet .
    >
    > I think alls I need to do is remove a folder from my C:\Program Files\
    > directory, however the folder contains a Dynamic Library Link (*.dl) that
    > is not removable from *within* windows.
    >
    > So, I tried to make a bootable 1.44 FD, but that is a struggle. (WTF -
    > load command interpreter?)
    >
    > But now I just want to create a CD that I can boot from, and would
    > appreciate a link, or an FTP site, or a warez that will help.
    >
    > Of course I am going a little crazy. But the good news is, once I learn
    > this, it's very unlikely I will ever forget it.
    >
    > And, I *think* I might just turn on administrative rights with my
    > children's pc. (If that will help)
    >
    > Thanks, in advance.
    >
    > My email works, and gets very little spam. Which is cool.
    >


    Have you tried deleting in safe mode or from a command prompt? Press F8
    when booting and it will give you the option.

    If you really want a bootdisk try http://www.bootdisk.com/
     
    Tony, Jan 15, 2006
    #2
    1. Advertising

  3. ng_reader

    7 Guest

    ng_reader wrote:

    > Hello,
    > I seem to be having a rather sticky time removing from my kids PC an
    > instance of NewDotNet .
    >
    > I think alls I need to do is remove a folder from my C:\Program Files\
    > directory, however the folder contains a Dynamic Library Link (*.dl) that
    > is not removable from *within* windows.
    >
    > So, I tried to make a bootable 1.44 FD, but that is a struggle. (WTF -
    > load command interpreter?)
    >
    > But now I just want to create a CD that I can boot from, and would
    > appreciate a link, or an FTP site, or a warez that will help.
    >
    > Of course I am going a little crazy. But the good news is, once I learn
    > this, it's very unlikely I will ever forget it.
    >
    > And, I *think* I might just turn on administrative rights with my
    > children's pc. (If that will help)
    >
    > Thanks, in advance.
    >
    > My email works, and gets very little spam. Which is cool.



    If you have FAT32, then you can boot up with things like DSL,
    Mepis, Knoppix etc, and delete to heart's content.
    NTFS may also work with some of these liveCDs.
    http://www.livecdlist.com
     
    7, Jan 15, 2006
    #3
  4. ng_reader

    old jon Guest

    "ng_reader" <> wrote in message
    news:...
    > Hello,
    > I seem to be having a rather sticky time removing from my kids PC an
    > instance of NewDotNet .
    >
    > I think alls I need to do is remove a folder from my C:\Program Files\
    > directory, however the folder contains a Dynamic Library Link (*.dl) that
    > is not removable from *within* windows.
    >

    snipped
    >

    Go here and read the article, then get Ad-Aware SE, and also Spybot.
    Install and Update them on the web.
    http://www.pchell.com/support/savenow.shtml

    --
    bw..OJ
     
    old jon, Jan 15, 2006
    #4
  5. ng_reader

    ng_reader Guest

    yes

    "Tony" <> wrote in message
    news:dqe12v$ou9$...
    >
    > "ng_reader" <> wrote in message
    > news:...
    >> Hello,
    >> I seem to be having a rather sticky time removing from my kids PC an
    >> instance of NewDotNet .
    >>
    >> I think alls I need to do is remove a folder from my C:\Program Files\
    >> directory, however the folder contains a Dynamic Library Link (*.dl) that
    >> is not removable from *within* windows.
    >>
    >> So, I tried to make a bootable 1.44 FD, but that is a struggle. (WTF -
    >> load command interpreter?)
    >>
    >> But now I just want to create a CD that I can boot from, and would
    >> appreciate a link, or an FTP site, or a warez that will help.
    >>
    >> Of course I am going a little crazy. But the good news is, once I learn
    >> this, it's very unlikely I will ever forget it.
    >>
    >> And, I *think* I might just turn on administrative rights with my
    >> children's pc. (If that will help)
    >>
    >> Thanks, in advance.
    >>
    >> My email works, and gets very little spam. Which is cool.
    >>

    >
    > Have you tried deleting in safe mode or from a command prompt? Press F8
    > when booting and it will give you the option.
    >
    > If you really want a bootdisk try http://www.bootdisk.com/
    >
     
    ng_reader, Jan 15, 2006
    #5
  6. ng_reader

    ng_reader Guest

    I think this is what I am looking for...
    TIA

    "7" <> wrote in message
    news:pywyf.1555$...
    > ng_reader wrote:
    >
    >> Hello,
    >> I seem to be having a rather sticky time removing from my kids PC an
    >> instance of NewDotNet .
    >>
    >> I think alls I need to do is remove a folder from my C:\Program Files\
    >> directory, however the folder contains a Dynamic Library Link (*.dl) that
    >> is not removable from *within* windows.
    >>
    >> So, I tried to make a bootable 1.44 FD, but that is a struggle. (WTF -
    >> load command interpreter?)
    >>
    >> But now I just want to create a CD that I can boot from, and would
    >> appreciate a link, or an FTP site, or a warez that will help.
    >>
    >> Of course I am going a little crazy. But the good news is, once I learn
    >> this, it's very unlikely I will ever forget it.
    >>
    >> And, I *think* I might just turn on administrative rights with my
    >> children's pc. (If that will help)
    >>
    >> Thanks, in advance.
    >>
    >> My email works, and gets very little spam. Which is cool.

    >
    >
    > If you have FAT32, then you can boot up with things like DSL,
    > Mepis, Knoppix etc, and delete to heart's content.
    > NTFS may also work with some of these liveCDs.
    > http://www.livecdlist.com
    >
     
    ng_reader, Jan 15, 2006
    #6
  7. ng_reader

    ng_reader Guest

    Use both, visited that website. Maybe something I *didn't* see, but...


    "old jon" <> wrote in message
    news:UMwyf.53991$...
    >
    > "ng_reader" <> wrote in message
    > news:...
    >> Hello,
    >> I seem to be having a rather sticky time removing from my kids PC an
    >> instance of NewDotNet .
    >>
    >> I think alls I need to do is remove a folder from my C:\Program Files\
    >> directory, however the folder contains a Dynamic Library Link (*.dl) that
    >> is not removable from *within* windows.
    >>

    > snipped
    >>

    > Go here and read the article, then get Ad-Aware SE, and also Spybot.
    > Install and Update them on the web.
    > http://www.pchell.com/support/savenow.shtml
    >
    > --
    > bw..OJ
    >
     
    ng_reader, Jan 15, 2006
    #7
  8. ng_reader

    Toolman Tim Guest

    In news:,
    ng_reader spewed forth:
    >>
    >> Go here and read the article, then get Ad-Aware SE, and also Spybot.
    >> Install and Update them on the web.
    >> http://www.pchell.com/support/savenow.shtml

    >
    > Use both, visited that website. Maybe something I *didn't* see,
    > but...


    Okay, then I'll explain what it possibly is that you "didn't see".

    Look again. See the words "Bearshare, DivX player, Imesh, and a few other
    downloadable programs.". If the PC has one of those installed and running,
    it will prevent deleting "in use" files.

    You might be able to get the file deleted by uninstalling whatever program
    the .dll came with. Deleting the .dll will probably stop whatever it came
    with from running anyway.

    See, it's called a "dependency". Certain things sometimes keep others from
    happening. You might have to get to the source of the problem, rather than
    treating the symptoms.

    --
    Regardless of Public Law No. 109-162 I hereby affirm that it is
    probably my intent to annoy the reader of this post. Get over it.
     
    Toolman Tim, Jan 15, 2006
    #8
  9. ng_reader

    old jon Guest

    "Toolman Tim" <> wrote in message
    news:3myyf.599$...
    > In news:,
    > OLDJON spewed forth:
    >>>
    >>> Go here and read the article, then get Ad-Aware SE, and also Spybot.
    >>> Install and Update them on the web.
    >>> http://www.pchell.com/support/savenow.shtml

    >>
    >> Use both, visited that website. Maybe something I *didn't* see,
    >> but...

    >
    > Okay, then I'll explain what it possibly is that you "didn't see".
    >
    > Look again. See the words "Bearshare, DivX player, Imesh, and a few other
    > downloadable programs.". If the PC has one of those installed and running,
    > it will prevent deleting "in use" files.
    >
    > You might be able to get the file deleted by uninstalling whatever program
    > the .dll came with. Deleting the .dll will probably stop whatever it came
    > with from running anyway.
    >
    > See, it's called a "dependency". Certain things sometimes keep others from
    > happening. You might have to get to the source of the problem, rather than
    > treating the symptoms.
    >

    Thanks again Tim, I told him to `go and have a read`.
    What would we do without you.
    I dont normally bother to go too deep in my answers, `cos it confuses
    some people.
    You and I know what a dynamic link library is, and what it`s for.

    --
    best wishes, as always..OJ
     
    old jon, Jan 15, 2006
    #9
  10. ng_reader

    Toolman Tim Guest

    In news:wFyyf.75747$,
    old jon spewed forth:
    > "Toolman Tim" <> wrote in message
    > news:3myyf.599$...
    >> In news:,
    >> OLDJON spewed forth:
    >>>>
    >>>> Go here and read the article, then get Ad-Aware SE, and also
    >>>> Spybot. Install and Update them on the web.
    >>>> http://www.pchell.com/support/savenow.shtml
    >>>
    >>> Use both, visited that website. Maybe something I *didn't* see,
    >>> but...

    >>
    >> Okay, then I'll explain what it possibly is that you "didn't see".
    >>
    >> Look again. See the words "Bearshare, DivX player, Imesh, and a few
    >> other downloadable programs.". If the PC has one of those installed
    >> and running, it will prevent deleting "in use" files.
    >>
    >> You might be able to get the file deleted by uninstalling whatever
    >> program the .dll came with. Deleting the .dll will probably stop
    >> whatever it came with from running anyway.
    >>
    >> See, it's called a "dependency". Certain things sometimes keep
    >> others from happening. You might have to get to the source of the
    >> problem, rather than treating the symptoms.
    >>

    > Thanks again Tim, I told him to `go and have a read`.
    > What would we do without you.
    > I dont normally bother to go too deep in my answers, `cos it confuses
    > some people.
    > You and I know what a dynamic link library is, and what it`s for.
    >

    Yup. Shared code. Great concept: why reinvent the wheel?

    I may have stopped my explanation too soon. The second part of that article
    relates more closely to the newdotnet problem. But it's the same concept -
    file(s) in use, and if it *is* deleted, whatever it came with gets broken.

    --
    Regardless of Public Law No. 109-162 I hereby affirm that it is
    probably my intent to annoy the reader of this post. Get over it.
     
    Toolman Tim, Jan 15, 2006
    #10
  11. ng_reader

    ng_reader Guest

    "Toolman Tim" <> wrote in message
    news:nMyyf.606$...
    > In news:wFyyf.75747$,
    > old jon spewed forth:
    >> "Toolman Tim" <> wrote in message
    >> news:3myyf.599$...
    >>> In news:,
    >>> OLDJON spewed forth:
    >>>>>
    >>>>> Go here and read the article, then get Ad-Aware SE, and also
    >>>>> Spybot. Install and Update them on the web.
    >>>>> http://www.pchell.com/support/savenow.shtml
    >>>>
    >>>> Use both, visited that website. Maybe something I *didn't* see,
    >>>> but...
    >>>
    >>> Okay, then I'll explain what it possibly is that you "didn't see".
    >>>
    >>> Look again. See the words "Bearshare, DivX player, Imesh, and a few
    >>> other downloadable programs.". If the PC has one of those installed
    >>> and running, it will prevent deleting "in use" files.
    >>>
    >>> You might be able to get the file deleted by uninstalling whatever
    >>> program the .dll came with. Deleting the .dll will probably stop
    >>> whatever it came with from running anyway.
    >>>
    >>> See, it's called a "dependency". Certain things sometimes keep
    >>> others from happening. You might have to get to the source of the
    >>> problem, rather than treating the symptoms.
    >>>

    >> Thanks again Tim, I told him to `go and have a read`.
    >> What would we do without you.
    >> I dont normally bother to go too deep in my answers, `cos it confuses
    >> some people.
    >> You and I know what a dynamic link library is, and what it`s for.
    >>

    > Yup. Shared code. Great concept: why reinvent the wheel?
    >
    > I may have stopped my explanation too soon. The second part of that
    > article relates more closely to the newdotnet problem. But it's the same
    > concept - file(s) in use, and if it *is* deleted, whatever it came with
    > gets broken.
    >
    > --
    > Regardless of Public Law No. 109-162 I hereby affirm that it is
    > probably my intent to annoy the reader of this post. Get over it.
    >


    The kids didn't install and P2P, nor did I, so that's not it.

    TT, I like your stuff in alt.home.repair, keep up the good work.

    Basically the ad-aware and spybots are pretty good at narrowing down which
    dll files are associated with which application. The only thing I am trying
    to do is remove either the dll or whatever is creating the dll.

    In the past I have been able to stop these ads from popping up by removing
    that dll from *outside* an OS. So far I am stuck at even getting outside the
    OS. Thus the post.
     
    ng_reader, Jan 15, 2006
    #11
  12. ng_reader

    Toolman Tim Guest

    In news:,
    ng_reader spewed forth:

    >
    > In the past I have been able to stop these ads from popping up by
    > removing that dll from *outside* an OS. So far I am stuck at even
    > getting outside the OS. Thus the post.


    True - because NTFS isn't accessible from DOS (FAT16 or FAT32) you can't
    boot from a floppy disk to do this like you could in Windows 9x versions.

    But that DLL doesn't execute on it's own! So, either it is not the one
    causing your current problem, or *another* program is loading that DLL. In
    which case, you need to find the malicious program as well.

    But for deleting the DLL you have a few options - most of which have been
    discussed. Here's what I'd try (in this order):

    1) restart the PC in safe mode and attempt to delete it there

    2) try one of the "move/delete on reboot" type of utilities available from
    the web

    3) boot from a CD that allows you to read NTFS and then delete it. However
    many Linux "live CDs" won't allow you to write to or delete from an NTFS
    volume because of limited compatibility with NTFS. But other bootable CDs
    are available.

    4) remove the drive from that PC, mount it as slave in another PC with NT,
    W2K or XP on it. Fire up the PC, delete the file from the slave drive, power
    off, replace the drive in the original system, reboot.

    One caveat: even if you DO succeed in getting rid of the DLL, if you haven't
    killed what PUT it there, it's likely to be put back by the malware that
    installed it in the first place.

    --
    Regardless of Public Law No. 109-162 I hereby affirm that it is
    probably my intent to annoy the reader of this post. Get over it.
     
    Toolman Tim, Jan 15, 2006
    #12
  13. ng_reader

    Jim Byrd Guest

    Hi ng_reader - Below are some links to file removal tools from my Blog,
    Defending Your Machine, addy below in my Signature. First though, take a
    look here for detailed removal directions and a specific removal tool for
    NewDotNet:
    http://securityresponse.symantec.com/avcenter/venc/data/adware.ndotnet.html#removalinstructions

    http://securityresponse.symantec.com/avcenter/FxNdotN.exe


    <Blog excerpt 1>
    ? Sometimes the tools below will find files which they are unable to delete
    because they are in use.

    A program called Copylock, here, http://noeld.com/programs.asp?cat=misc can
    aid in the process of "replacing, moving, renaming or deleting one or many
    files which are currently in use (e.g. system files like comctl32.dll, or
    virus/trojan files.)"

    Another is Killbox, here: http://www.downloads.subratam.org/KillBox.zip

    A third which is a bit different but often very useful is Delete Invalid
    File, here: http://www.purgeie.com/delinv.htm which handles invalid/UNC
    file/folder name deleting, rather than the in use problem.

    A fourth useful program is Unlocker, here:
    ..http://ccollomb.free.fr/unlocker/ " Simply right click the folder or file
    and select Unlocker. If the folder or file is locked, a window listing of
    lockers will appear. Simply select the lockers and click Unlock and you are
    done!" Works as advertised and is particularly helpful in identifying
    malware components which are 'protecting' each other.
    </Blog excerpt 1>



    <Blog excerpt 2>
    *******
    ONLY IF you've successfully eliminated the malware, you can now make a new,
    clean Restore Point and delete any previously saved (possibly infected)
    ones. The following suggested approach is courtesy of Gary Woodruff: For XP
    you can run a Disk Cleanup cycle and then look in the More Options tab. The
    System Restore option removes all but the latest Restore Point. If there
    hasn't been one made since the system was cleaned you should manually create
    one before dumping the old possibly infected ones. Also, be aware courtesy
    of MVP Bert Kinney, here: http://bertk.mvps.org/html/tips.html "Note: When
    restoring a system in Safe Mode, an automatic "UNDO" restore point will NOT
    be created and will not allow a restoration to the current state." To create
    a new "Restore Point" go to StartRun then type:

    %SystemRoot%\System32\restore\rstrui.exe

    You'll find full directions here:
    http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpsysrst.mspx
    *******
    </Blog excerpt 2>


    When you get things cleaned up, take a look at my Blog, Defending Your
    Machine, addy in my Signature below, for some additional curative and
    preventive measures you might want to implement to help prevent this type of
    thing in the future.


    --
    Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
    My Blog, Defending Your Machine, here:
    http://DefendingYourMachine.blogspot.com/



    "ng_reader" <> wrote in message
    news:
    > Hello,
    > I seem to be having a rather sticky time removing from my kids PC an
    > instance of NewDotNet .
    >
    > I think alls I need to do is remove a folder from my C:\Program Files\
    > directory, however the folder contains a Dynamic Library Link (*.dl) that

    is
    > not removable from *within* windows.
    >
    > So, I tried to make a bootable 1.44 FD, but that is a struggle. (WTF -

    load
    > command interpreter?)
    >
    > But now I just want to create a CD that I can boot from, and would
    > appreciate a link, or an FTP site, or a warez that will help.
    >
    > Of course I am going a little crazy. But the good news is, once I learn
    > this, it's very unlikely I will ever forget it.
    >
    > And, I *think* I might just turn on administrative rights with my

    children's
    > pc. (If that will help)
    >
    > Thanks, in advance.
    >
    > My email works, and gets very little spam. Which is cool.
     
    Jim Byrd, Jan 16, 2006
    #13
  14. ng_reader

    ng_reader Guest

    "Jim Byrd" <> wrote in message
    news:...
    > Hi ng_reader - Below are some links to file removal tools from my Blog,
    > Defending Your Machine, addy below in my Signature. First though, take a
    > look here for detailed removal directions and a specific removal tool for
    > NewDotNet:
    > http://securityresponse.symantec.com/avcenter/venc/data/adware.ndotnet.html#removalinstructions
    >
    > http://securityresponse.symantec.com/avcenter/FxNdotN.exe
    >
    >
    > <Blog excerpt 1>
    > ? Sometimes the tools below will find files which they are unable to
    > delete
    > because they are in use.
    >
    > A program called Copylock, here, http://noeld.com/programs.asp?cat=misc
    > can
    > aid in the process of "replacing, moving, renaming or deleting one or many
    > files which are currently in use (e.g. system files like comctl32.dll, or
    > virus/trojan files.)"
    >
    > Another is Killbox, here: http://www.downloads.subratam.org/KillBox.zip
    >
    > A third which is a bit different but often very useful is Delete Invalid
    > File, here: http://www.purgeie.com/delinv.htm which handles invalid/UNC
    > file/folder name deleting, rather than the in use problem.
    >
    > A fourth useful program is Unlocker, here:
    > .http://ccollomb.free.fr/unlocker/ " Simply right click the folder or file
    > and select Unlocker. If the folder or file is locked, a window listing of
    > lockers will appear. Simply select the lockers and click Unlock and you
    > are
    > done!" Works as advertised and is particularly helpful in identifying
    > malware components which are 'protecting' each other.
    > </Blog excerpt 1>
    >
    >
    >
    > <Blog excerpt 2>
    > *******
    > ONLY IF you've successfully eliminated the malware, you can now make a
    > new,
    > clean Restore Point and delete any previously saved (possibly infected)
    > ones. The following suggested approach is courtesy of Gary Woodruff: For
    > XP
    > you can run a Disk Cleanup cycle and then look in the More Options tab.
    > The
    > System Restore option removes all but the latest Restore Point. If there
    > hasn't been one made since the system was cleaned you should manually
    > create
    > one before dumping the old possibly infected ones. Also, be aware courtesy
    > of MVP Bert Kinney, here: http://bertk.mvps.org/html/tips.html "Note: When
    > restoring a system in Safe Mode, an automatic "UNDO" restore point will
    > NOT
    > be created and will not allow a restoration to the current state." To
    > create
    > a new "Restore Point" go to StartRun then type:
    >
    > %SystemRoot%\System32\restore\rstrui.exe
    >
    > You'll find full directions here:
    > http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpsysrst.mspx
    > *******
    > </Blog excerpt 2>
    >
    >
    > When you get things cleaned up, take a look at my Blog, Defending Your
    > Machine, addy in my Signature below, for some additional curative and
    > preventive measures you might want to implement to help prevent this type
    > of
    > thing in the future.
    >
    >
    > --
    > Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
    > My Blog, Defending Your Machine, here:
    > http://DefendingYourMachine.blogspot.com/
    >


    Still working on it.

    Found two files on the root drive that I had to remove with one of the
    utilities.

    But the infection still exists. It's a nasty one, that's for sure.

    The NewDotNet is no longer present, coolWWWsearch, and dyfuca or whatever.

    I'll get it yet.



    >
    >
    > "ng_reader" <> wrote in message
    > news:
    >> Hello,
    >> I seem to be having a rather sticky time removing from my kids PC an
    >> instance of NewDotNet .
    >>
    >> I think alls I need to do is remove a folder from my C:\Program Files\
    >> directory, however the folder contains a Dynamic Library Link (*.dl) that

    > is
    >> not removable from *within* windows.
    >>
    >> So, I tried to make a bootable 1.44 FD, but that is a struggle. (WTF -

    > load
    >> command interpreter?)
    >>
    >> But now I just want to create a CD that I can boot from, and would
    >> appreciate a link, or an FTP site, or a warez that will help.
    >>
    >> Of course I am going a little crazy. But the good news is, once I learn
    >> this, it's very unlikely I will ever forget it.
    >>
    >> And, I *think* I might just turn on administrative rights with my

    > children's
    >> pc. (If that will help)
    >>
    >> Thanks, in advance.
    >>
    >> My email works, and gets very little spam. Which is cool.

    >
    >
     
    ng_reader, Jan 17, 2006
    #14
  15. ng_reader

    Toolman Tim Guest

    In news:,
    ng_reader spewed forth:

    > Still working on it.
    >
    > Found two files on the root drive that I had to remove with one of the
    > utilities.
    >
    > But the infection still exists. It's a nasty one, that's for sure.
    >
    > The NewDotNet is no longer present, coolWWWsearch, and dyfuca or
    > whatever.
    > I'll get it yet.
    >

    Geez! How much time you gonna waste on this? I could have backed up the data
    and settings, reinstalled Windows clean, reinstalled my apps, put my
    settings and data back and been off and running hours ago!

    --
    Regardless of Public Law No. 109-162 I hereby affirm that it is
    probably my intent to annoy the reader of this post. Get over it.
     
    Toolman Tim, Jan 17, 2006
    #15
  16. ng_reader

    ng_reader Guest

    "Toolman Tim" <> wrote in message
    news:a0Zyf.141$...
    > In news:,
    > ng_reader spewed forth:
    >
    >> Still working on it.
    >>
    >> Found two files on the root drive that I had to remove with one of the
    >> utilities.
    >>
    >> But the infection still exists. It's a nasty one, that's for sure.
    >>
    >> The NewDotNet is no longer present, coolWWWsearch, and dyfuca or
    >> whatever.
    >> I'll get it yet.
    >>

    > Geez! How much time you gonna waste on this? I could have backed up the
    > data and settings, reinstalled Windows clean, reinstalled my apps, put my
    > settings and data back and been off and running hours ago!
    >
    > --
    > Regardless of Public Law No. 109-162 I hereby affirm that it is
    > probably my intent to annoy the reader of this post. Get over it.
    >


    I don't have the install discs for the machine. But, something worth
    considering.
     
    ng_reader, Jan 17, 2006
    #16
  17. ng_reader

    pcbutts1 Guest

    Use Ewido, you will never be able to get it all trying to manually delete
    each file.

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "ng_reader" <> wrote in message
    news:...
    >
    > "Jim Byrd" <> wrote in message
    > news:...
    >> Hi ng_reader - Below are some links to file removal tools from my Blog,
    >> Defending Your Machine, addy below in my Signature. First though, take a
    >> look here for detailed removal directions and a specific removal tool for
    >> NewDotNet:
    >> http://securityresponse.symantec.com/avcenter/venc/data/adware.ndotnet.html#removalinstructions
    >>
    >> http://securityresponse.symantec.com/avcenter/FxNdotN.exe
    >>
    >>
    >> <Blog excerpt 1>
    >> ? Sometimes the tools below will find files which they are unable to
    >> delete
    >> because they are in use.
    >>
    >> A program called Copylock, here, http://noeld.com/programs.asp?cat=misc
    >> can
    >> aid in the process of "replacing, moving, renaming or deleting one or
    >> many
    >> files which are currently in use (e.g. system files like comctl32.dll, or
    >> virus/trojan files.)"
    >>
    >> Another is Killbox, here: http://www.downloads.subratam.org/KillBox.zip
    >>
    >> A third which is a bit different but often very useful is Delete Invalid
    >> File, here: http://www.purgeie.com/delinv.htm which handles invalid/UNC
    >> file/folder name deleting, rather than the in use problem.
    >>
    >> A fourth useful program is Unlocker, here:
    >> .http://ccollomb.free.fr/unlocker/ " Simply right click the folder or
    >> file
    >> and select Unlocker. If the folder or file is locked, a window listing of
    >> lockers will appear. Simply select the lockers and click Unlock and you
    >> are
    >> done!" Works as advertised and is particularly helpful in identifying
    >> malware components which are 'protecting' each other.
    >> </Blog excerpt 1>
    >>
    >>
    >>
    >> <Blog excerpt 2>
    >> *******
    >> ONLY IF you've successfully eliminated the malware, you can now make a
    >> new,
    >> clean Restore Point and delete any previously saved (possibly infected)
    >> ones. The following suggested approach is courtesy of Gary Woodruff: For
    >> XP
    >> you can run a Disk Cleanup cycle and then look in the More Options tab.
    >> The
    >> System Restore option removes all but the latest Restore Point. If there
    >> hasn't been one made since the system was cleaned you should manually
    >> create
    >> one before dumping the old possibly infected ones. Also, be aware
    >> courtesy
    >> of MVP Bert Kinney, here: http://bertk.mvps.org/html/tips.html "Note:
    >> When
    >> restoring a system in Safe Mode, an automatic "UNDO" restore point will
    >> NOT
    >> be created and will not allow a restoration to the current state." To
    >> create
    >> a new "Restore Point" go to StartRun then type:
    >>
    >> %SystemRoot%\System32\restore\rstrui.exe
    >>
    >> You'll find full directions here:
    >> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpsysrst.mspx
    >> *******
    >> </Blog excerpt 2>
    >>
    >>
    >> When you get things cleaned up, take a look at my Blog, Defending Your
    >> Machine, addy in my Signature below, for some additional curative and
    >> preventive measures you might want to implement to help prevent this type
    >> of
    >> thing in the future.
    >>
    >>
    >> --
    >> Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
    >> My Blog, Defending Your Machine, here:
    >> http://DefendingYourMachine.blogspot.com/
    >>

    >
    > Still working on it.
    >
    > Found two files on the root drive that I had to remove with one of the
    > utilities.
    >
    > But the infection still exists. It's a nasty one, that's for sure.
    >
    > The NewDotNet is no longer present, coolWWWsearch, and dyfuca or whatever.
    >
    > I'll get it yet.
    >
    >
    >
    >>
    >>
    >> "ng_reader" <> wrote in message
    >> news:
    >>> Hello,
    >>> I seem to be having a rather sticky time removing from my kids PC an
    >>> instance of NewDotNet .
    >>>
    >>> I think alls I need to do is remove a folder from my C:\Program Files\
    >>> directory, however the folder contains a Dynamic Library Link (*.dl)
    >>> that

    >> is
    >>> not removable from *within* windows.
    >>>
    >>> So, I tried to make a bootable 1.44 FD, but that is a struggle. (WTF -

    >> load
    >>> command interpreter?)
    >>>
    >>> But now I just want to create a CD that I can boot from, and would
    >>> appreciate a link, or an FTP site, or a warez that will help.
    >>>
    >>> Of course I am going a little crazy. But the good news is, once I learn
    >>> this, it's very unlikely I will ever forget it.
    >>>
    >>> And, I *think* I might just turn on administrative rights with my

    >> children's
    >>> pc. (If that will help)
    >>>
    >>> Thanks, in advance.
    >>>
    >>> My email works, and gets very little spam. Which is cool.

    >>
    >>

    >
    >
     
    pcbutts1, Jan 17, 2006
    #17
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Developwebsites

    0 kb DLLs

    Developwebsites, Nov 29, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    502
  2. Replies:
    13
    Views:
    747
    David Candy
    Jan 11, 2005
  3. PrashantP

    How do RAW image viewing dlls work?

    PrashantP, Oct 30, 2005, in forum: Digital Photography
    Replies:
    2
    Views:
    279
    Ray Fischer
    Oct 30, 2005
  4. Giuen
    Replies:
    0
    Views:
    1,007
    Giuen
    Sep 12, 2008
  5. Bootable USB for bootable ISO image?

    , Sep 11, 2009, in forum: Computer Support
    Replies:
    7
    Views:
    1,068
Loading...

Share This Page