Members
  • Total Members: 12809
  • Latest: Dorel
Stats
  • Total Posts: 28474
  • Total Topics: 8238
  • Online Today: 885
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: how to get rid of this virus:mypern0.dll  (Read 12718 times)

0 Members and 1 Guest are viewing this topic.

doc

  • SCF Member
  • **
  • Posts: 15
  • KARMA: 0
how to get rid of this virus:mypern0.dll
« on: 17. September 2007., 00:17:06 »
n/a

Samker's Computer Forum - SCforum.info

how to get rid of this virus:mypern0.dll
« on: 17. September 2007., 00:17:06 »




Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: how to get rid of this virus:mypern0.dll
« Reply #1 on: 17. September 2007., 08:51:03 »
Hi Doc and Welcome to SCF Community!

We are here to help you and will do our best to resolve this problem.

Since you are already provide us HJT log, we will start with this steps:

1.Click on the following links and download the program LSPFix: http://www.cexx.org/lspfix.htm
Don't run it just download!

2. Go to your Control Panel (Start -> Control Panel -> Add/Remove Programs)
Try to locate "NewDotNet" (or something like this: SaveNow, Save!, SaveNow, WhenUShop, New.Net Domains) and choose to Remove it.
Reboot your computer and NewdotNet should be removed.

3. Because NewDotNet affects the Internet access on a computer, sometimes after removing it, you wont be able to go anywhere on the Internet. If this happens run LSPFix.


4. Update your AntiVirus and run full scan, after that provide us information how your PC work now and also new HJT log, it's important to before running HJT turn of all possible programs.

I'll be here and wait your answer (HJT log).

Don't worry We will fix this. 

Samker

doc

  • SCF Member
  • **
  • Posts: 15
  • KARMA: 0
Re: how to get rid of this virus:mypern0.dll
« Reply #2 on: 17. September 2007., 23:23:07 »
i can't remove NewDotNet.  at first i tried to find it in the "add or remove programs" but i can't find it.  then i searched for the program and tried to uninstall it from the program file folder by using uninstall.  it didn't work neither.  when i restarted my computer the new dot net program is still there.

doc

  • SCF Member
  • **
  • Posts: 15
  • KARMA: 0
Re: how to get rid of this virus:mypern0.dll
« Reply #3 on: 18. September 2007., 00:52:29 »
i scaned my computer and it says

POSSIBLE_STRAT-6

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=Possible_Strat-6

they don't have any solutions on how to clean this virus. and also i can't quarantine it.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: how to get rid of this virus:mypern0.dll
« Reply #4 on: 18. September 2007., 09:19:30 »
Yes Doc, it's look like Trend Micro doesn't have (yet) soluttions for this but don't worry we have more solutions  ;):

1. Turn of System Restore

2. Uninstall Trend Micro AntiVirus

3. Download & Install Kaspersky Anti-Virus 7.0 (Trial version): http://dnl-us5.kaspersky-labs.com/trial/registered/IALH5CIN3C6BRF8JWO9X/kav7.0.0.125en.exe

4. Update the virus definitions (Kaspersky)
 
5. Run a full system scan and delete all the files detected.

6. After all, please provide us new HJT log.


Samker



doc

  • SCF Member
  • **
  • Posts: 15
  • KARMA: 0
Re: how to get rid of this virus:mypern0.dll
« Reply #5 on: 18. September 2007., 22:43:47 »
but if i uninstall trend mircro doesn't that mean i won't get it back.. because i paid for 3 years and it only came with the computer..

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: how to get rid of this virus:mypern0.dll
« Reply #6 on: 19. September 2007., 08:53:34 »
Quote
but if i uninstall trend mircro doesn't that mean i won't get it back.. because i paid for 3 years and it only came with the computer..

As I know, when you buy licence from TM they give you activation serial number and you have posibility to reinstall & install them again, you have right even to install same copy up to three PC:
Quote
2. PAID USE LICENSE. Household license: For each product license purchased for home use, Trend Micro grants a nonexclusive,
non-transferable and non-assignable right to install the Software on up to three (3) personal computers (each a
“Computer”) for use by and for all end users in the same household, but only up to three (3) different registered end users, a
primary user and two (2) secondary users. The special rights and obligations of primary and secondary users are set forth in
Sections 18 and 19 below. Entity license: For each product license purchased for commercial or educational use, Trend Micro
grants a non-exclusive, non-transferable and non-assignable right to install the Software on up to three (3) Computers for
registered use by and for employees of the entity on whose behalf the product license was purchased. For household and entity
licenses: the Software may only be installed on one operating system per Computer

More about you rights, can find here: http://drh.img.digitalriver.com/DRHM/Storefront/Site/tmamer/pb/multimedia/EULAs/EULA_InternetSecurity2007.pdf

So check where is your Activation Key (or just contact them) and we will install TM AntiVirus them again after "cleaning".


If you doesn't like these option, please go and make online scan your PC with:

Kaspersky: http://scforum.info/index.php/topic,744.0.html

McAfee: http://scforum.info/index.php/topic,745.0.html

and provide us what they find including also new HJT log (make them after restart, before that turn off all (possible) runing program like players, messengers etc.).


I'll waiting your answer,


Samker

doc

  • SCF Member
  • **
  • Posts: 15
  • KARMA: 0
Re: how to get rid of this virus:mypern0.dll
« Reply #7 on: 20. September 2007., 01:01:50 »
n/a

doc

  • SCF Member
  • **
  • Posts: 15
  • KARMA: 0
Re: how to get rid of this virus:mypern0.dll
« Reply #8 on: 20. September 2007., 01:06:36 »
n/a

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: how to get rid of this virus:mypern0.dll
« Reply #9 on: 20. September 2007., 15:31:53 »
Hi again Doc,

we have here at least two infection, because of that we will need to make cleaning in few steps and you will need to strictly follow my instruction:

1. Turn of System Restore (this is most important).
Quote
Steps to turn off System Restore
1. Click Start, right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the System Restore tab.
3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
4. Click OK.
5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:
You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.

Do you want to turn off System Restore?
After a few moments, the System Properties dialog box closes.

2. Go to Trend Micro Quarantine folder and delete all you find inside.

3. Uninstall NewDotNet with one of the following procedures:

Quote
PROCEDURE 1 (Add/Remove Programs):
* Please make sure all anti-virus and anti-spy ware programs are shut off for the uninstall process. These programs can hinder the complete removal of the new.net software.
Click on Start.
Click on Settings.
Click on Control Panel.
From the Control Panel, double-click on Add/Remove Programs.
Click on the Install/Uninstall tab in the Add/Remove Programs Properties window.
Locate either New.net Application or New.net Domains and select it.
Click on the Add/Remove button.
After removal of our software, you may be prompted to reboot. Please reboot after removing our software.
If this does not fully remove our software, please proceed to PROCEDURE 2.

PROCEDURE 2 (Uninstall from Hard Drive):
* Please make sure all anti-virus and anti-spy ware programs are shut off for the uninstall process. These programs can hinder the complete removal of the new.net software.
Double-click on My Computer.
Double-click on the C: drive.
Double-click on the Program Files folder.
Locate and double-click on the NewDotNet folder. If there is no folder, please proceed to PROCEDURE 3.
Locate and double-click on the uninstall executable; it will be labeled uninstallX_XX.exe. (“X” represents the version number of the uninstaller and you should always use the latest version)
After removal of our software, you may be prompted to reboot. Please reboot after removing our software.
If this does not fully remove our software, please proceed to PROCEDURE 3.

PROCEDURE 3 (Locate Backup Copy of Uninstaller and Uninstall from Hard Drive):
* Please make sure all anti-virus and anti-spy ware programs are shut off for the uninstall process. These programs can hinder the complete removal of the new.net software.
Double-click on My Computer.
Double-click on the C: drive.
Double-click on the Windows or Winnt folder.
Locate and double-click on the uninstall executable; it will be labeled NDNuninstallx_xx.exe. ("X" represents the version number of the uninstaller)
After removal of our software, you may be prompted to reboot. Please reboot after removing our software.
If this does not fully remove our software, please proceed to PROCEDURE 4.

PROCEDURE 4 (Download Uninstall from New.net):
* Please make sure all anti-virus and anti-spy ware programs are shut off for the uninstall process. These programs can hinder the complete removal of the new.net software.

4. Update your TM AntiVirus.

5. Restart your PC and run again in Safe Mode. Instruction:
Quote
To start the computer in safe mode
1.
You should print these instructions before continuing. They will not be available after you shut your computer down in step 2.

2.
Click Start and then click Shut Down.

3.
In the drop-down list of the Shut Down Windows dialog box, click Restart, and then click OK.

4.
As your computer restarts but before Windows launches, press F8. 
On a computer that is configured for booting to multiple operating systems, you can press F8 when the boot menu appears.

5.
Use the arrow keys to highlight the appropriate safe mode option, and then press ENTER.

6.
If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.


Note•
If Windows launches before you can choose a safe mode, restart your computer and try again.

In safe mode, you have access to only basic files and drivers (mouse, monitor, keyboard, mass storage, base video, default system services, and no network connections). You can choose the Safe Mode with Networking option, which loads all of the above files and drivers and the essential services and drivers to start networking, or you can choose the Safe Mode with Command Prompt option, which is exactly the same as safe mode except that a command prompt is started instead of the graphical user interface. You can also choose Last Known Good Configuration, which starts your computer using the registry information that was saved at the last shutdown.

Safe mode helps you diagnose problems. If a symptom does not reappear when you start in safe mode, you can eliminate the default settings and minimum device drivers as possible causes. If a newly added device or a changed driver is causing problems, you can use safe mode to remove the device or reverse the change.

There are circumstances where safe mode will not be able to help you, such as when Windows system files that are required to start the system are corrupted or damaged. In this case, the Recovery Console may help you.

NUM LOCK must be off before the arrow keys on the numeric keypad will function.

6. Run again Full Scan - TM AntiVirus

7. After that again Kaspersky Online Scan

8. After that HijackThis

9. Provide us log from both (Kaspersky and HJT)


I'll be waiting your replay, again  ;).

Samker


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising