Newdotnet, New.net removal.

Go to Start>Control Panel>add/remove programs and remove(ununstall) the Newdotnet entry from there, or go here and scroll down to the uninstall tool.

Collected.5.L Trojan.

Click here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\System32\(file name following Shell=Explorer.exe, from the F2 line in hijackthis)
C:\WINDOWS\System32\msdirectx.sys


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Run HijackThis and put checkmarks in front of the following items.

F2 - REG:system.ini: Shell=Explorer.exe,random.exe

Close all windows except HijackThis and click Fix checked:

Boot back to normal and copy the part in bold below into notepad. Save it as unlegacy.reg (set filetype to "All Files")

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECTX]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSDIRECTX]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdirectx]


Doubleclick the file you made and confirm you want to merge it with the registry.
Reboot once more and post a new log.

PurityScan is an adware program that downloads and displays advertisements on a computer. To stop the ads, run the uninstaller found here:

http://www.purityscan.com/uninstall.html

First, you need to be sure your system is set to 'Show hidden files and folders.' Open Windows Explorer, go to Tools, and then Folder Options; when the Folder Options window opens, click on the View tab. You should find these entries in the list under Advanced settings:
Select Show hidden files and folders
Deselect (uncheck) Hide protected operating system files.

If you're getting any popup messages, don't click on them, not even the 'X' to close them; either right-click and select Close, or use Task Manager (Ctrl-Alt-Del) and End Task.

Download CleanUp from here:
http://www.stevengould.org/downloads.../CleanUp40.exe

Install it, but don't run it yet.

Download LQfix.exe from one of the following locations:
http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe

Install it, but do NOT run it yet (you will need to boot into Safe Mode first).
Installation and running notes --

• To install, double-click LQfix.exe and click Next, then Next, and then Install.
  When you run it:
• Leave the default settings, if you change them, the fix will Fail!
• You will need an active internet connection, so make sure your you're not blocking any connection now.
• Make sure the "Launch LQfix" box is checked.
• Click the Finish button to start the fix.
• Follow the on-screen prompts.
• Your system will reboot afterwards.
• Please be patient after the reboot, there is a script running in the background that needs to complete.

Reboot into Safe Mode and run LQfix.bat.

When it's finished (after your system reboots), scan with HijackThis, and have it fix the following entries:

Note: This first entry should have elite followed by three letters and the number 32 -- and the second entry should have pokapoka followed by two numbers as in these examples:
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliterdj32.exe
O4 - HKLM\..\Run: [checkrun] E:\windows\system32\elitecla32.exe
And
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe

Close any open windows, other then HijackThis, and hit Fix checked.

With HijackThis still open, click on the Config... button in the lower right corner of the main window. In the next window, click on the Misc Tools button at the top, and then click the Delete a file on reboot... button. Copy and paste (the elite entry from your log, similar to this) -- C:\windows\system32\eliterdj32.exe into the box, and click Open. A new window will pop up asking if you want to restart your computer now; click Yes and boot into Safe Mode again.

Repeat the 'delete on reboot' instructions for C:\WINDOWS\etb\pokapoka62.exe, again rebooting into Safe Mode.

Then go to the following locations and delete the highlighted file and folder (if present):

C:\windows\system32\eliterdj32.exe (again, whatever elite file showed in your log)

C:\WINDOWS\etb

Empty your Recycle Bin and reboot normally.

Now run CleanUp!; click the Options... button and then move the Quick Setup slider to the Thorough Cleanup position. If you have any bookmarks, Uncheck the option Delete Favorites/Bookmarks. Click OK to return to the main window and click CleanUp! to start cleaning. When it's finished, click Close, and then No (to avoid logging off).

Close any open browser windows, scan with HJT, and post a log in the Virus forum.

(This fix obtained from http://forums.us.dell.com/supportfor...ssage.id=42143)

Boot/reboot into Safe Mode

Go to Add/Remove Programs in the Control Panel and remove:
MyWay (or MyWaySA)

If you get a window to "Remove Share Component", click "Yes to All"

If you get a window to "Remove Share File", click "Yes to All"

Do NOT restart the computer when asked

Go to Start, Find (or Search), Files or Folders; Look In should say Local Hard Drives
Type MyWay (or MyWaySA) and hit Enter -- delete any instances found.

Go to Start, Run, and type in (or copy and paste) MsiExec.exe /X{78d944d7-a97b-4004-ab0a-b5ad06839940}

Click OK and follow the prompts to remove MyWay

Go to Start, Run, type in regedit, and hit Enter

Highlight My Computer

Click Edit, Find, type in MyWay, and hit Enter. Delete anything found, press F3 to continue searching, deleting any/all found until the search is complete.

Close all windows when finished and reboot normally.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Put a check next to Run VundoFix as a task.
• You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
• When VundoFix re-opens, click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
• Turn your computer back on.

If you still require help, post an hijackthis log in the Viruses, Spyware & other Nasties forum.