NewDotNet Runied My Day
Today is a tragic day for me, at least for the first half of my day.
After waking up, I found a new directory under my win98 box (don't
laugh, I did still use win98 10 hours ago). It is
c:\program files\NewDotNet
Immediately I belived I found a new spyware, but the thing I didn't
know is that how malicious this spayware is. It is not a spyware,
it is a SWATware, it is powerful enough to make you cry out loud.
Dio Mio...
I am a veteran of spyware, so I though I know how to get rid of this
niuanse. First, I use
msconfig.exe to disable it from my startup script.
Then I restart my machine into "command prompt" mode, try
I "deltree" the whole directoy. After booting again in the normal
mode, I "smartly" delete all the entry with "NewDotNet" in it.
I though I was done. Then I found my network connection is down.
This is like a bomb just exploded around my ears. What did I do...
First I though this NewDotNet may be some new product of the Microsoft
.net platform. After some internet research, I found the true face
of this malicious NewDotNet.
Supposely this spyware has a real business model. This is
to circumvent ICANN official domain name such as .com or .net
by adding several non-exiting new domain names such as ".shop"...
To do that (since TCP/IP doesn't support these new domain names),
they release a "plug-in" to hijack the Windows Socket service
in Microsoft Windows. So all the windows socket calls are mediated
through this spyware before executed. It is like a hook, after
hooked, it see if the request is for the ".shop", if yes, they
do their own domain name resolve, if not, send them to the regular
windows socket. Just for this, I think Microsoft should sue them
for infingment on their software. But I guess MS is lazie-faire on
this one. Anyway, since it totally messed up the whole Windows Socket
protocol stacks, so if someone use brute force to remove them
from the file system and registry, network stack is broken and the
connection is down.
I wasn't thqt easily beaten of course, I tried several online fixes
and "offical fixes" release by the NewDotNet. Everything failed.
Then I start to rebuild the network stack by removing "Dial Up
Network" and Reinstall them (Microsoft Knowledge Base recommended
this)
see
Microsoft Support
After I removed the "dail up network", my ping works with ip
addresses, but not other services such as telnet. Also, my Microsoft
Network always works, such as samba, microsoft file sharing.
I guess these are through NETBEUI and IPX, not TCP/IP. Anyway,
now, I have the real problem, I have losted the win98 CD and I also
deleted all my .cab files from the
c:\windows\options\cabs.
Now I am royally fucked, I cannot even ssh and read my email
even though I can still access my unix file systems using Samba.
What I am going to do?
It is at this moment, I reformatted my harddrive and installed
windows 2000.
Peace reins again my mind and mozilla for ever and ever.
After waking up, I found a new directory under my win98 box (don't
laugh, I did still use win98 10 hours ago). It is
c:\program files\NewDotNet
Immediately I belived I found a new spyware, but the thing I didn't
know is that how malicious this spayware is. It is not a spyware,
it is a SWATware, it is powerful enough to make you cry out loud.
Dio Mio...
I am a veteran of spyware, so I though I know how to get rid of this
niuanse. First, I use
msconfig.exe to disable it from my startup script.
Then I restart my machine into "command prompt" mode, try
I "deltree" the whole directoy. After booting again in the normal
mode, I "smartly" delete all the entry with "NewDotNet" in it.
I though I was done. Then I found my network connection is down.
This is like a bomb just exploded around my ears. What did I do...
First I though this NewDotNet may be some new product of the Microsoft
.net platform. After some internet research, I found the true face
of this malicious NewDotNet.
Supposely this spyware has a real business model. This is
to circumvent ICANN official domain name such as .com or .net
by adding several non-exiting new domain names such as ".shop"...
To do that (since TCP/IP doesn't support these new domain names),
they release a "plug-in" to hijack the Windows Socket service
in Microsoft Windows. So all the windows socket calls are mediated
through this spyware before executed. It is like a hook, after
hooked, it see if the request is for the ".shop", if yes, they
do their own domain name resolve, if not, send them to the regular
windows socket. Just for this, I think Microsoft should sue them
for infingment on their software. But I guess MS is lazie-faire on
this one. Anyway, since it totally messed up the whole Windows Socket
protocol stacks, so if someone use brute force to remove them
from the file system and registry, network stack is broken and the
connection is down.
I wasn't thqt easily beaten of course, I tried several online fixes
and "offical fixes" release by the NewDotNet. Everything failed.
Then I start to rebuild the network stack by removing "Dial Up
Network" and Reinstall them (Microsoft Knowledge Base recommended
this)
see
Microsoft Support
After I removed the "dail up network", my ping works with ip
addresses, but not other services such as telnet. Also, my Microsoft
Network always works, such as samba, microsoft file sharing.
I guess these are through NETBEUI and IPX, not TCP/IP. Anyway,
now, I have the real problem, I have losted the win98 CD and I also
deleted all my .cab files from the
c:\windows\options\cabs.
Now I am royally fucked, I cannot even ssh and read my email
even though I can still access my unix file systems using Samba.
What I am going to do?
It is at this moment, I reformatted my harddrive and installed
windows 2000.
Peace reins again my mind and mozilla for ever and ever.
0 Comments:
Post a Comment
<< Home