Description

An IE plug-in that adds subdomains of 'new.net' to your name resolution system, resulting in what appear to be extra top-level domains (.shop, and so on) being resolvable. It is not overtly harmful in intent, but counts as Unsolicited Commercial Software as it installs behind your back and its purpose is to generate revenue for its manufacturer.

Variants

There have been a number of different versions of NewDotNet. Some early versions offered no uninstall option. Originally the software was installed into the Windows directory as 'newdotnet_(number).dll'; the later versions (detected as NewDotNet/B) create their own folder in Program Files. NewDotNet/B also redirects address bar searches to their own search engine.

For a short time in 2002, NewDotNet's self-updater also installed a program called 'FirstLook', which opened pop-up ads from firstlook.com. This was stopped after public outcry, but for a while thereafter, NewDotNet installed a 'dummy' FirstLook Program Files folder and entry in Add/Remove Programs, which doesn't do anything.

Distribution

A very large range of software installs New.Net, including RealOne, AudioGalaxy, KaZaA, iMesh, Grokster, BearShare, Babylon and Radlight.

What it does

Advertising

No.

Privacy violation

No.

Security issues

Yes. The new.net software downloads and silently executes arbitrary code from its controlling server, as an update feature.

Stability problems

At least some older versions of the plug-in have been known to crash IE regularly.

Newer versions seem to be less problematic, but as with all Winsock2 LSPs, clashes with other LSP-based software or damage to the software itself can result in network connectivity being broken.

Removal

If you have the variant that installs into Program Files, open the 'NewDotNet' folder in Program Files and run the 'uninstall' program. If this folder does not exist, try opening the Control Panel and looking in the 'Add/Remove Programs' list.

In the case of older versions where NewDotNet is not in the list, you could try installing a new version and then using the uninstall feature. Spybot S&D and Ad-Aware 6 also remove NewDotNet.

Manual removal

A botched manual removal can result in you losing your network connection. Be very careful.

First you must deregister the Winsock2 Layered Service Provider installed by NewDotNet. LSPFix gives you an interface to this. You should 'remove' the NewDotNet entries and 'keep' the rest.

Next, load regedit and open HKEY_CLASSES_ROOT\CLSID. Delete the keys 4A2AACF3-ADF6-11D5-98A9-00E018981B9E and DD521A1D-1F98-11D4-9676-00E018981B9E. For older variants the key will be DD770A75-CE18-11D5-98D8-00E018981B9E instead.

Open HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the new.net value. Open HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects and remove the 4A2AACF3-ADF6-11D5-98A9-00E018981B9E key. You can also delete the new.net entry in HKLM\Software and the tldctl2 classes in HKCR to clean up if you wish.

Reset the computer and you should be able to delete the NewDotNet folder (new variant) or the newdotnet DLL in the Windows directory (old variant).