Network not working right read this

[Pisnaz]

Hey all I am looking for max distrubution of this.

I have seen 4 of these attacks show up and am coming closer and closer to believing it is distributed through the internet/networks ala MSblast. From initial views (have not grabbed code yet) it appears to use the new.net tcp/ip layer as a payload contained in a viri of unknown form (trogan, worm etc).

Symptoms: No resolution of dhcp settings. (meaning it will not get an ip from the network but assign default ip range 169.x.x.x) On dial up will allow connection and possibly a few sec of access then dump. It also can be found through appearences of New.net errors on boot, and disabling of antivir programs.

Detection:

start/run winmsd

look under components/network/protocol for new.net tcp and udp entries (should be very top entry)

Removal:

start/run/cmd

netsh winsock reset [enter]

netsh int ip reset (c:\resetlog.txt) ()=optional

restart

renable antivir prog if required, remove new.net.dll from

startup (msconfig)

As I said I have seen this in 4 systems already since Saturday, and know at least 2 were on an internal network behind a router and it may of passed from one to another via lan.

Any questions send me a mail. If anyone needs a removal tool I have one created, and ready for deployment. It can be used with no adverse effects. The above guidelines have only been tested on win xp but i believe they will also work on win2k (winmsd will work). For 9x systems I reccemond trying to grab a older copy of the winsock installer and go that route (ala old school).

Pisnaz