Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.Netpal

Adware.Netpal

Updated:
February 13, 2007
Publisher:
Mindset Interactive, netpalnow.com
Risk Impact:
Medium
File Names:
Netpal.dll,or variants of this file name,such as N3tpa1.dll.
Systems Affected:
Windows

Behavior


Adware.Netpal is a Browser Helper Object that tracks Web-browsing habits, and may display targeted pop-up advertisements.

Symptoms


  • Existence of any files detected as Adware.Netpal.
  • Existence of registry keys that adware created (see the "Technical Details" section for details).
  • Internet Explorer may be unusually slow or unstable.


Behavior


Must be manually installed, or as a component of another program. It may be bundled with other adware applications, such as Adware.FOne.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version March 23, 2017 revision 037
  • Initial Daily Certified version December 18, 2003
  • Latest Daily Certified version March 23, 2017 revision 041
  • Initial Weekly Certified release date December 23, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

When the Adware.Netpal .dll file is loaded, it performs the following actions:
  1. Creates the following registry keys:

    HKEY_CLASSES_ROOT\NetPalIExplore.NetPal
    HKEY_CLASSES_ROOT\NetPalIExplore.NetPal.1
    HKEY_CLASSES_ROOT\CLSID\{000e7270-cc7a-0786-8e7a-da09b51938a6}

  2. May create the registry key:

    HKEY_CURRENT_USER\Software\Destiny

    to store configuration data.

  3. Monitors Web-browsing habits, including visited URL's.

  4. Periodically contacts a server to send the information it collects, download configuration data, or download advertisements.

  5. May query the registry for personal information, including your email addresses as configured in Microsoft Outlook.

  6. May change the default Internet Explorer home page and search page.



The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Close all open browser windows.
  3. Unregister the N3tpa1.dll file.
  4. Run a full system scan and delete all the files detected as Adware.Netpal.
  5. Delete the keys that were added to the registry.
For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. Closing all the open browser windows
Since Adware.Netpal functions as a Microsoft Internet Explorer plug-in, it is necessary to close all the open browser windows to remove it. If you are reading this writeup in Internet Explorer, print it using our printer friendly option at the top of the page, or write down the following instructions, and then close all the open browser windows.

3. Unregistering the n3tpa1.dll file
  1. Start Norton AntiVirus.
  2. Run a full system scan.
  3. If a .dll file is detected as Adware.Netpal, write down the file name, but do not attempt to delete it at this time.
  4. Click Start, and then click Run. (The Run dialog box appears.)
  5. Type, or copy and paste, the following text:


    Note: If the file name of the .dll file that was detected as Adware.Netpal is different than n3tpa1.dll, make the appropriate substitution when typing the command that follows.


    regsvr32 /u "n3tpa1.dll"

    then click OK.

  6. If a dialog box confirming this action appears, click OK.

4. Scanning for and deleting the files
  1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  2. Run a full system scan.
  3. If any files are detected as Adware.Netpal, click Delete.


    Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
5. Deleting the keys from the registry

WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.


Note: This is done to make sure that all the keys are removed. They may not be there if regsvr32 removed them.

  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type regedit

    Then click OK. (The Registry Editor opens.)

  3. Navigate to and delete the following keys:

    HKEY_CLASSES_ROOT\NetPalIExplore.NetPal
    HKEY_CLASSES_ROOT\NetPalIExplore.NetPal.1
    HKEY_CLASSES_ROOT\CLSID\{000e7270-cc7a-0786-8e7a-da09b51938a6}
    HKEY_CURRENT_USER\Software\Destiny

  4. Exit the registry editor.