Help with MidAdle

Discussion in 'privacy problems' started by Busibee19, Jan 6, 2005.

Thread Status:
Not open for further replies.
  1. Busibee19

    Busibee19 Registered Member

    Joined:
    Jan 6, 2005
    Posts:
    1
    I have tried unsuccessfully to block MidAddle and it keeps infecting my registry keys as well as some other hijackers. Can anyone help block these:
    Spyware Scan Details
    Start Date: 1/6/2005 6:23:21 PM
    End Date: 1/6/2005 6:29:52 PM
    Total Time: 6 mins 31 secs

    Detected Threats

    SearchExe Hijacker Adware more information...
    Details: SearchExe changes the Internet Explorer SearchUrl to search-exe.com and displays ads on your desktop using popups.
    Status: Removed
    Severe threat - Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

    Infected registry keys/values detected
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SearchHelp.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SearchHelp.DLL AppID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchHelp
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchHelp\CLSID { - - - - 841}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchHelp\CurVer SearchHelp
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchHelp CSearchHelpIEExtension Object


    MidAddle Adware more information...
    Details: Midaddle is a downloader Trojan which downloads and installs/runs adware software.
    Status: Removed
    High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

    Infected registry keys/values detected
    HKEY_CLASSES_ROOT\clsid\{ - - - - 841}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ - - - - 841} Search Help
    HKEY_CLASSES_ROOT\clsid\{ - - - - 841}\InprocServer32 C:\Documents and Settings\Administrator\Local Settings\Temp\Q4Ybj.dll
    HKEY_CLASSES_ROOT\clsid\{ - - - - 841}\InprocServer32 ThreadingModel apartment
    HKEY_CLASSES_ROOT\clsid\{ - - - - 841}\ProgID SearchHelp
    HKEY_CLASSES_ROOT\clsid\{ - - - - 841}\TypeLib {ECB25A48-E6E0-49AF-99AF-07C763E31389}
    HKEY_CLASSES_ROOT\clsid\{ - - - - 841}\VersionIndependentProgID SearchHelp
    HKEY_CLASSES_ROOT\clsid\{ - - - - 841} CSearchHelpIEExtension Object
    HKEY_CLASSES_ROOT\clsid\{ - - - - 841} AppID
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ - - - - 841}


    IEPlugin Spyware more information...
    Details: IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.
    Status: Removed
    High threat - High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May us a security flaw in the operating system to gain access to your computer.

    Infected registry keys/values detected
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ - - - - 841}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ - - - - 841}\InprocServer32 C:\Documents and Settings\Administrator\Local Settings\Temp\Q4Ybj.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ - - - - 841}\InprocServer32 ThreadingModel apartment
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ - - - - 841}\ProgID SearchHelp
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ - - - - 841}\TypeLib {ECB25A48-E6E0-49AF-99AF-07C763E31389}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ - - - - 841}\VersionIndependentProgID SearchHelp
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ - - - - 841} CSearchHelpIEExtension Object
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ - - - - 841} AppID
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Busibee19, and welcome to Wilders.
    Just blocking malware that has already infected your computer won't clean it of the infection, and that is what you should be trying to do, clean the infection completely.

    You didn't mention what security apps you have or have used to try and clean the infected files from your computer, but if you do not have a trusted anti-spyware program already then I would suggest you download, install and bring up to-date one of the following two free anti-spyware programs (using both is also recommended and they work well together)
    Ad-Aware SE Personal
    Spybot Search&Destroy

    Once they are uptodate, do a full scan with them, reboot and scan again until nothing else is identified as infected. You can also scan in Safe Mode if you find that the infected files are not being removed in regular scans.

    I would then followup with downloading HijackThis - you can find it here, and post your log at one of the forums that do spyware/hijack removal/cleaning: A-SAP.

    Two of the bigger forums for HijackThis log processing, (meaning they process more log threads each day than many others) are: SpywareInfo.com and CastleCops.com. Whichever site you decide to go to, make sure you read their forum FAQ's and posting policies before posting a log.

    Once your system is clean, you can read this link to learn how to tighten your security and prevent future infection: Why did I get infected in the first place?

    Let us know how you do.

    Regards,

    snap
     
Thread Status:
Not open for further replies.