Solved

Adware Removal

Posted on 2004-08-21
8
473 Views
Last Modified: 2013-12-04
I have run "Spy Sweeper" and it has detected and removed an adware titled "WildMain", however it also states that it cannot remove a file titled "midaddle" and that I must remove it manually.  I try to do this but I cannot and I receive a message that the file is in use.  When I run Spy Sweeper again, it again detects WildMain.  I believe these two items are related but I don't know for sure.  I also have been getting a lot of pop ups lately and my computer "lags" or seems to be running slower.  Are these problems also related to this adware?  And how do I get rid of this file and adware program?  I am far from any kind of computer expert and would appreciate any help I could get.  I have Windows XP.  Thanks.
0
Comment
Question by:kentomnagle
  • 3
8 Comments
 
LVL 36

Accepted Solution

by:
Zyloch earned 250 total points
ID: 11862467
Hi

You can download Adaware also (http://www.lavasoftusa.com/), but I definitely recommend Spybot S&D, which you can also Immunize your computer from further attacks. (I'm not too clear about Spy Sweeper if that has Immunize too, then you can use that no problem).

You can try several things to remove midaddle. If possible, try to set Spy Sweeper to run as soon as you start the computer, when it might be possible to delete midaddle. Also, you can try to boot into safe mode and delete it. Finally, you can try booting into DOS mode, navigate to the file using the 'cd' command, and use the 'del' command to delete it.

Regards,
Zyloch
0
 
LVL 44

Assisted Solution

by:CrazyOne
CrazyOne earned 250 total points
ID: 11862542
Then boot to Safe Mode and maually delete the file or files

Description of Safe Boot Mode in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;202485
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11862551
If XP is using the file System NTFS then booting to DOS will not be on no use because DOS does not recognize NTFS partions. If booting to Safe Mode does not work then do it from the Recovery Console

Description of the Windows 2000 Recovery Console
http://support.microsoft.com/default.aspx?scid=kb;en-us;229716

but first do this


Set an Automatic Administrator Logon for the Recovery Console
Control Panel >  Administrative > Local Security Policy.
Security Settings > Local Policies > Security Options. Locate the "Recovery Console: Allow automatic administrative logon" policy. Double-click this policy, and then set it to "Enable".

or edit the registry
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole
SecurityLevel (DWORD) 1 = no password, 0 = ask for pass
--------------------------------------------

Access To All Drives And Folders policy
Control Panel >  Administrative > Local Security Policy.
Security Settings > Local Policies > Security Options. Locate the "Recovery Console: Allow Floppy Copy And Access To All Drives And Folders" policy. Double-click this policy, and then set it to "Enable".

or edit the registry
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole
SetCommand (DWORD) 1 = allow floppy copy etc, 0 = restrict some file
copying


HOW TO: Add More Power to Recovery Console By Using Group Policy in Windows XP Professional
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q310497

BEGIN ARTICLE

--------------------------------------------------------------------------------
The information in this article applies to:

Microsoft Windows XP Professional
--------------------------------------------------------------------------------

IN THIS TASK
SUMMARY
Use Group Policy To Add Power To Recovery Console

SUMMARY
This step-by-step article describes how to use Group Policy to add more power to the Recovery Console. Windows XP provides a Group Policy that lets you add power to the commands that are available in the Recovery Console. Under normal conditions, the Recovery Console imposes limits on the environment in which it operates.

back to the top

Use Group Policy to Add Power to Recovery Console
If you pre-install the Recovery Console on a computer, you should use Group Policy to enhance the environment settings, adding power to the available file operations. To do so:
Click Start , click Run , type mmc in the Open box, and then click OK .

On the File menu, click Add/Remove Snap-in , and then click Add .

Click Group Policy , and then click Add .

Click Local Computer , click Finish , and then click Close to return to the Add/Remove Snap-in dialog box.

Click OK to return to the Console window.

Expand the Local Computer Policy object to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

Select the Security Options object in the Console pane to display the security policies in the Details pane.

In the Details pane, double-click the Recovery Console: Allow Floppy Copy And Access To All Drives And Folders policy.

Click Enabled , and then click OK .

Quit the MMC. You can save the console in case you want to make changes.

After you have enabled this Group Policy, when you enter the Recovery Console you can change the environment settings with the set command, by using the set variable = TRUE or FALSE syntax.

NOTE : Be sure to use a space on each side of the equal sign. If you do not, the set command generates a "syntax error" error message and does not work.

The following variables define the default environment. The variables, when set to TRUE, enlarge the scope of the environment setting and have the following meanings:
AllowWildCards = TRUE Enable wildcard support for some commands (such as the del command)

AllowAllPaths = TRUE Allows access to all files and folders on the computer

AllowRemovableMedia = TRUE Allow files to be copied to removable media, such as a floppy disk

NoCopyPrompt = TRUE Do not prompt when overwriting an existing file

To see the current settings for the environment, type set without parameters at a command prompt.

For additional information about the Recovery Console on Windows XP, click the article numbers below to view the articles in the Microsoft Knowledge Base:
Q314058 Description of the Windows XP Recovery Console
Q216417 How to Install the Windows Recovery Console
back to the top

--------------------------------------------------------------------------------
Published Oct 20 2001 12:35AM  Issue Type kbhowto  
Last Modifed May 22 2002 2:25AM  Additional Query Words  
Keywords kbtool kbAudITPro kbHOWTOmaster  

COPYRIGHT NOTICE. Copyright 2002 Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052-6399 U.S.A. All rights reserved.
 
END  ARTICLE\
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11862553
Ummm I am sorry the above is for Win2000

Try this for XP

HOW TO: Add More Power to Recovery Console By Using Group Policy in Windows XP Professional
http://support.microsoft.com/default.aspx?scid=kb;EN-US;314058

Description of the Windows XP Recovery Console
http://support.microsoft.com/default.aspx?scid=kb;en-us;314058
0
 
LVL 2

Expert Comment

by:Shattuc
ID: 12150148
Lavasoft Ad-Aware http://www.lavasoftusa.com/software/adaware/
Spybot S&D http://www.safer-networking.org/en/download/index.html
AVG Free  http://free.grisoft.com/freeweb.php/doc/2/
Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html
Spyware Guard http://www.javacoolsoftware.com/spywareguard.html

These are all programs that can be used by the average computer user

without difficulty, and without undesired results.

Lavasoft Ad-Aware will clean up alot of spyware infections.
Spybot S&D will clean up alot of spyware infections.
between these two programs, most of the nasties can be safely removed

without damaging other programs.

AVG Free Antivirus is an Excellent Antivirus, especially since it is

free. (found a nasty trojan that was giving me Fits for a week)

Spyware Blaster is a program that you only have to run weekly, the

settings and changes it makes are static, and you don't need to keep it

running for it's protection to work.
It has a large database of Identified, and known spyware/malware/activeX

controls. It instructs windows and IE, Firefox, and mozilla browsers not

to install or run any of these nasties.

Spyware Guard is like your Antivirus, but for spyware, it is a resident

and is always running, if it encounters something that should not be

downloaded, by default it will popup a dialog box and ask for

instruction.

these last two, will help keep your system running smoothly.

lastly, make sure you do not run TWO antivirus programs at the same time.

it can result in conflicts, and leaving your system wide open to attack

and infection. (Spyware Guard is not an Anti-Virus and can be run side by

side with anti-virus without conflicts)

also in Spybot S&D there is a resident program called tea-timer. it

monitors your registry entries and notifies you of changes made to your

registry.

If all else fails and you do have an infection, then get a copy of Hijack

This. HiJack this is an Advanced Diagnostic tool. not everything it finds

should be fixed. if you fix the wrong entry, it can make your system

unstable, and even cause some programs to not function. if you must

resort to using Hijack This, be sure to consult an expert about your log

before you fix anything.
you can find it here.

http://www.bleepingcomputer.com/files/hijackthis.php

I personally recommend the folks at Tom Coyote Forums found here,

http://www.tomcoyote.com
but there are many forums where volunteers help you get control of your

system back.

If you prefer to deal with it here, you can post your log here, and I can

help you to the best of my ability.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now