Can't get rid of Madfind 123 access at startup

Discussion in 'Malware Help (A Specialist Will Reply)' started by damiankeegan, Mar 12, 2007.

  1. damiankeegan

    damiankeegan Private E-2

    Hi,

    I am hoping you can help me. I recently used your excellent web site to remove the Vundo virus and parts of the spywarequake spyware from my computer - thankyou for providing this service!

    Unfortunately I still have a problem and can't find any info on your site apart from a link to symantec which asks me to remove the svc.exe and Browserhelper.dll files from my computer which I can't find anywhere, and I still have the problem.

    At startup, I get a message from protowall as follows:

    007/03/12 11:40:59 [<-] BLOCKED [!] - Destination is (050310) Net Controller, Madfind 123 (192.43.244.18) [protocol: UDP / destport: 123]

    I imagine I am still infected with something?
     

    Attached Files:

    Last edited: Mar 12, 2007
    damiankeegan, Mar 12, 2007
    #1
  2. damiankeegan

    damiankeegan Private E-2

    other attachments.
     

    Attached Files:

    damiankeegan, Mar 12, 2007
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have no service packs. Which may be part of the reason you are being compromised so often.

    You did not uninstall these:
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.0_01

    Or update Spybot to the current version

    You need to install:

    Java Runtime 6

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now attach new logs for:

    * GetRunKey
    * ShowNew
    * HJT
     
    TimW, Mar 12, 2007
    #3
  4. damiankeegan

    damiankeegan Private E-2

    Hi,

    Thanks so much for your help.

    I have deleted the java updates(had to do this manually due to a missing dll) and installed jre 6 from your website.

    I am a little confused by all of the file names on my computer that seem to have changed themselves to 8 letter names which I don't understand. Do you know why this is?

    I have also merged the reg file you have posted.

    Here are the new attachments:
     

    Attached Files:

    damiankeegan, Mar 14, 2007
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I'm a little confused with your system.
    There are no services showing in the HJT log.
    Is it possible that the regional setting have been changed?

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Please download HOSTER and then follow the below steps.
    • Unzip HOSTER to a convenient folder such as C:\Hoster
    • Run Hoster.exe, click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program.
    Attach a new log for:
    ShowNew
    GetRun
    HJT
     
    TimW, Mar 14, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds