This adware snuck into my computer and I can't get rid of it. I have searched many other web gurus to follow their steps, but nothing has worked yet. It has destroyed my ActiveX Security settings and now I'm forced to reformat my hard drive. My Outlook has become very unstable, and other maledies are taking form.

Does anyone have any idea how to clean this malicious spyware that pops up a full IE page before redirecting me to the intended URL? It has ruined my ability to view DVDs, open MS help files, download my digital camera, and even open Adobe Acrobat Reader with graphics on pages! HELP! This is my homebased work computer. If I don't have to reformat this hard drive, I'd be a very happy webdiva! All downloads to protect from it are only useful AFTER the download. Thanks~
Jo Ann

This one is a nasty little bugger and harder than heck to detect. MidADdle is one of the newest pieces of spyware that is virtually undetectable by most anti-spyware programs. It is also known as ads234, ads234.com, AdView, and origin.midaddle.com.

This is one of the hardest programs to remove. This program has 3 parts:

1. The main program
2. Backup Program #1
3. Backup Program #2.

The main program is obvious, it is named MidADdle.dll, and it is usually located in this directory:

C:/Program Files/Common Files/MidADdle

Backup Programs #1 and #2 aren't so obvious, they are hidden away in a temp (temporary) folder.

If you try to delete the Main Program, Backup Program #1 will reinstall it the next time you are online. If you try to delete the main program AND Backup Program #1, Backup Program #2 will reinstall the Main Program AND Backup Program #1, the next time you are online. Unless you delete all 3 parts AT THE SAME TIME without being connected to the internet, you cannot get rid of this program.

So just find all 3 parts, delete them, and you're done with it. Right? Yes, but the problem is finding all 3 parts. We already know that the Main Program is named MidADdle.dll, but the Backup Programs are a bit harder than that to find. The backup programs are always .exe files, and they change their names constantly.

For example, Backup Program #1 could be named rkdfi.exe, and Backup Program #2 could be named dk83lpb.exe. The Backup Programs are basically named in "gibberish" so that the user can't find them. At first glance, I and many others thought these were normal system files, and we didn't delete them. If you delete Backup Program #1, Backup Program #2 will reinstall Backup Program #1, but it will have a DIFFERENT name than before.

Everybody I've talked to about this seems to have different names for their Backup Programs. This must be why ad-aware, spybot, and other anti-spyware programs can't find and delete everything; because the programs change their names to random letters and numbers all the time.

Basically, we have 2 little programs whos job it is to make sure the Main Program does not get uninstalled. These 2 little programs will change their names to avoid detection from every anti-spyware program there is.

How to Remove It

***It would be a good idea to print this page and disconnect from the Internet completely, otherwise none of these methods will work.***

Method #1

Try this method FIRST! this is the safest method for most users.

1. Make sure you are NOT connected to the internet! If you are still connected to the internet this will not work!

2. Go to the Start Menu on the bottom of your computer screen

3. Select Control Pannel

4. Double Click on "Add or Remove Programs"

5. Select MidADdle

6. Select Remove

Some people claim this worked for them, others say it worked for a while, but MidADdle came back, and still others said it did nothing. Remember how I said this program has 3 parts: the Main Program, Backup Program #1, and Backup Program #2? When you do this method, it might only get rid of the Main Program. So, the next time you log on to the internet, Backup Program #1 will reinstall the Main Program for you.

However, it is strongly recommended that you try this method FIRST before you move on, because it is by far the safest method for your computer.

Method #2

Go to http://www.ad-aware.com and download Ad-Aware. This is a free anti-spyware program that will find most pieces of spyware and delete them for you. Even if this doesn't fix this problem, it is still a good thing to have.

After you've installed it, go to the top and click on the globe icon, then click connect. This will download an updated file that will find the most recent pieces of spyware.

After that's done, disconnect from the internet. Go to the top again and click on the gear icon. Then click on the "advanced" tab. Make sure the following are checked (if they aren't checked, put a check next to them)

Scan Within Archives
Scan Active Processes
Scan Registry
Deep Scan Registry
Scan My IE Favorites For Banned URLs
Scan My Hosts File

Then click "Proceed"

Then click on the Status tab.
Select Next
Put a check next to Active In-Depth Scan (if it isn't checked already)
Then click on "Select Drives/Folders to Scan"
Click the "Select" link
Put a check next to the C: drive.
Then click "Next"

Note: This will take a while, maybe 10-20 minutes if you've never done it before. Just be patient.

Once it's done, right click your mouse and click on the tab that says "select all objects" and then click "Finish"

Sometimes it asks you to restart your computer to remove some files, which is fine. Just select ok and then restart your computer, and Ad-Aware will load automatically and fix everything.

If that doesn't fix the problem, reconnect to the internet and download Spybot - Search And Destroy at http://www.spybot.info This is also a free anti-spyware program, and it happens to have a tutorial if you have any questions. Run that and let it fix everything it finds.

As of the date this page was made, this method probably won't fix MidADdle. However, it will get rid of most of the other spyware on your computer. It is possible that at a future date, one of these programs may be able to fix MidADdle completely, so that is why I have listed it as Method #2.

Method #3

First you need to download Hijack This from http://www.download.com/3000-8022-10227353.html

After you've done that, you MUST disconnect from the Internet. Again, if you don't do this, it wont work.

Let hijack scan your computer, BUT DON'T FIX EVERYTHING!!!

If you have never used HiJackThis Please do NOT fix anything! Once the scan is ran you will have the option to save the log. Save the log. It will save to a text file. Reconnect to the internet and copy the log file into a message in this thread. We'll go from there.

If you have used it before you will only need to fix ONE thing, and it will look something like this:

O2 - BHO: WinPage Affiliate - {E8EAEB34-B7F5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll

Find that, put a check next to it, and select "Fix Checked" on HijackThis.

Ok, Now you have killed the main program, and the Backup Programs can't reinstall the Main Program until you connect to the internet again. So, stay off the internet and I will explain how to find these Backup Programs.

Go to the Start Menu

Select "Search"

Select "All Files and Folders"

Look in the C: drive

Type *exe into the search field.

This will bring up every .exe file on your computer.

Once the search is complete, right click on the list and select Arrange Icons By, and then select Modified.

Scroll down to the bottom of the list and think to yourself, when did I start having the MidADdle problem? For me, I first noticed it on 7/29/04. So, I looked through that list and looked at every program that was created on 7/29/04. I noticed that 2 programs in particular were very small files. (less than 1 MB.) This is what brought them to my attention:

They had names that were gibberish, just like the Backup Programs #1 and #2 that I described.

They were created at the exact same time, which was 11:00

They were located in the C:/Documents and Settings/user1/Local Settings/Temp Directory. The "user1" part of that directory varies, depending on what your window's account is. It could be Bob, Or Tom, or whatever you've named your windows account. Just look for anything located in /Local Settings/Temp that was created on your particular MidADdle day.

Here is an example of what you might find:

C:/Documents and Settings/user1/Local Settings/Temp Directory/rkdfi.exe
C:/Documents and Settings/user1/Local Settings/Temp Directory/dk83lpb.exe

Once you've found the 2 suspicous programs, highlight them, right click, and hit delete.

I believe I saw more than 2 programs that looked suspicious, a couple were copies of the same programs that were just put in different folders. They were located in the following directories, and they were created at about the same time:

C:/windows/system32
C:/windows/temp

If you see more than 2, delete them all. If you see ANYTHING suspicious like that, which was created on that particular day, and it's located in a TEMP (it stands for temporary) folder, feel free to delete it. Anything in a temporary folder can always be deleted without harming your computer, because it is only "temporary," its not a permanent file.

Method #4 *New* 8/5/04

Go to the Start Menu

Select "Search"

Select "All Files and Folders"

Look in the C: drive

Type *exe into the search field.

This will bring up every .exe file on your computer.

Once the search is complete, right click on the list and select Arrange Icons By, and then select Modified.

Look for 2 new programs named:

addit.exe
WildWinTracker.exe

Both of the files are located in this directory:

C:/Documents and Settings/user1/Local Settings/Temp Directory/addit.exe
C:/Documents and Settings/user1/Local Settings/Temp Directory/WildWinTracker.exe

Delete the "addit.exe" first, and check your Internet browser again. If you are still being redirected to www.ads234.com sign off the Internet a second time, and I then deleted the "WildWinTracker.exe" file.

You should be good to go. If your browser goes directly to your homepage (and not www.ads234.com first) you have finally beaten MidADdle.