Jump to content


Photo

MXTARGET.DLL and pop-ups


  • Please log in to reply
4 replies to this topic

#1 Bert Hof

Bert Hof

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 15 July 2004 - 06:49 AM

Hi there, pop-ups keep returning when I use Internet and I cannot delete the file MXTARGET.DLL. Norton and McAfee do not find viruses. AdAware and Spybot do not fix the problem. HijackThis also does not do the trick. Below is my HijackThis log. If someone knows how to solve this problem: please help!

Thanks

Logfile of HijackThis v1.97.7
Scan saved at 13:40:29, on 15/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\DRVLSNR.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\DDHCIWCJ.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMSHOF\HIJACKTHIS.EXE

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\Run: [dcsdkdvwtw] C:\WINDOWS\SYSTEM\ddhciwcj.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7875.1302314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...375/mcfscan.cab

#2 pfofit

pfofit

    It's raining spyware.

  • Trusted Advisor
  • PipPipPip
  • 171 posts

Posted 15 July 2004 - 03:31 PM

Hi
First, restart in Safe mode and please run hijack and place a check in the following entries.
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\MXTARGET.DLL

O4 - HKLM\..\Run: [dcsdkdvwtw] C:\WINDOWS\SYSTEM\ddhciwcj.exe

Close ALL browsers and all other open windows, except hijackthis.,
Then select Fix Checked

To unhide hidden files,
  • On desktop doubleclick My Computer and select View and click Details
  • Again select View >Folder Options
  • Under the View tab,
  • Tick show all files
  • Untick hide file extensions for all file types. Select Apply then OK
Open an IE and select Tools> Internet options and delete all temporary internet files and tick "delete offline content"
Then find and delete the following files
C:\ temp <--delete all possible files in this folder
C:\windows\ temp <--delete all possible files in this folder

Select Start-> Settings-> Control panel-> add/remove and select and remove the following programs if present: -Twain tech
While still in safe mode, find and delete the following files/folders if they still exist:
C:\WINDOWS\SYSTEM\ ddhciwcj.exe <--delete only this file
C:\WINDOWS\ MXTARGET.DLL <--delete only this file

Then, in hijack go to "Config" and select "ignorelist" at the top. If anything is listed in that window, select "delete all".
Then go to Start> Run and type msconfig and hit OK. Under the "General" tab, insure that "Normal startup" is selected.

Restart your system
Hijack has a newer version, 1.98.
http://209.133.47.12.../HijackThis.exe
Save to hijack folder and post a fresh log from 1.98.

Edited by pfofit, 15 July 2004 - 03:32 PM.


#3 Bert Hof

Bert Hof

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 16 July 2004 - 05:55 AM

Hi, installed Hijack 1.98 and did all the things you suggested. Seems to have helped, thanks!

I deleted all the files from the windows\temp directory (i.e., I put them in my recycle bin). Question about that: this included deleting .exe files, like patch.exe. This is not a problem?

Below is my log file from the new Hijack after doing all the stuff.

Logfile of HijackThis v1.98.0
Scan saved at 12:35:53, on 16/07/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMSHOF\HIJACKTHIS.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...375/mcfscan.cab

#4 pfofit

pfofit

    It's raining spyware.

  • Trusted Advisor
  • PipPipPip
  • 171 posts

Posted 16 July 2004 - 09:32 AM

Hi again Bert. well done.

If you ever wonder about a specific file, you can rightclick on it and select properties and the version tab and see what product and company name is associated with the file.

Patch.exe: one posibility for patch.exe is that it is an email virus that came as a fake patch from microsoft.

In light of that, lets do a free online virus scan and delete anything it finds from:To complete your clean up, do a free online trojan scan as well and delete anything it finds from: Once you get a clean bill of health from them, then you need to visit windows updates. You are vulnerable with IE 5.5. Install all of the latest critical updates . You may need a couple of trips. Keep going back until there are no more critical updates.

Bert, below is my standard speech
--------------------------------------------------------------------------------------------------------------Let me know how your system is working.
pfofit

#5 Bert Hof

Bert Hof

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 19 July 2004 - 07:27 AM

No problems encountered; everything seems to be working the way it should. Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button