Jump to content


Photo

MxTarget and other pests


  • Please log in to reply
1 reply to this topic

#1 juanmauricio

juanmauricio

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 29 July 2004 - 08:09 AM

I have been trying to get rid of the PreInsMt.exe and MxTarget.dll trojans for more than two weeks, but no matter when I do what had worked in the past (Ad-Aware/Spysoft/ HijackThis) or follow other recommendations (SpySweeper, Webroot, a2clean, Bazooka, CWShredder, etc), they always come back.

At reboot I always get PreInsMt.exe and MxTarget.dll Trojans dated July 9, 2004. This is very curious because my Internet connection was closed July7-14, when I was out of town. I guess I made a mistake by not disconnecting the power from the computer all that time.

Aside from this pest, I also get invaded by SystB.exe (red icon), polmx.exe, wupd.exe, lu.dat and several assorted drsnsrch.com on a regular basis at least once a week, always at the same time: 5:49AM.

I have copies of HijackThis logs, and AdAware logs showing all the stuff they got from their scans.

Trying to do some detective work, I printed the setupapi log to and found out that the MxTarget and PreInsMt Trojans were recalled at reboot from a temp file. I deleted all the temp files that carry Mxtarget.dll, but they came back on reboot.

Curiously a second setupapi log shows that Windows kept searching for the PreInsMt.exe, and when they werenít in the usual places, it kept searching from them in some other Temp file.

I am mystified!

More analysis of the setupapi logs shows an executable file that seems to start the whole reload operation: thnall1t.exe, which is located in a temp folder. A search for that temp folder and for the thnall1t.exe file came up empty!!

I am not a computer expert (I was a pretty good programmer in the late 60s and early 70s, but technology passed me by at some point), but this thing is making me think I am stupid.

I can clean the stuff when I see a lot of pop up ads and the machine works fine for a day or two, but on reboot, or even sometimes when I log off to let my wife logon to her part of the computer, the MxTarget comes back.

Short of emptying and reloading everything in the computer (which I donít know how to do), is there away to fix my little problem(s)?

#2 juanmauricio

juanmauricio

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 29 July 2004 - 08:47 AM

Maybe these two logs will help someone find an answer to my problem:

FIRST LOG AT 5:45 AM

[SetupAPI Log]
OS Version = 5.1.2600 Service Pack 1
Platform ID = 2 (NT)
Service Pack = 1.0
Suite = 0x0100
Product Type = 1
Architecture = x86
[2004/07/29 05:41:30 3860.1]
#-198 Command line processed: "C:\DOCUME~1\Juan\LOCALS~1\Temp\drp187.tmp\thnall1t.exe"
#E361 An unsigned or incorrectly signed file
"c:\docume~1\juan\locals~1\temp\thi3a11.tmp\mxtarget.inf" will be installed (Policy=Ignore). Error 1168: Element not found.
#-024 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\mxTarget.dll" to "C:\WINDOWS\mxTarget.dll".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\mxTarget.dll" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.
#-336 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\preInsMt.exe" to "C:\WINDOWS\preInsMt.exe" via temporary file "C:\WINDOWS\SET189.tmp".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\preInsMt.exe" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.


LOG AT 7AM AFTER DELETING SOME TEMP FOLDERS

[SetupAPI Log]
OS Version = 5.1.2600 Service Pack 1
Platform ID = 2 (NT)
Service Pack = 1.0
Suite = 0x0100
Product Type = 1
Architecture = x86
[2004/07/29 05:41:30 3860.1]
#-198 Command line processed: "C:\DOCUME~1\Juan\LOCALS~1\Temp\drp187.tmp\thnall1t.exe"
#E361 An unsigned or incorrectly signed file "c:\docume~1\juan\locals~1\temp\thi3a11.tmp\mxtarget.inf" will be installed (Policy=Ignore). Error 1168: Element not found.
#-024 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\mxTarget.dll" to "C:\WINDOWS\mxTarget.dll".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\mxTarget.dll" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.
#-336 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\preInsMt.exe" to "C:\WINDOWS\preInsMt.exe" via temporary file "C:\WINDOWS\SET189.tmp".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\preInsMt.exe" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.
[2004/07/29 07:37:10 2708.1]
#-198 Command line processed: "C:\DOCUME~1\Juan\LOCALS~1\Temp\drp10.tmp\thnall1t.exe"
#E361 An unsigned or incorrectly signed file "c:\docume~1\juan\locals~1\temp\thi3863.tmp\mxtarget.inf" will be installed (Policy=Ignore). Error 1168: Element not found.
#-024 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3863.tmp\mxTarget.dll" to "C:\WINDOWS\mxTarget.dll".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3863.tmp\mxTarget.dll" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.
#-336 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3863.tmp\preInsMt.exe" to "C:\WINDOWS\preInsMt.exe" via temporary file "C:\WINDOWS\SETE9.tmp".
#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3863.tmp\preInsMt.exe" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button