• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
juanmauricio

MxTarget and other pests

2 posts in this topic

I have been trying to get rid of the PreInsMt.exe and MxTarget.dll trojans for more than two weeks, but no matter when I do what had worked in the past (Ad-Aware/Spysoft/ HijackThis) or follow other recommendations (SpySweeper, Webroot, a2clean, Bazooka, CWShredder, etc), they always come back.

 

At reboot I always get PreInsMt.exe and MxTarget.dll Trojans dated July 9, 2004. This is very curious because my Internet connection was closed July7-14, when I was out of town. I guess I made a mistake by not disconnecting the power from the computer all that time.

 

Aside from this pest, I also get invaded by SystB.exe (red icon), polmx.exe, wupd.exe, lu.dat and several assorted drsnsrch.com on a regular basis at least once a week, always at the same time: 5:49AM.

 

I have copies of HijackThis logs, and AdAware logs showing all the stuff they got from their scans.

 

Trying to do some detective work, I printed the setupapi log to and found out that the MxTarget and PreInsMt Trojans were recalled at reboot from a temp file. I deleted all the temp files that carry Mxtarget.dll, but they came back on reboot.

 

Curiously a second setupapi log shows that Windows kept searching for the PreInsMt.exe, and when they weren’t in the usual places, it kept searching from them in some other Temp file.

 

I am mystified!

 

More analysis of the setupapi logs shows an executable file that seems to start the whole reload operation: thnall1t.exe, which is located in a temp folder. A search for that temp folder and for the thnall1t.exe file came up empty!!

 

I am not a computer expert (I was a pretty good programmer in the late 60s and early 70s, but technology passed me by at some point), but this thing is making me think I am stupid.

 

I can clean the stuff when I see a lot of pop up ads and the machine works fine for a day or two, but on reboot, or even sometimes when I log off to let my wife logon to her part of the computer, the MxTarget comes back.

 

Short of emptying and reloading everything in the computer (which I don’t know how to do), is there away to fix my little problem(s)?

Share this post


Link to post
Share on other sites

Maybe these two logs will help someone find an answer to my problem:

 

FIRST LOG AT 5:45 AM

 

[setupAPI Log]

OS Version = 5.1.2600 Service Pack 1

Platform ID = 2 (NT)

Service Pack = 1.0

Suite = 0x0100

Product Type = 1

Architecture = x86

[2004/07/29 05:41:30 3860.1]

#-198 Command line processed: "C:\DOCUME~1\Juan\LOCALS~1\Temp\drp187.tmp\thnall1t.exe"

#E361 An unsigned or incorrectly signed file

"c:\docume~1\juan\locals~1\temp\thi3a11.tmp\mxtarget.inf" will be installed (Policy=Ignore). Error 1168: Element not found.

#-024 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\mxTarget.dll" to "C:\WINDOWS\mxTarget.dll".

#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\mxTarget.dll" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.

#-336 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\preInsMt.exe" to "C:\WINDOWS\preInsMt.exe" via temporary file "C:\WINDOWS\SET189.tmp".

#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\preInsMt.exe" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.

 

 

LOG AT 7AM AFTER DELETING SOME TEMP FOLDERS

 

[setupAPI Log]

OS Version = 5.1.2600 Service Pack 1

Platform ID = 2 (NT)

Service Pack = 1.0

Suite = 0x0100

Product Type = 1

Architecture = x86

[2004/07/29 05:41:30 3860.1]

#-198 Command line processed: "C:\DOCUME~1\Juan\LOCALS~1\Temp\drp187.tmp\thnall1t.exe"

#E361 An unsigned or incorrectly signed file "c:\docume~1\juan\locals~1\temp\thi3a11.tmp\mxtarget.inf" will be installed (Policy=Ignore). Error 1168: Element not found.

#-024 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\mxTarget.dll" to "C:\WINDOWS\mxTarget.dll".

#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\mxTarget.dll" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.

#-336 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\preInsMt.exe" to "C:\WINDOWS\preInsMt.exe" via temporary file "C:\WINDOWS\SET189.tmp".

#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3A11.tmp\preInsMt.exe" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.

[2004/07/29 07:37:10 2708.1]

#-198 Command line processed: "C:\DOCUME~1\Juan\LOCALS~1\Temp\drp10.tmp\thnall1t.exe"

#E361 An unsigned or incorrectly signed file "c:\docume~1\juan\locals~1\temp\thi3863.tmp\mxtarget.inf" will be installed (Policy=Ignore). Error 1168: Element not found.

#-024 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3863.tmp\mxTarget.dll" to "C:\WINDOWS\mxTarget.dll".

#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3863.tmp\mxTarget.dll" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.

#-336 Copying file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3863.tmp\preInsMt.exe" to "C:\WINDOWS\preInsMt.exe" via temporary file "C:\WINDOWS\SETE9.tmp".

#E361 An unsigned or incorrectly signed file "C:\DOCUME~1\Juan\LOCALS~1\Temp\THI3863.tmp\preInsMt.exe" will be installed (Policy=Ignore). Error 0xe000022f: The third-party INF does not contain digital signature information.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0