Stubborn Spyware

When Windows starts up it opens with My Documents folder open and the search assistant option turned on on the task bar. I have run spybot, adaware, cccleaner,kill2me, and macafee anti virus. I have run hijack this and used the tutorial and the analyzer to weed out all of the junk. There is one entry that keeps popping up (O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll). I am not sure if this is my problem or what. I am at my wits end. Any help would be greatly appreciated. Thanks Wally

 

Hi Wally,

Mx-Targeting is definitely malware and needs to go. Did you try any of the Online Scans prescribed in our Cleanup Tutorial?

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal


You might also want to send us a Fresh HijackThis Log to doublecheck. If you do, be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

One of us would be happy to give it a glance as time permits.

PP

 

Hey PhilliePhan,
I went through the tutorial again since there was more stuff in it since I last went through. The online trend micro scan deleted (troj agent.ae, troj load.a, and troj blazefind). I ran another hijack this and have attached my log. My documents is still opening on start up and the search assistant is stll there also. Thanks for your help man. Wally

 

Hi Wally,

All that is left is what remains of BlazeFind.

Before you start, please extract HijackThis to its own Folder. Here’s how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER
To extract HJT:
Now, RightClick your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder (C:\Program Files\HijackThis)and click Next.

Once HijackThis is properly situated:
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now scan with HijackThis and Check the Boxes for the following:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Windows\System32\wsaupdater.exe,

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode and navigate to and DELETE the following:

C:\Windows\System32\wsaupdater.exe

NOTE: While in the System32 Folder, check to make sure userinit.exe is still there.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Reset Web Settings:
RightClick on your Desktop Internet Explorer Icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to www.majorgeeks.com. Click Apply.

Now, Scan with HijackThis and attach that log.

Let me know of any problems you may have encountered with the above instructions and how your computer is running now. I will try to check back when time permits.

Best luck
PP

 

Hey PhilliePhan,
I went through all of your steps and here is my latest log file. Please let me know if I need to do anything else. Thanks again for your help. Wally

 

Hey guys,
I started up this morning to check the group and had no problems at all! You guys rock! I have a Belkin router with a firewall and would like to put a password on it and have no idea where to adjust things on the router. Could you point me in the right direction. Thanks again, Wally