c:\WINDOWS\secure32.html

[Brian]

Has anybody come across this little beauty before?

I'm working on a system that had 5 seperate hackers
trojans on it. It uses win 98 and IE6. I have got rid of
all virus', edited the Sys Reg, removed all spyware and
reparied the Sys reg.

The above "c:\WINDOWS\secure32.html" now keeps appearing
as my home page in my Internet Properties. If I change
it, close the properties down and either re-open them or
try to connect to the net, it re-appears and takes me to
some type of advertising site claiming the IP address is
being tracked and I have visted 'Pedo' sites as it calls
them.

I have found the above file once in the Windows folder and
deleted it from there. Subsequent searches have not found
it although it still reappears.

If you manually change the home page settings in the
Internet Properties, the 'use current' button is greyed
out.

Its almost as if the system has 'hyjacker' software
somewhere but after searching symantec and Cnet.com, I
cannot find anything about this situation or file.

Anyone got any ideas?

Thanks

Brian

 

[Jon Kennedy]

See this site for possible help and more information:
http://www.mvps.org/inetexplorer/answers.htm#home_page

In addition to the info there, check your StartUp folder for any programs
that look suspicious. If no joy, go to Start, Run, type in "msconfig" (no
quotes), click Okay, go to the StartUp tab, and look for any line there that
look suspicious. You probably went to a web site and clicked on something
that made the additions/changes to your registry or added a script to your
system that caused this problem. This can also be caused by running an
email attachment or clicking on something in a HTML email.

You may also want to check out StartPage Guard -
http://pjwalczak.com/spguard/index.php
StartPage Guard protects your PC from cyberscam, by monitoring status of
your internet browser StartPage and preventing it from any unauthorized
changes.

And to keep from having to manually edit the registry to unlock your
homepage settings, try this little script by Doug Knox, MS MVP:
http://www.dougknox.com/security/scripts_desc/nosethomepage.htm

More information here: http://www.cexx.org/hphijack.htm

This is caused by a parasite/spyware/malware on your system:

Use Ad-Aware and/or Spybot Search & Destroy to remove it.

Ad-Aware: http://www.lavasoftusa.com/
Spybot: http://security.kolla.de/
(Good site on how to install and use Spybot -
http://www.tomcoyote.org/SPYBOT/)

More information here:
http://www.mvps.org/winhelp2002/unwanted.htm
http://www.spywareinfo.com/
http://www.mvps.org/inetexplorer/Darnit.htm
http://www.doxdesk.com/parasite/ - runs a little script when loading page to
check for common parasites

 

[Alan Edwards]

Yes, it has been around.
Try this search string:
http://groups.google.com/groups?sourceid=navclient&q=secure32.html
or this:
http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=secure32.html&sa=N&tab=gw

....Alan

 

[PA Bear]

You are not alone!... http://snipurl.com/3tzs

Dealing with Hijackware
http://mvps.org/winhelp2002/unwanted.htm
http://www.mvps.org/inetexplorer/Darnit.htm#tshoot
http://aumha.org/a/parasite.htm

You *must* seek updates for Ad-Aware, Spybot, etc., before each and every
use, even "right out of the box". But even then, they can't catch
everything.

When all else fails, HijackThis (http://www.merijn.org/files/hijackthis.zip)
is the preferred tool to use. It will help you to both identify and remove
any hijackware/spyware. **Post your files to http://forums.spywareinfo.com/
or the Spyware forum at http://forum.aumha.org/ for expert analysis, not
here.**

Also update your virus definitions and then run a full system scan. From
now on, do both daily.
--
HTH...Please post back to this thread

~Robear Dyer (aka PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Protect Your PC
http://www.microsoft.com/security/protect/

 

[Brian]

Thanks for the help, i'll give it a go.

Brian

-----Original Message-----
Yes, it has been around.
Try this search string:
http://groups.google.com/groups? sourceid=navclient&q=secure32%2Ehtml
or this:
http://www.google.com/search?hl=en&lr=&ie=ISO-8859- 1&q=secure32.html&sa=N&tab=gw

....Alan

--
Alan Edwards, MS MVP W95/98 Systems
http://dts-l.org/index.html

In

microsoft.public.windows.inetexplorer.ie6.browser, "Brian"

 

[Brian]

Thanks for the help, I'll give it a go.

Brian

-----Original Message-----
See this site for possible help and more information:
http://www.mvps.org/inetexplorer/answers.htm#home_page

In addition to the info there, check your StartUp folder for any programs
that look suspicious. If no joy, go to Start, Run, type in "msconfig" (no
quotes), click Okay, go to the StartUp tab, and look for any line there that
look suspicious. You probably went to a web site and clicked on something
that made the additions/changes to your registry or added a script to your
system that caused this problem. This can also be caused by running an
email attachment or clicking on something in a HTML email.

You may also want to check out StartPage Guard -
http://pjwalczak.com/spguard/index.php
StartPage Guard protects your PC from cyberscam, by monitoring status of
your internet browser StartPage and preventing it from any unauthorized
changes.

And to keep from having to manually edit the registry to unlock your
homepage settings, try this little script by Doug Knox, MS MVP:
http://www.dougknox.com/security/scripts_desc/nosethomepag e.htm

More information here: http://www.cexx.org/hphijack.htm

This is caused by a parasite/spyware/malware on your system:

Use Ad-Aware and/or Spybot Search & Destroy to remove it.

Ad-Aware: http://www.lavasoftusa.com/
Spybot: http://security.kolla.de/
(Good site on how to install and use Spybot -
http://www.tomcoyote.org/SPYBOT/)

More information here:
http://www.mvps.org/winhelp2002/unwanted.htm
http://www.spywareinfo.com/
http://www.mvps.org/inetexplorer/Darnit.htm
http://www.doxdesk.com/parasite/ - runs a little script when loading page to
check for common parasites

--

Jon R. Kennedy
Charlotte, NC, USA
(e-mail address removed)



.