Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows\secure.html problem 2

Status
Not open for further replies.
gransbpa

gransbpa

Programmer
Jun 5, 2001
98
NL
Hi there,

I'm seriously infected with a virus or something like that causing several problems: it is changing my startpage to c:\\windows\secure.html. After that, I get several messages that I am infected with spyware, and all kinds of xxx-sites open themselves up. Virtually every process on my pc crashes then, usually I have to push the on/off button to switch off the machine. Somehow, by opening two IE sessions, I managed to load some programs like spybot s&d, hijack this and history kill. History kill does seem to work, you can enable an option to prevent a home page from changing. Now, every time a program starts, and with a very regular interval, I am alarmed that an attempt is made to change my startpage from blank to c:\\windows\secure.html. I can see several entries with this reference in my Hijack.this log, but when I fix these entries, they return after a minute or so. Now, I'm wondering what is causing this? I mean, there must be a program running in the background. But even when I could kill this process, (I suppose you can kill every task one by one and find out which it is by trial and error), it will start up again when rebooting the pc, so there must be some line of code somewhere activating this program on start-up. WHERE??? Is it in the Autoexec.bat, in the config.sys? Or even on a deeper level? I am determined to find it, but I don't know how to handle this.
Does anyone have an idea.

Any help will be greatly appreciated.

Thanks.
 
Sort by date Sort by votes
Gransbpa;

First, what O/S , SP, etc... What verison of IE are you running?

Since everything re-appears on its own, I'm assuming you're running XP... When you start deleting things, make sure system recovery is off or else it'll all reappear at the next boot.

Along with Spybot and HiJack This, try a mix of AdAware, CWShredder and Bazooka... No one tool is going to do it all but between them you'll get a good handle on things. Make sure after downloading the tools you check their sites for the latest updates. Run Hijack This and post the log here for analysis....

Mike
 
Upvote 0 Downvote
Thanks Mike, I'll try your tips and post the hijack.
I'm running Win98, IE version 6.0.2800.1106
Just a question: how do I disable system recovery in XP? (I also had some minor problems on a XP-machine). And is it also possible to disable system restore on a win98 machine?
 
Upvote 0 Downvote
Not sure about the Windows 98 restoration, but for XP all you need to do is run services.msc (from Start > Run), find System Restore and set it to "Off".

Sounds like vicious spyware (malware to be precise), the xxx sites is certainly associated with such spyware/malware.

AdAware is great, so use that.

Also make sure you have a decent firewall running on your pc. The Google toolbar is also great for blocking popups. I use all these and I never have any problems. You should scan for spyware at least once a week to prevent such things happening again.

Hope you get it sorted :)
 
Upvote 0 Downvote
help, I am having the same problem. I am on windows 98 and have run adware, spybot, norton... made sure I had the most current files, and it still won't remove the program that keeps changing my home page to secure.html

I was able to browse under secure and secur and I was able to find text files that housed the web page that referes to spyware. By deleting those pages I was able to eliminate the page (now its blank) and also it does not jump to the pron pages. however, everytime I delete secure.html it keeps coming back....it is hanging up my system as well...

also, the bug will not let me go to google.com

please help!!!

Anthony

 
Upvote 0 Downvote
one last note, the secure.html reappears immediately after deleting (even before a reboot). I tried deleting in safe mode and it still reappears. So I don't know if setting system recovery to off will work since it resets itself perpetually it seems...
 
Upvote 0 Downvote
I also suggest that you use Mozilla's Firefox browser when browsing the Internet. For me, I only use IE if the site I'm visiting tells me that that their site is best read in IE.
 
Upvote 0 Downvote
I had the same problem on Windows 2000 and found the following solution:

1.Restart the computer in safe mode/safe mode command prompt.
2.Go to the windows\system32 directory
3.Find and delete explorer.exe & system32.dll (ONLY from the windows\system32 directory)
4.Go to the windows\ directory & delete secure.html
5.Restart the computer
6.Search for files called "HOSTS" (with no file extention) & delete them (usually 2)
7.Modify your homepage settings in IE to your favourite homepage.
8.Restart your computer & run all your programs to check you have a sucessfull "erradication".

Hints:
- be cautious, not to delete the original "explorer.exe" in the windows\-directory or the original "hosts" file in Windows\system32\drivers\etc\. The malware files are smaller (about 4-5kB) and have a more actual date.
- perhaps there are little differences in paths on Win98, but I think you'll find it.
- Symantec AV, with virus definitions of 7/7/04 or later should also find these files.

Hope this helps

Peter
 
Upvote 0 Downvote
Hi gransbpa,
Very sorry to trouble you but I am having the exact same problem as you have/had. I also have windows 98, i have the same problems with explorer as you do and also when i go to open folders like "my computer" it locks up and i have to restart. I dont really understand the posting system and what the above goes into. Could you please tell me, or anyone, how to get this thing sorted, i really do not have a clue when it comes to computer virus's etc.
Many Thanks for your time, any help is much appreciated
Sam
 
Upvote 0 Downvote
pjst,

I was trying to use your method to remove secure.html on my friend's win98 machine. The differences were:

- there was no explorer.exe in the win32 directory
- there was only one "HOSTS" file (it fit the description and was created when the problem began

We did everything else as instructed, but afterward the network card has been crippled. Reinstalling has not fixed it. Any thoughts on whether a new network card is required, or whether this indicates that we've done more serious damage?

Thanks,

Junebug41
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
221
Russtoleum
Russtoleum
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
217
ITSUPPORTIT
ITSUPPORTIT
pbxnkey
  • Locked
  • Question
Cisco ASA VPN using Windows Client-Error 691
Replies
1
Views
257
pbxnkey
pbxnkey
wrighbr1
  • Locked
  • Question
Cisco ASA 5505 site to site VPN problem
Replies
0
Views
183
wrighbr1
wrighbr1
mattbarkerlfc
  • Locked
  • Question
Checkpoint 2200 subnet overlap problem
Replies
0
Views
201
mattbarkerlfc
mattbarkerlfc

Part and Inventory Search

Sponsor

Back
Top