Jump to content


Photo

C:\WINDOWS\secure.html


  • Please log in to reply
6 replies to this topic

#1 ultraspaz2004

ultraspaz2004

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 17 July 2004 - 07:50 AM

Hey all, first post.

Anyway, I logged onto the internet a couple days ago to find my homepage (www.google.com) changed to C:\WINDOWS\secure.html.

I thought nothing of it and changed to google, to be greeted by a very unwanted full screen pop-up of a porn site, pictures and everything :ph34r:

I Ctrl-Alt-Del and shut it down and tried the internet again. Same thing. I ran AVG 6.0 virus checker and it said I had a virus inside explorer.exe and mstasks2. I ran hijackthis next, and here is the log file:

Logfile of HijackThis v1.97.7
Scan saved at 13:46:44, on 17/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SurfControl\CyberPatrol\CPHQ.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpserver.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpACtrl.exe
C:\PROGRA~1\SURFCO~1\CYBERP~1\cpCCtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Grisoft\AVG6\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris Walmsley\Desktop\Stuff\Drivers\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [CyberPatrolNew] C:\Program Files\SurfControl\CyberPatrol\CPHQ.exe /m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - http://www.cyberpatr...nline/setup.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab


Please, someone how do I fix this? Having porn each time I go onto the internet really isn't that great on a SHARED family computer, with a child.

#2 ultraspaz2004

ultraspaz2004

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 17 July 2004 - 09:01 AM

--->Bump<---

Please guys, really need some help

#3 ultraspaz2004

ultraspaz2004

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 17 July 2004 - 04:24 PM

Read above :p ^^^^

#4 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 17 July 2004 - 04:28 PM

Hey there.. first can you please find C:\Windows\System32\Explorer.exe

Note: Not C:\Windows\Explorer.exe
Then zip it up and send it to here.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#5 ultraspaz2004

ultraspaz2004

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 17 July 2004 - 04:38 PM

Error:

Cannot open C:\Windows\System32\Explorer.exe
Access is denied

#6 ultraspaz2004

ultraspaz2004

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 17 July 2004 - 04:39 PM

How do I zip it up? I tried going Send To>Compressed Zip Folder, but nothing appears in the folder.

I have WinXP and WinRAR if that helps?

Edited by ultraspaz2004, 18 July 2004 - 03:26 AM.


#7 ultraspaz2004

ultraspaz2004

    Member

  • Full Member
  • Pip
  • 27 posts

Posted 18 July 2004 - 03:16 PM

Come on guys, be smart, help the poor :p




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button