Secure.html Hijacker, tried most everything(

Discussion in 'adware, spyware & hijack cleaning' started by Bob411, Jun 17, 2004.

Thread Status:
Not open for further replies.
  1. Bob411

    Bob411 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    3
    Hello, and thank you for your consideration.
    I have read 5 other threads concerning this type of hijack, and tried all the posted solutions to no avail. I have loaded all described downloads, and have cleaned well,(tried safemode) but the effect "secure.html" browser hijack haunts me, 22hrs in to this, I am defeated. Pls have a look at my log.
    Thankyou for your time.

    Logfile of HijackThis v1.97.7
    Scan saved at 6:57:42 PM, on 6/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\seksdialer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hero Planner\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi Bob411,

    It looks like a big chunk of your log is missing.

    Download and run: CWShredder
    Use the Fix button and follow the instructions you will receive.

    Reboot and post a new HijackThis log.

    Regards,

    Pieter
     
  3. Bob411

    Bob411 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    3
    Hello again, I ran the CWS shredder, and rebooted.
    Here is my new log, I"m afraid I deleted entries I shouldn't have :( in my ignorance) using Hijackthis.exe. lists. That was a few days ago before I posted here. This is the whole log as shown. Thanks for your time.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:53:51 AM, on 6/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Hero Planner\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
     
  4. Bob411

    Bob411 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    3
    Since , have found two distinct adware labeled by my TrojanHunter, and Spysweeper,

    have found "sekesdialer.exe"
    and "Secure.html Hijacker"

    Both I delete and wash, but the homepage always reloads itself.

    Thanks for your time.
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Did u know that HijackThis makes backups? ;)

    U might want to restore the entries u deleted so Pieter can help u with your problem also i'm sure u have lost some things u would like to get back. ;) :D


    snowbound
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.