Secure.html Hijacker, tried most everything(

Discussion in 'adware, spyware & hijack cleaning' started by Bob411, Jun 17, 2004.

Thread Status:
Not open for further replies.
  1. Bob411

    Bob411 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    3
    Hello, and thank you for your consideration.
    I have read 5 other threads concerning this type of hijack, and tried all the posted solutions to no avail. I have loaded all described downloads, and have cleaned well,(tried safemode) but the effect "secure.html" browser hijack haunts me, 22hrs in to this, I am defeated. Pls have a look at my log.
    Thankyou for your time.

    Logfile of HijackThis v1.97.7
    Scan saved at 6:57:42 PM, on 6/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\seksdialer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Hero Planner\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Bob411,

    It looks like a big chunk of your log is missing.

    Download and run: CWShredder
    Use the Fix button and follow the instructions you will receive.

    Reboot and post a new HijackThis log.

    Regards,

    Pieter
     
  3. Bob411

    Bob411 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    3
    Hello again, I ran the CWS shredder, and rebooted.
    Here is my new log, I"m afraid I deleted entries I shouldn't have :( in my ignorance) using Hijackthis.exe. lists. That was a few days ago before I posted here. This is the whole log as shown. Thanks for your time.

    Logfile of HijackThis v1.97.7
    Scan saved at 8:53:51 AM, on 6/18/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Hero Planner\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
     
  4. Bob411

    Bob411 Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    3
    Since , have found two distinct adware labeled by my TrojanHunter, and Spysweeper,

    have found "sekesdialer.exe"
    and "Secure.html Hijacker"

    Both I delete and wash, but the homepage always reloads itself.

    Thanks for your time.
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Did u know that HijackThis makes backups? ;)

    U might want to restore the entries u deleted so Pieter can help u with your problem also i'm sure u have lost some things u would like to get back. ;) :D


    snowbound
     
Thread Status:
Not open for further replies.