|
 |
|
|
| How to delete Secure32 - Removal tool, fix instructions |
|
Secure32
Name: Secure32
Aliases: -
Type: Adware
Size: 4,901
First appeared on: 21.10.2005
Damage: Low
Brief Description:
It downloads malware from Internet and modifies the Start, Local and Default Page of Internet Explorer. It can be automatically downloaded while accessing several adult sites or pirated software websites.
Secure32 is an adware program that downloads several types of malware to the affected computer, such as other adware, spyware and Trojans.
Additionally, it modifies the Start Page, Local Page and Default Page. Instead, it opens Internet Explorer windows that contain an image whose aim is to deceive users, making them believe that their computer is affected by spyware and enticing them into purchasing a rogue antispyware program.
Secure32 can be installed in the affected computer without user consent, as it is automatically downloaded while accessing several adult sites or pirated software websites that use vulnerability exploits in order to affect computers.
Visible Symptoms:
Secure32 is easy to recognize, as when the Start Page, Local Page or Default page is opened, it displays an Internet Explorer window containing the following text instead:
Detected SPYware! System error #384
Your IP address is *.*.*.*. Using this address a remote computer has gained access to your computer and
probably is collecting the information about the sites you've visited and the files contained in the folder Temporary Internet Files! Attention! Ask for help or install the software for deleting secret information
about the sites you visited.
Your computer is full of evidences!
ISP of transmission:
Your IP address
They know you're using: Mozilla/4.0 (compatible, MSIE 6.0, Windows NT 5.1)
Your computer is: Windows XP
Risk status: VERY HIGH RISK
Technical description:
Secure32 carries out the following actions:
It downloads the following types of malware to the affected computer:
- Other adware.
- Spyware.
- Trojans, especially of the password stealer type, whose aim is to obtain passwords, and of the downloader type, which downloads other malware to the affected system.
- It modifies the Start Page, Local Page and Default Page.
Secure32 creates the file SECURE32.HTML in the Windows directory. This file belongs to the image displayed in the start, local and default page of Internet Explorer.
Secure32 downloads the following files from Internet:
- COUNTRY.EXE, KL1.EXE, MS1.EXE,TOOL2.EXE, TOOL4.EXE, TOOL5.EXE, TOOLBAR.EXE and WINSTALL.EXE, which is saved in the Windows directory.
- CHILD.DLL, DDHHNKKI.DLL, DPCFFAMF.DLL, FLOOP64.DLL, PAYTIME.EXE, SVWHOST.DLL and SVWHOST.EXE, which is saved in the Windows system directory.
On the other hand, Secure32 creates a subfolder called HOSTS in the Windows directory, which contains several files belonging to websites from which it downloads malware.
Secure32 creates the following entry in the Windows Registry:
- HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ Main
Default_Page_URL = %windir%\secure32.html
where %windir% is the Windows directory.
Additionally, the downloaded malware creates the following entries in the Windows Registry:
- HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
Windows installer = %windir%\wininstall.exe
- HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
WindowsUpdateNT = %windir%\svwhost.exe
By creating these entries, Secure32 ensures that it is run whenever Windows is started.
Secure32 modifies the following entries of the Windows Registry:
- HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ Main
Local Page = %windir%\secure32.html
- HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ Main
Start Page = %windir%\secure32.html
- HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Internet Explorer\ Main
Default_Page_URL = %windir%\secure32.html
- HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Internet Explorer\ Main
Local Page = %windir%\secure32.html
- HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Internet Explorer\ Main
Start Page = %windir%\secure32.html
Propagation:
Secure32 can be installed in the affected computer without user consent, as it is automatically downloaded while accessing several adult sites or pirated software websites that use vulnerability exploits in order to affect computers.
Removal tool and instruction:
This virus can't be removed manually, but there are instructions for restoring Start Page, Local Page and Default Page of Internet Explorer.
In order to restore the Local Page and Default Page change the values of the entries of the Windows Registry mentioned below to other websites of your choice, as the following ones belong to Secure32:
- HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ Main
Local Page = %windir%\secure32.html
- HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Internet Explorer\ Main
Default_Page_URL = %windir%\secure32.html
- HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Internet Explorer\ Main
Local Page = %windir%\secure32.html
where %windir% is the Windows directory.
AntivirusWorld recommends:
If you're not sure you can remove the virus manually, use one of the following antiviruses:
|
|
|
|
|
