DelphiFAQ Home Search:

SpySheriff displays secure32.html - where does Secure32.html come from?

 

comments223 comments. Current rating: 5 stars (82 votes). Leave comments and/ or rate it.

Question:

My computer got infected with Spysheriff and I was able to remove it. But it still shows a blue background and the bogus warning as the background - which is set up in file c:secure32.html. When I delete the file, it comes back. Where does this Secure32.html come from?

Answer:

The file secure32.html is generated by a program called Paytime.exe.
Paytime.exe is located in C:\WINDOWS\system32\paytime.exe

How to solve this problem:
  1. Bring up your taskmanager by pressing Control + Alt + Delete, in some Windows versions select the 'Processes' tab. Then click on 'Paytime.exe' and end the task.
  2. Delete paytime.exe, which you should find under c:WindowsSystem32
  3. Delete c:secure32.html
  4. Run Explorer. It will tell you that it cannot find the path for secure32.html. Use the default configuration of Explorer and everything will be OK.


Content-type: text/html

Comments:

You are on page 12 of 15, other pages: 1 2 3 9 10 11 [12] 13 14 15
2006-08-25, 10:35:31
anonymous from Singapore  
hi people,

when i open the internet explorer i get the message'' :///c:/secure32.html, make sure the path or internet address is correct'' i click ok and then i can access internet explorer and browse the net for few minutes but it stops and says can not display the page''

can you help me please?

thanks
2006-09-28, 04:13:21
anonymous from India  
My computer got infected with Spysheriff and I was able to remove it. But it still shows a blue background and the bogus warning as the background - which is set up in file c:secure32.html. When I delete the file, it comes back. Where does this Secure32.html come from?
2006-09-28, 04:14:10
anonymous from India  
rating
2006-12-27, 07:03:46
anonymous from United States  
Thank u very much..........
2006-12-27, 07:08:03
anonymous from United States  
rating
Thanks a lot !! It really removed the hell out of my PC.
2006-12-28, 07:28:47
from Denmark  
Hey. I have found a much easier way to do this. I just downloaded a little handy programme called 'CWShredder' and now all works perfect. Just google the programme and you will find it.
2006-12-28, 13:19:14
anonymous from United Kingdom  
Damnnn ITTT!!....this is driving me crazy...i cant find a paytime.exe in the task manager, i cant find it in the system32 folder neither, i dont have no blue background or nothing i have removed the spyware from my computer but it just keeps on coming back, i seriously need a way to fix this if anybody knows how to please email me at danny_felipe@hotmail.com...i am in need of help seriously!
2006-12-29, 06:02:07
anonymous2 from Israel  
me too cannot find that Paytime and not in taskmanger
nothing yet helped me through
2006-12-29, 06:03:29
anonymous from United States  
Just got and killed the virus off. If there is no paytime or any of the other mentioned names, go to the task manager if possible and look for something that has an odd name. The variant that I got is using randomized names - tried to launch several times under several names and Avast caught it, but finally overwhelmed it somehow. I had a file called 'nnmrpa.exe' in the C: and the secure32.html was on C: and in system32. It had also added a variety of zip files under a C:\Windows\**cantremember-deleted toofast** folder. I did a MyComputer search based on the time stamp of the nnrmpa.exe.

I went to the Task Manager and killed the trees off with the running processes nnrmpa.exe - there were 2 of them - and then went and deleted the files that I had found.

I also strongly recommend HijackThis - particularly if Task Manager won't come up as some people have experienced. I used this as well to make sure that all refs to the secure32 and nnrmpa were killed during this process. Be aware - HijackThis will let you clobber your computer if you use it unknowingly. Strongly suggest working with this tool when you DON'T have a virus so that you know what is normal for your computer.

I have found - through several hard lessons that these programs are best when you have them ready to go when you need them - and not after the fact. Took me about half an hour of 'doing it on my own' to kill and verify registry and all that through this process using these tools and methods. Got curious as to what others had to say about this virus and ended up here. Had a nasty bout with viruses about a year ago and I choose now to be very cautious - maybe a little overboard, but I can go back now using my computer confident that this one is killed permanently :)
2006-12-29, 09:00:39
Guan Gong from Singapore  
1) Bring up your taskmanager by pressing Control + Alt + Delete, in some Windows versions select the 'Processes' tab. Then click on 'Paytime.exe' and end the task.

2) Delete paytime.exe, which you should find under c:WindowsSystem32

3) Delete c:secure32.html

4) Run Explorer. It will tell you that it cannot find the path for secure32.html. Use the default configuration of Explorer and everything will be OK.

I did these 4 steps, nut I still can't use IE7. When I open an IE window, it displays Cannot find 'file:///C:/secure32.html'. Make sure the path or internet address is correct.

I also can't change my homepage to http://www.google.com or any other websites. It remains set as 'c:\secure32.html'.

Last thing is when I open 2 IE windows, I went to www.hotmail.com, the other is to www.google.com. But the windows that is use to view hotmail automatically closes. Can somebody help me solve it?
2006-12-29, 12:29:29
Pls help someone from Switzerland  
rating
Hey people pls help me
I cant ope 'IE 7' but i tried your 4 steps. on the first step i cant continue these 4steps because i dont have a paytime under 'C:/windows/systeme32/' i searched my all harddisks but i cant find 'paytime.exe' or 'secure32.html'........
what should i do?
2006-12-29, 12:36:40
kingbo@hotmail.com from United States  
rating
Hey Guys....

I found the soulution. I did not have the Paytime.exe file anywhere in my files.
Here is the fix.

1.) Goto C:\Windows\System32

2.) Find the File named AUTOSYS.EXE (This is what sends the dreaded secure32 nightmare.

3.) Delete AUTOSYS.EXE (enjoy peace of mind once more.)

P.S. : It took me 2 full days to find this !!!!!!

See ya,
Kingbo


2006-12-29, 12:39:27
Pls help someone from Switzerland  
k im here again
and ive done my own way to fight this fucking spyware!!!
to the other who still cant use 'IE 7' u just have to change the Startpage of your Broweser (IE 7)
2006-12-29, 12:40:37
Pls help someone from Switzerland  
i can use my IE 7
i didnt delete autosys.exe but i think ive to do this too
and thanx :)
2007-01-01, 14:18:22
mufc_the_religon@hotmail.com from United Kingdom  
Hi my homepage keeps reverting back to c:\secure32.html but i cant find it anywhere on my comp. the only thing i have found was AUTOSYS.EXE but it wont let me delete it, 'access deneid, make sure disk is not full etc'

really need help, only got computer 4 christmas and already f**ked it up! cheers
You are on page 12 of 15, other pages: 1 2 3 9 10 11 [12] 13 14 15

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: