DelphiFAQ Home Search:

SpySheriff displays secure32.html - where does Secure32.html come from?

 

comments223 comments. Current rating: 5 stars (82 votes). Leave comments and/ or rate it.

Question:

My computer got infected with Spysheriff and I was able to remove it. But it still shows a blue background and the bogus warning as the background - which is set up in file c:secure32.html. When I delete the file, it comes back. Where does this Secure32.html come from?

Answer:

The file secure32.html is generated by a program called Paytime.exe.
Paytime.exe is located in C:\WINDOWS\system32\paytime.exe

How to solve this problem:
  1. Bring up your taskmanager by pressing Control + Alt + Delete, in some Windows versions select the 'Processes' tab. Then click on 'Paytime.exe' and end the task.
  2. Delete paytime.exe, which you should find under c:WindowsSystem32
  3. Delete c:secure32.html
  4. Run Explorer. It will tell you that it cannot find the path for secure32.html. Use the default configuration of Explorer and everything will be OK.


Content-type: text/html

Comments:

You are on page 14 of 15, other pages: 1 2 3 11 12 13 [14] 15
2007-01-12, 13:56:44
anonymous from Belgium  
rating
It's not that hard to remove, yet there may be MORE THAN ONE EXECUTABLE (got your attention?) causing the problem. As soon as possible after you got infected, go to your windows/system32 folder, and sort the files on date. You'll see at least one recent exe file, allong with the secure32.html file, all recently created at the same moment. Open task manager, and see which of the executables are running (I first had autosys.exe, fixed it as described here yet it didn't solve the problem. That's when I sorted my files on date, and found a few more files). End the process, delete the files from your system32 folder (you apparently can't delete the secure32.html in your system32 folder as long as the process is running), then delete the secure32.html from your C: drive. Open regedit, search for secure32.html (press F3) and delete all entries. All should be well (It worked for me).
2007-01-12, 17:39:01
waryaa from Canada  
yoo this was sick i only have to change my homepage
thanks alot whoever said that

but would there be any prblems in the future..it seem ok so far???
2007-01-13, 04:56:41
anonymous from United Kingdom  
Hi
i cant 3 key my comp so i cant get to the task manager ive used every spyware prog like spyferret spyware doc and a few others ive all so tride reg mechanic they all report this poxy trojan but i cant seem to get shut of it the comp is connecting to the net when it wants i cant get my homepage up etc any thoughts would be grate cheers Ady
2007-01-13, 17:48:27
anonymous from Portugal  
rating
hi ppl
I done this and it worked.... i didn't found any of these files that you said...but i did this and worked:

Start-Run
Type Regedit and press Enter
This brings up the registry
Press F3
Type secure32.html and press Enter
For each found reference, delete it and press F3 again until all references have been deleted
Restart your computer
Open IE and change the home page to whatever you want

2007-01-14, 11:18:20
[hidden] from Gulf Breeze in Florida, United States  
rating
awsome post man been fighting this for about a month worked perfectly
2007-01-15, 00:33:51
anonymous from Lithuania  
after those things with regedit i solve the problem.thanx guys
2007-01-15, 08:12:26
anonymous from Japan  
rating
i keep changing my homepage from secure32.html thru regedit. still that sets as my homepage whenever i lauch IE. please help. thanks!
2007-01-15, 17:32:01
anonymous from United States  
Amazing, I tried 100 different things, NOTHING worked, this worked like a CHARM~!~~
2007-01-17, 16:04:57
anonymous from Nottingham in Nottingham, United Kingdom  
rating
thanks guys will try tomorrow when on the pc infected,hopr it works i not want t oformat and start again witjh a 300 gig harddrive.
www.workingthedoors.co.uk www.danlin-security.co.uk
2007-01-17, 19:40:27
anonymous from United States  
for those who still having trouble finding why ur system still having that thing n cant fing paytime or paytime nowhere to be found download kill2me n ur problem is finish.....:)
2007-01-18, 15:45:10
anonymous from Australia  
Very good advice - simple and effective. Thank you.
2007-01-19, 21:38:26
anonymous from India  
my task manager is disabled an i cant find paytime32.exe
2007-01-22, 03:12:25
[hidden] from South Africa  
some antivirus software or sytem mechanic or xp utilities will wipe out paytime.exe and you will not find it in your processes or system32 but you will still get popup when you open ie in this cas use step4 when i pressed use defualt it still gave me secure32 as my defualt home page so i mannualt typed in a website and bam it worked...Thanks for you useful information i was stuck with this for 3 or 4 hours now hope my tip can help some frustrated people


Keywords:
2007-01-24, 22:45:59
anonymous from United Arab Emirates  
rating
i am not able to find secure32.html or paytime.exe
plz help when ever i type any url it go's to an ip addresse 127.0.0.1
2007-02-01, 16:50:24
anonymous from United States  
I have tried alllll of these things! I cannot find paytime, I tried deleting all secure32 items from my registry, I tried the task manager thing, I tried Kill2me... NONE HAVE WORKED FOR ME. I am still getting secure32.html as my homepage! PLEASE HELP ME
You are on page 14 of 15, other pages: 1 2 3 11 12 13 [14] 15

 

 

NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.
 

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: