file:///c:/secure32.html autosys.exe

Status
Not open for further replies.

baehan

Posts: 7   +0
my laptop has not had any problems until recently. over the weekend, when i start my laptop, it automatically pops up IE trying to get to a website www.coloradosheep.com/accounting/........... really odd since i've never tried to go to that website before. i close that window and open up IE and i received an error that says "Cannot fine 'file:///c:/secure32.html'." i ultimately cannot use IE anymore. i use this laptop for everything and have a lot of files on there. is this autosys.exe something that i should reformat to resolve? can i follow your steps to cleaning up my laptop and feel secure that the issue is resolved? if i have to reformat, can i transfer all my files to my desktop without worrying that the virus will follow to the other pc?

thanks for your help.
 
Hello and welcome to TechSpot.

I believe that this is some type of malware causing this problem. I don't know what you use your laptop for, but in any case, don't move files from your laptop to your desktop. Please read this thread: If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Depending on what you use your computer for, you may want to reformat instead of cleaning it.

If, after reading the above thread, you decide to clean your system, check out this thread: Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly, then post fresh HJT and AVG logs as attachments into this thread.

Cheers :)

This thread is for the use of baehan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
 
i tried installing the Kerio firewall, and afterwards, i no longer have use of my mouse buttons, arrow keys, enter key, basically majority of the keyboard. when i hit the windows key, it works. crtl + esc works also. went to safe mode to delete the kerio firewall and it won't delete. is this also a symptom of the virus or coincidence?
 
Hello and welcome to Techspot.

autosys.exe is a backdoor trojan, which means the malware is designed to open a backdoor into your system. This allows the attacker to steal passwords, data etc. If you use your computer for online banking, credit card transactions, or storing sensitive data, then the best course of action is to reformat the system and reinstall from scratch. You would also, need to contact your finacial institutions and have your accounts protected with new passwords etc.

The chances are, your system will also be infected with other nasties as well.

The problems you`ve been having since installing the Kerio firewall may be resolved by doing a system restore to before you installed the programme.

You need to let us know how you wish to proceed.

Regards Howard :wave: :wave:

This thread is for the use of baehan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
i'm quite frustrated with my laptop now. i plan to reformat. i've got my laptop working again to the point i can use my mouse and keyboard now the way it should. can i still save my pictures and videos and documents before i reformat? will the virus be able to somehow transfer itself or attach itself to any of the files that i need? i have another computer that my wife uses that i can transfer all the files to. her computer is running fine. is there anything i can do to her computer to be sure that it is running optimally?

please help me reformat properly and set up my computer properly so that i do not run into these issues. thank you very much for your assistance.
 
First of all, I need you let us know if you have a Windows disk, or does your laptop have recovery disks or a recovery partition?

Regards Howard :)

This thread is for the use of baehan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
howard, thank you for such a fast response.

i have an xp sp2 disk and also my toshiba laptop came with a restore disk that has xp media center edition on it.

can i save my old files or do i need to let them go? i was told that viruses infect the system and my files are fine to transfer.
 
You should be ok to backup your pictures, videos, music and documents, although you need to bear in mind that if your documents are stored as .doc files, there is a risk that they too could be infected. If they are stored as .txt files, then this won`t be a problem.

Once you`ve completed that, disconnect from the internet. DO NOT reconnect to the net until windows has be reinstalled and you have installed your firewall software.

You need to do the following.

1 Restart your computer and go to setup usually by pressing the F2 or delete key.

2 Once you get into setup look for the boot menu and make sure you set it to boot from cd first followed by your hard drive.

3 Put the Windows xp disk into your cd.

4 Now save your settings and exit setup.

5 While your computer is booting you will see a message that says "press any key to boot from cd" press any key.

6 When the welcome to setup screen appears press enter and then press F8 to accept the Microsoft license agreement.

7 You will be prompted to repair an installation press the escape key.

8 Now select the partition that you want to reformat and press the D key to delete it you will be asked to confirm that you want to delete the partition.

9 Now press C to create a brand new partition you will be asked what size you want the partition to be in mega bytes. If you just press enter then the partition will be the maximum size that you can have. This is perfectly ok if you don`t want to create multiple partitions.

10 You will now be asked to format the partition select the ntfs file sytem and do a full format.

11 Once the format is complete setup will continue.

Your computer will restart during the remaining setup again you will be asked to press any key to boot from cd DO NOT PRESS ANYTHING. and setup will continue. Once the setup is complete and you are back in Windows remove the Windows cd from your cd drive.

You will now need to install your firewall software, once you`ve done that, you can reconnect to the net and install drivers/windows updates/software etc. Don`t install an antivirus programme, until you have all the drivers you need installed. This is because installing drivers with antivirus programmes enabled, can screw up the driver install.

Regards Howard :)

This thread is for the use of baehan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
what are the programs you always recommend that i have installed on the computer for protection and maintenance?
 
took a while, but it's near done. i've reformatted the laptop using the toshiba recovery disk. i've installed all the recommended programs. i've installed most of my programs that i use. i ran the recommended programs and here are the logs.

howard...you're AWESOME!!! how often should i run the recommended programs?
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ALCMTR.EXE
2007118143554_mcinfo.exe<I can find no info on this file, so unless you know what it is and it`s safe, you should get rid of it.

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Baehan\LOCALS~1\Temp\2007118143554_mcinfo.exe /insfin

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\Baehan\LOCALS~1\Temp\2007118143554_mcinfo.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

You should run the recommended programmes every week or two, or whenever you suspect something is wrong.

Regards Howard :)

This thread is for the use of baehan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is now clean.

Now would be a good time to clear out your old system restore points and anything nasty that`s in them. The following instructions will do that and create a brand new, clean restore point.

Turn off system restore.(XP/ME only) See how HERE.

Turn system restore back on again.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of baehan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Whats happening dudes, I had this same problem with the "collorado.com" pop up after I logged into xp. It seemed to start after I installed ppmate network tv, I think it turned off my firewall on my wireless network connection (in windows) because it was off when I checked, which allowed something to creep in.

Anyway I noticed the process mschkdsk.exe running in C:/windows/system32/ didn't recognise it so I bleached it (secure delete) with window washer. I rebooted and it seems to be gone, hopefully it's gone for good, the system is running fine, I'm using a dell xps m1710, running xp home sp2.

Hope this helps.
 
Status
Not open for further replies.
Back