Secure32 hijacked my homepage

Status
Not open for further replies.
First, boot into Safe Mode and remove the following files:

c:\secure32.html
J:\WINDOWS\system32\paytime.exe

Then run HJT again, and place a check next to these items:

J:\WINDOWS\system32\paytime.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [PayTime] J:\WINDOWS\system32\paytime.exe
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs7b.instantservice.com/jars/customerxsigned33.cab

Hit "Fix Checked", then reboot. Run Ad-Aware SE and Spybot S&D once you're finished, to ensure that your system is clean.
 
Status
Not open for further replies.

Similar threads

D
Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails
Replies
2
Views
116
toooooot
T
B
Help with PUBG Mobile Pc
Replies
0
Views
418
basitdogar
B
J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni

Latest posts

Back