PDA

View Full Version : Secureantivirus.exe: What is it(I need help fellow nerds)?


Dead
03-04-2005, 05:42 PM
I found this on my computer two days ago and thought I had deleted it.

It kills my internet access and closes taskmgr, regedit, and msconfig whenever I try to open them. The Blaster worm did the same thing so I thought it was that but I don't think it is.

I've run Norton in safe mode and thought I got it but it keeps loading on startup and so I renamed taskmgr to taskmgr1 so I could open it. Then I can kill the process from taskmgr1. It's called secureantivirus.exe

Then I go into regedit hkey local machine and into the microsoft\windows\run folder and delete a key called WinSecure Antivirus.

When I restart the computer the file is running again in taskmgr and the key is back. I can't figure it out.

So basically once I kill the process and key it is fine until I restart. It loads on startup.


Any suggestions?

Thanks, Dead

stabn
03-04-2005, 05:46 PM
Google it.

Dead
03-04-2005, 05:48 PM
I tried bro, and came up with two matches. The first one was useless and the second had nothing to do with it.

Google is useless for this. /images/graemlins/frown.gif

JackWilson
03-04-2005, 05:49 PM
Norton search it.

Dead
03-04-2005, 05:50 PM
Done and found nothing. I think it's designed to evade Norton detection in my scanner as well.

Boris
03-04-2005, 05:50 PM
These little bastards area bitch to remove. Spyhunter might do the trick but you have to fork out $30 without knowing for sure. Post your problem on a computer whiz message board (Google time) and you should get a more qualified answer than you'll find here.

Dead
03-04-2005, 05:55 PM
Done. Thanks for this advice. Maybe my fellow computer nerds can help me out on this one.

lucas9000
03-04-2005, 06:06 PM
try this (http://www.annoyances.org/exec/forum/winxp/1109807012)

Thythe
03-04-2005, 06:11 PM
Download HijackThis. You can then run it and it will list all processes and other things that your computer runs. This includes everything that starts up when you turn on your computer. Delete out the suspected software and you should be fine. Be careful, if you were to delete everything on the list your computer would cease to exist. Only delete it if you are 100% sure it is something you don't want.

Boris
03-04-2005, 06:14 PM
you probably have to run hijackthis twice in safe mode. then one more time in normal mode. Even this might not work. google every process that is unfamiliar to lean which ones to keep and which ones to get rid of.

Dead
03-04-2005, 06:34 PM
I fixed it, so if anyone else has this problem they can do this:

TURN ON show hidden files and folders in your Windows Explorer settings. SecureAntivirus.exe is a sneaky program and it hides itself in the Windows folder. I wasn't finding it earlier because I wasn't searching for hidden files and folders. A friend of mine recommended that I do this and I was able to delete the program and now it doesn't load anymore.

Happy days.

Dead

Boris
03-04-2005, 06:35 PM
You got off easy.

Dead
03-04-2005, 06:37 PM
Boy do I know it Boris.

I've been [censored] by these things so many times. I've probably reformatted 3 or 4 times in the past 2 years, with a lot of late nights screwing around with the Windows folder.

I don't even know for sure how I got it, but I have an idea. My friend had a link in her AOL profile that said Pictures, and I clicked it and I didn't realize that it was a .PIF file, an executable. Turns out that it was infected. She probably didn't even do it herself, since this thing can f with AOL settings.

People who create worms and viruses should be shot.

lucas9000
03-04-2005, 06:42 PM
[ QUOTE ]
My friend had a link in her AOL profile that said Pictures, and I clicked it

[/ QUOTE ]

who could blame you?

Dead
03-04-2005, 06:44 PM
I blame myself because I should have paid attention to the file extension. Pictures don't come in .PIF files. Maybe I was tired and thought that it said .TIFF, which is a high quality picture format.

But either way it was my fault. She couldn't have known that her computer was infected, and it definitely wasn't on purpose.

I just have to be more careful in the future.

wonderwes
03-04-2005, 11:28 PM
That HiJack this is a great utility. I thank you for posting that. All the things I ran couldnt get rid of the damn registry and vb scripts that got stuck into XP.