Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Error Message Detected Spyware! System 384


  • Please log in to reply
1 reply to this topic

#1 jean788

jean788

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 November 2006 - 02:20 PM

My lap top starts up fine, but when ever I try to access the Internet the first time after I have turned the computer on, I get a blue screen with the message –
Detected Spyware! System 384. In the “Address” bar it shows C:\WINNT\SYSTEM32\secure32.html

This is on a Windows 2000 system and I am using Internet Explorer. If I go under Tools and Internet Options and look at the home page setting it says:
File:///C:\WINNT\system32\secure32.html

I can change the home page here and go on the Internet just fine. I can close out of the Internet and come back in just fine. But, if I do a restart or shutdown the same thing happens again.

I did follow the path and in the C: Drive there is a “blue letter e” Icon labeled “secure32.html”. If I click on it once, it will display and show me the exact blue screen that I am getting. So I am thinking this is getting put back in my C: Drive each time I turn on the computer. I have deleted that icon out of here, but every time I restart or shut down and come back on to go on the Internet, the same thing happens.

This computer is used on a network. If I log in with my own username and password I do get the blue screen with the 384 error. If I log in as the Admin username and password, I do not have any trouble. (not sure if you need this info or not) This works the same if I am just hooked up to a DSL modem with no IP’s numbers under TCP/IP or if I have the IP numbers set up under TCP/IP.

I do have Adaware SE Personal on the laptop and have updated it and then ran the program from the SAFE mode. I did not have a current virus program on the computer, but have since loaded AVG Anti-Spyware and also ran it in the SAFE mode.
Could someone please reply to me and tell me step by step how to get rid of this screen.



MOVED to a more appropriate forum. ~acklan~

Edited by acklan, 21 November 2006 - 10:41 PM.


BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:10 AM

Posted 21 November 2006 - 10:08 PM

It sounds that the infection you have is an adserver that is working in your profile.

Run the following:

Ad-Aware SE Personal - freeware
http://fileforum.betanews.com/detail/Adawa...nal/965718306/1
or
http://www.lavasoftusa.com/products/ad-aware_se_personal.php

Spybot S&D:
Update – Aug 2006 - Spybot by default now ignores certain products such as New.Net and Sidestep for no good reason. New.Net compromises the WinSock stack by routing all your DNS queries through the NewDotNet.DLL. To enable detection go to "Settings", "Ignore products", "All products" Tab, right click on "Product", left-click on "Deselect all".

http://www.safer-networking.org/en/index.html
Be sure to enable “Teatimer” which gives you realtime protection against malware invasion.

Microsoft Windows Defender
Windows Defender will give you an additional tool in your control panel named Software Explorer which is excellent for examining software installed on your computer, its startup menu, etc which will help you identify what it is.
http://www.microsoft.com/athome/security/s...re/default.mspx
This also provides realtime protection.

Ewido Antispyware Free
http://free.grisoft.com/doc/20/lng/us/tpl/v5

If the anti-malware aps above do not cure the problem and/or if you want to be sure your system is clean post a Hijack This log in our Hijack This Logs and Analysis forum.

Read the tutorial here before you create and post your log:
Hijack This Preparation Guide
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


And then post your log here:
http://www.bleepingcomputer.com/forums/posthjtlog.html

After you create the log discontinue any other attempts to clean or fix your computer because if you do anything else it will make the HJT log obsolete (no longer accurate).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users