smartsecurity

[Guest]

oh would would i like to find these people!!!!

ok i have done everything everyone here has suggested, but i can not get rid of the c:\secure.  that this is a SOB. I have 3 diffrent spyware adaware virus trackers and even thou they fond a few things and cleared them up, nothing i can do will get rid of it.  If any one comes up with a solution please post it in basic computer talk lol i am a computer novice!

[Barry]

[quote name=\'Guest\' date=\'Jun 16 2004, 11:33 AM\']only problem now is since i deleted c://windows/web/desktop.html that my IE keeps resetting my homepage to about:blank :s[/quote]
 First, thanks to all for their help and suggestions!

After I got rid of all the items listed above I still couldnt get a real desktop.  After I replaced "Desktop.HTML" and in Control Panel/ Display/Desktop tab/Customize Desktop/ Web tab/, I found a "Security" webpage.  I unchecked it and then removed it and was them able to go in and resellect a wallpaper and save my internet home page.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />


Hope this helps!

[buffboi]

go download spysweeper... it is the best and gets rid of it!

[Guest]

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

These Smart Security Assholes appear to be based in the UK. Can we find out if they're a real company and sue the hell out of them?

If not, Ill personally give $1000 US to anyone in the UK who will kill or maim these [censored]ers... IRA or Al Qaeda are you listening?


ps, Im just joking on the last one. Don't want The Dept of Homeland Security knocking on my door

[damo]

first off, let me say this was a pain in the arse to figure out, but it was staring me in the face the whole time. i wrote a huge detailed response to a couple virus software vendors etc. but here i'll just post wot i did. and mycomp specs.

read this through entirely before doing anything, and i'm not responsible for any damage caused  etc. etc. and i'm sure that the operators of this forum don't want to be either


there are a few things i've noticed the virus/spyware do.
first the desktop was replaced by a webpage that led to www.smart-security.info apologizing that their advertisers are malicious (bs). this desktop, as long as it was enabled would open up pages to various websites every 60 seconds or so. i removed it by going to desktop properties=>web and deselecting 'security' i also deleted it (no need to keep it).

that's the desktop done, now the rest

first thing's first...write this down, save it to a text file, print it out, whatever. you may not have net access to this page in safemode. restart and when you see your hard disks being detected by bios start pushing F8 until you see the boot menu for windows. select safe mode or safe mode with networking (which may allow net access)
check the processes running and if mstasks2.exe is running, stop it.
go to the windows directory (btw i have winxp pro) and delete these files:
'system.exe','desktop.exe','seksdialer.exe','mstask2.exe','mstask1.exe','mstask3.exe','mstask4.exe','secure.html'.
notice how secure.html reappears.

now this is the trick to get rid of this [censored]...you need to have your xp cd handy... i don't know if the good old 'FCKGW' cd's will work, but guess they should.

hit the sweet ctrl+alt+del combo that has served so many times before, but usually only to close other 'not responding' microsoft programs.
find explorer.exe in the processes list and end it...your start menu should disappear.
go to file=>new task (run) and type 'cmd'
browse to d:\i386\ (where d: is your cd drive)
type in 'copy explorer.ex_ c:\windows\explorer.exe' (ex_ is not a typo and where c:\windows is the location of your INFECTED copy of explorer.exe)
the prompt will ask if you want to overwrite the file...yes you do.

thats a fresh explorer.exe and no auto changing to secure.html. you can now start up explorer again by closing the cmd prompt and going to file=>run on the task manager again. this time type 'explorer.exe'

if u have a anti-virus software, at some stage it may find a file or two it doesn't like and delete them or whatever it does. this should be ok.

boo ya

that's it...change your home page back to google or whatever it was, but remember to delete secure.html first. just in case it reinfects.

i checked the registry a thousand times trying to work the virus/spyware out, but in the end i dont think it actually uses it...just in case though, you should check for anything in the run/runservices that you dont want starting.


win xp pro sp1 (2600.xpsp2.030422-1633)


forums i posted on:
http://www.computercops.biz/postt48562.html
http://www.thetechguide.com/forum/index.ph...showtopic=10600

no spyware/anti-virus programs found this [censored], but we may now all sleep easy knowing we may not have to format our comps

[Guest]

just to double check...

If I delete the file  windows>system.exe  ... this isn't going to balls up my computer completely is?

Plus,  my laptop came with windows XP ready installed, so I don't have the disks,   how essential is the step that involves the disks?

I'm a real tech idiot, I'm a bit scared to do anything unless I mess the whole thing up!

[Guest]

no deleting system.exe will not have any effect on your computer.... I finally think I got rid of this bitch...  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

what I deleted
first of all I have unchecked the security box and then deleted it from my HD after that I deleted:
mstask 1 from c:\windows
mstask 2 from c:\windows
mstask 3from c:\windows
mstask 4 from c:\windows
system.exe from c:\windows

also deleted the (smart security) contents of c:\windows\web
and finally run some ad-ware and antivirus program's (like ad-ware 6 and of course norton antivirus)

greetings cas
 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' />

[Guest]

It won't let me delete system through win explorer.  it says access denied...

[Guest]

my main problem seems to be to get my iexplorer home page to stay at one of my own choosing...

grr...

[Cleveland St. Jacques]

This is the icicng on the cake!! I also wrote "Smartsecurity" a nasty email, and they responded! They sent me a link to their website where I could download a removal tool. This was after I fixed the problem myself, (I was looking for the tool to use at my clients sites), when I tested the tool, IT REINSTALLED THE FRIGGING HIGHJACK!!!!! To get rid of the web desktop:click start/settings/control panal/display/desktop/customize/web and make sure "security" is listed... just click remove. 1 problem done. Then run Adaware,Spybot Search and Destroy,MRU Blaster,Install Spygaurd and Spyblaster. I also run X Cleaner, Reg Scrub XP, XP Anti Spy, Big Fix, and finally Highjack This. When using Highjack This read very carefully. Look at the codes after running scan and see if there is a "R0" code, click the info button to see decriptions of the codes. If the "R0" code points to your browser, select and click "Fix Checked". 2 Problems done. Also look closley at the "0" codes. Now see if the Auto update has been disabled in your antivirus. If it is try to run update manually. If you can't reinstall your antivirus and update the definitions. Do a full system scan and you should have a few trojans. Get rid of them. Problem 3 done. As you go through this process you will see the files mentioned in previous postings, such as mstask1, windows/system.exe., etc. Did anyone else but me notice the date this all started? This is a fairly new problem for all of us. You can find links to some of the software I mentioned at my website, www.monsterpc.net at the bottom of the Spyware page (page2). If you are running XP turn off system restore while doing the removal, otherwise you will just be reinstalling if you need to roll back. You can turn it back on after you are sure you are all set.   GOOD LUCK!!!

[nick c]

Thanks for you all your help http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

[spencer]

chased this thing for three days still cant get it out "smart security" needs to have their little bottom spanked till they cry and promise to never do it again, any one with the brilliance to punish them out there?

[BustaDyme]

[quote name=\'damo\' date=\'Jun 17 2004, 04:19 AM\']first off, let me say this was a pain in the arse to figure out, but it was staring me in the face the whole time. i wrote a huge detailed response to a couple virus software vendors etc. but here i'll just post wot i did. and mycomp specs.

read this through entirely before doing anything, and i'm not responsible for any damage caused  etc. etc. and i'm sure that the operators of this forum don't want to be either


there are a few things i've noticed the virus/spyware do.
first the desktop was replaced by a webpage that led to www.smart-security.info apologizing that their advertisers are malicious (bs). this desktop, as long as it was enabled would open up pages to various websites every 60 seconds or so. i removed it by going to desktop properties=>web and deselecting 'security' i also deleted it (no need to keep it).

that's the desktop done, now the rest

first thing's first...write this down, save it to a text file, print it out, whatever. you may not have net access to this page in safemode. restart and when you see your hard disks being detected by bios start pushing F8 until you see the boot menu for windows. select safe mode or safe mode with networking (which may allow net access)
check the processes running and if mstasks2.exe is running, stop it.
go to the windows directory (btw i have winxp pro) and delete these files:
'system.exe','desktop.exe','seksdialer.exe','mstask2.exe','mstask1.exe','mstask3.exe','mstask4.exe','secure.html'.
notice how secure.html reappears.

now this is the trick to get rid of this [censored]...you need to have your xp cd handy... i don't know if the good old 'FCKGW' cd's will work, but guess they should.

hit the sweet ctrl+alt+del combo that has served so many times before, but usually only to close other 'not responding' microsoft programs.
find explorer.exe in the processes list and end it...your start menu should disappear.
go to file=>new task (run) and type 'cmd'
browse to d:\i386\ (where d: is your cd drive)
type in 'copy explorer.ex_ c:\windows\explorer.exe' (ex_ is not a typo and where c:\windows is the location of your INFECTED copy of explorer.exe)
the prompt will ask if you want to overwrite the file...yes you do.

thats a fresh explorer.exe and no auto changing to secure.html. you can now start up explorer again by closing the cmd prompt and going to file=>run on the task manager again. this time type 'explorer.exe'

if u have a anti-virus software, at some stage it may find a file or two it doesn't like and delete them or whatever it does. this should be ok.

boo ya

that's it...change your home page back to google or whatever it was, but remember to delete secure.html first. just in case it reinfects.

i checked the registry a thousand times trying to work the virus/spyware out, but in the end i dont think it actually uses it...just in case though, you should check for anything in the run/runservices that you dont want starting.


win xp pro sp1 (2600.xpsp2.030422-1633)


forums i posted on:
http://www.computercops.biz/postt48562.html
http://www.thetechguide.com/forum/index.ph...showtopic=10600

no spyware/anti-virus programs found this [censored], but we may now all sleep easy knowing we may not have to format our comps[/quote]
 Ayo, I know you don't take responsability and what not, but I did just like you posted, and the end result was no explorer at all! When I restarted the computer all I got was the desktop image and that's all. No means of navigating.

Luckily I have the Win XP CD and I just reinstalled it. You sure it's explorer we got to delete?

Apart from that all your other advice was cool.

Thank you all for your assistance. This is really a new problem that we're all experiencing and apparently these guys are somehow protected so that they can't be brought to justice  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

[Guest]

Thank you all for the info to get rid of the smart-security trash that had been dowloaded to my pc.
I will never purchase anything from that sneaky company.

My best to you all...

[Guest]

Use ADAWARE (build 1.81 at least) to remove the crap/  spybot search & destroy also/ and or pestcontrol.

Then the fukkers use something like ACTIVE DESKTOP, you can track down the files, but it will still load an blank screen or something after deleting. You have to put it OUT manually in DESKTOP SETTINGS/ACTIVE DESKTOP in Windows... good luck!

[Guest]

Use ADAWARE (build 1.81 at least) to remove the crap/  spybot search & destroy also/ and or pestcontrol.

Then the fukkers use something like ACTIVE DESKTOP, you can track down the files, but it will still load an blank screen or something after deleting. You have to put it OUT manually in DESKTOP SETTINGS/ACTIVE DESKTOP in Windows... good luck!

[Guest]

Ahh Smart-Security.  I wouldn't send him any money. Whois has the registration info as:

Domain ID:D5928130-LRMS
Domain Name:SMART-SECURITY.INFO
Created On:18-May-2004 10:24:19 UTC
Last Updated On:15-Jun-2004 17:50:11 UTC
Expiration Date:18-May-2006 10:24:19 UTC
Sponsoring Registrar:R159-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C4844095-LRMS
Registrant Name:Aleksandr Romantsev
Registrant Organization:Smart Security GM
Registrant Street1:Lindaal 33
Registrant City:Overijse
Registrant Postal Code:3090
Registrant Country:BE
Registrant Phone:+1.3022617417
Registrant FAX:+1.3022617417
Registrant Email:[email protected]
Admin ID:C4844095-LRMS
Admin Name:Aleksandr Romantsev
Admin Organization:Smart Security GM
Admin Street1:Lindaal 33
Admin City:Overijse
Admin Postal Code:3090
Admin Country:BE
Admin Phone:+1.3022617417
Admin Email:[email protected]
Billing ID:C4844095-LRMS
Billing Name:Aleksandr Romantsev
Billing Organization:Smart Security GM
Billing Street1:Lindaal 33
Billing City:Overijse
Billing Postal Code:3090
Billing Country:BE
Billing Phone:+1.3022617417
Billing Email:[email protected]
Tech ID:C4844095-LRMS
Tech Name:Aleksandr Romantsev
Tech Organization:Smart Security GM
Tech Street1:Lindaal 33
Tech City:Overijse
Tech Postal Code:3090
Tech Country:BE
Tech Phone:+1.3022617417
Tech Email:[email protected]
Name Server:NS1.SMART-SECURITY.INFO
Name Server:NS2.SMART-SECURITY.INFO

This is not a legitimate company, I suspect there isn't even anything to download except some more scum once you send this joker money.


-- 1 old crow

[Guest]

[quote name=\'Guest\' date=\'Jun 15 2004, 04:30 PM\']Doesn't work for me, unfortunately.  Right clicking does bring up a menu.  Selecting Properties gets a window but, no Web tab, only General.  

Has anyone any advice to offer?

HI, to solve your screen background prob, just go to Settings off the start menu and select either NVidia Nview Desktop Manager (if you have that) or to the DISPLAY options.  If select Nvidia then select display settings.  Select DESKTOP from either one (Nvidia or DISPLAY ) then select Customize desktop.  Select the WEB folder and delete the SECURITY  option that shows there and all should look normal again.[/quote]
 Doesn't work for me, unfortunately.  Right clicking does bring up a menu.  Selecting Properties gets a window but, no Web tab, only General.  

Has anyone any advice to offer?

HI, to solve your screen background prob, just go to Settings off the start menu and select either NVidia Nview Desktop Manager (if you have that) or to the DISPLAY options.  If select Nvidia then select display settings.  Select DESKTOP from either one (Nvidia or DISPLAY ) then select Customize desktop.  Select the WEB folder and delete the SECURITY  option that shows there and all should look normal again.

[Boogie boy]

If I got hold of these malicious prats I'd pull their eyeballs out with a pair of cocktails sticks.

Frustration aside, even with all the good advice I cannot get rid of C/secure.html and am consequently getting regularly linked to a porn web site where the girls look underage.  :

Does anyone have any advice as to how to get rid of this for someone with limited understanding of computers and also how do we report the underage girl sites. The website names are virginlovers, I think, and [censored]schoolgirls which is nice.

[one pissed-off dude]

hi everybody... from what it seems, I have the same problem that you all are dealing w/..... I got rid of most of it - the secure.html is dead; sytem.exe, desktop.exe, mstasks1-4.exe, the loader, sekdialer, etc., all gone.... at first glance, WIN:ME appears to finally be healthy again. However....

I seem to be having a diffculty that no one else here has mentioned. I have WIN Media Player 9, or rather, used to - I noticed the shortcut AND .exe both lost the original icon look and are replaced by the default 'application' icon... and whenever I try to run it, the whole thing repeats. Seksdialer returns and begins dialing, mstasks1 and all return, etc. When I was looking around after clearing it all out again - WMP9 aside, don't know what to do there - I noticed this log file... basically I saw a TON of files - loaders and such - being copied and installed. Right now I just want my music! That, and to know that I can safely run stuff w/o fearing reinfection...