|
That is a Trojan you have.
Troj/Regldr-A copies itself to the windows folder as the file Reg32.exe and sets the following registry entry so that it will be executed on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Reg32
= C:\Windows\Reg32.exe
Troj/Regldr-A will set the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Local Page
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKLM\Software\Microdoft\Internet Explorer\Main\Local Page
HKLM\Software\Microsoft\Internet explorer\Main\Start Page
to point to the page secure.html located in the default Windows folder. This HTML page claims that the system has been compromised by spyware and prompts one to visit http:||www,privacyoutpost.com/enter.html?wm=dkvaget.
Scan your system with updated anti virus software.
|