winsecure.exe seems to be a popular filename among virus writers. The main reason seems to be that it contains two words Win- for windows, and Secure- indicating somthing to do about security. In my quick search in the Google search results did not give me a single instance of this file being used by some legitimate company. However there is no denying that someone somewhere may have used this filename into his software, and if that be the case you should be well aware of it if it exists on your computer. Apart from that you can safely assume this to be a virus process/ file, particularly if you have recently downloaded some sort of a keygen. 

In some cases it corrupts the iexplore.exe  and uses it to monitor your keystrokes, therefore it is advisable to use another browser other than internet explorer during the period you are trying to disinfect your computer, and also reinstall Internet Explorer to ward off any doubts.

There are several ways such harmful files may get installed on your computer.

1) You may have downloaded it knowingly or unknowingly mistaking it to be something else.
2) It may have automatically downloaded while you were visiting some harmful website
3) Your computer may have a trojan virus which in turn downloads more viruses

You can find latest ThreatExpert analysis reports of this virus/rogue on this link

If you happen to have the virus installer, you can submit it to threatexpert site and get it analyzed. That will help you to get the precise information about the virus. 

 Files Associated

 These are the different EXE file names that are used in this malware

Trying system restore

If you know the duration since your computer is infected, you can try to restore your computer at a prior date, that will work like a miracle in removing the infection

• Using system restore in windows XP
  •          Using system restore in windows Vista

Free removal tools

• Special tools to remove a single virus or a family of virus.
• Free Online virus scanners
• Fully functioning antivirus/ antispyware

•  Free tools for windows XP
  
  
  • Free tools for windows Vista

Manual Removal

These are the steps to be taken, if you want to or need to remove the infected files manuall. You may not find all the files that are mentioned below on an infected computer. The virus adds different files depending on its variation. I have listed all the names found in the reports available. 

Boot in safe mode

Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them.

• How to boot in safe in windows XP

• How to boot in safe mode in windows Vista

 Remove Processes from Task Manager 

Press Ctrl Shift Esc to open Task Manager. See in the list of the processes for winsecure.exe, SVCHOSTS.exe  Select and press End Process button, Confirm to terminate the process and Close Task Manager.

Alternately you can use Windows Defender to see the path of a currently running program/ process and its publisher, so as to differentiate malware processes from processes belonging to legitimate publishers. You may find such processes listed under Unknown Publisher in windows defender.

• How to use Windows Defender in windows XP
  
  
  •         How to use Windows Defender in windows Vista

• How to use Sysinternal's Process Explorer 

Removing entry from windows startup

The system configuration can be started in xp and in vista by typing msconfig in the run box/ start menu search box. In xp by clicking on Start > run . The windows startup is reversible, therefore you can check / uncheck any entry from windows startup any number of times.

After the system configuration window is open, Click on the Startup tab, that will list all the programs that are scheduled to start with windows. Expand the middle column using your mouse pointer so that you can see the full path of the program. Locate and uncheck winsecure.exe, SVCHOSTS.exe (look for any other suspicious names too)  Press Apply , Press Close/Ok , Select  "restart" at the next prompt.

 View Hidden Files

Before you could delete winsecure.exe and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders 

•  How to Enable to View Hidden Files and Folders in Windows XP
  •         How to Enable to View Hidden Files and Folders in Windows Vista

Deleting files

After restarting the computer, use the windows search utility to search for "winsecure.exe" and delete all its instances

These are some files that were found on an infected computers.

 Run CCleaner

After deleting winsecure.exe and its associated files , as there will be leftover entries in the windows regitry. CCleaner is a free temp files/registry cleaner, that will automatically clean the registry as well as remove the temp files . Click here to read more

 Edit Registry

if you are comfortable in using the regedit command. You  can find the registry modifications in any of the reports mentioned in the begining of this article.

• How to edit registry in windows XP
  •           How to edit registry in windows Vista 

More Problems

If you are unable to open Task Manager, registry editor, system restore, Folder Options etc

If the virus has disabled them. There are free tools and techniques to solve this problem.  They are listed here.

Tools for Windows XP

Tools for Windows Vista

Use the system file checker

If you want to make sure that the windows system files are not altered by the virus, and in case if they are altered then to repair them.

•  How to run System File checker utility in windows XP
  •          How to run System File checker utility in windows Vista

Unable to access security related sites

Using Firewall

Check your firewall for any suspicious communication from your computer to the internet and block it using firewall.

Communincates with the following sites

• wow.biatches.org

 Reprinted with permission from ThreatExpert.com