|
| |||||||||
| Tags: ad aware, firewall, malware, mcafee, security center, service pack 2, windows xp |
![]() |
| | Thread Tools | Search this Thread |
|
#1
| |||
| |||
| Malware and disabled security center previously posted by another user. My daughter(who says she knew better) clicked on a suspicious link in an AIM message she received, AIM went crazy, and now Windows Security's firewall is disabled and auto update turned off, with the ability to turn the firewall back on denied because of a group control issue. The fix suggested by Bruce Chambers to the other poster to go into group policy editor (start-run-gpedit.msc) would not work for me, windows said it could not find it. McAfee found no virus, Ad-Aware found no malware, but Spybot found 6 entries that all relate to windows security center--it says it fixes them but the firewall problem remains and when I run Spybot again it finds the same 6 entries. They are all registry changes, they read as follows: WindowsSecurityCenter.AntiVirusDisableNotify settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0 WindowsSecurityCenter.AntiVirusOverride HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0 WindowsSecurityCenter.FirewallDisableNotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0 WindowsSecurityCenter.SP2Update HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Won dows\WindowsUpdate\DoNotAllowxps2!=dword:0 WindowsSecurityCenter.UpdateDisableNotiry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdayesDisableNotify!=dword:0 Any help would be appreciated, as I just spent many hours getting rid of the downloader-AWX Trojan that McAfee found but could not remove, and now this. Signed, A weary not-really-computer-savvy Mom who has better things to do. |
|
#2
| |||
| |||
| Re: Malware and disabled security center
Try booting the computer into "Safe Mode with Networking" (so as to minimize the interference by the Malware if possible) and then go to one of the following free online scanner sites and see if they can clean up the machine: Bit Defender http://www.bitdefender.com/scan8/ie.html Trend Micro http://housecall.trendmicro.com Kaspersky Online Scanner http://www.kaspersky.com/virusscanner Panda ActiveScan http://www.pandasoftware.com/activescan WindowSecurity.com TrojanScan http://windowssecurity.com/trojanscan Webroot http://www.webroot.com/ To boot the computer into "Safe Mode with Networking" turn it on and start tapping the F8 key rapidly just as soon as the first information of any kind shows on the screen. Keep tapping until the Windows XP Startup menu appears and choose "Safe Mode with Networking" from the menu. Note: If the initial Windows XP startup "splash screen" shows instead of the startup menu you have missed it and will have to restart and try again. Either you did not start tapping the key soon enough and/or you were tapping too slowly. |
|
#3
| |||
| |||
| Re: Malware and disabled security center
As an additional note, the Group Policy Editor (GPEDIT) does not exist in XP Home. And if you're having trouble getting into Safe Mode, boot normally. Then click Start, Run and enter MSCONFIG Go to the BOOT.INI tab and check the /SAFEBOOT option. Reboot. This forces XP to boot into Safe Mode. Undo the change when you're finished. |
|
#4
| |||
| |||
| RE: Malware and disabled security center
relax first . You can't do anything if you are weird :) Now , take a day off work because this should be solved but it needs some time , some hours ... Perform carefully and strictly the "Check for and eliminate" instructions in my site http://pandaman.my.contact.bg to kill that malicious software . In addition ,on the bottom of the instructions there is a link to the "Special clean" instructions which you need to read When you are clean , make sure you visit all other sections and protect your PC and force your child use Limited accout and things like that ... :) |
|
#5
| |||
| |||
| RE: Malware and disabled security center
Thanks to all for the replies, I guess I have some work to do. If one of these steps finds and removes the malware responsible, will the registry settings go back to the way they should be or will I have to do it myself? I know less about editing registry than I do about malware. Sigh. Thanks again. |
|
#6
| |||
| |||
| RE: Malware and disabled security center
Ugh, same problem with me, I have been chasing this one for a week. This has been the only place I have found the exact symptoms to my problem, however I have not seen any posts from users who were able to correct the errors. I will try the suggestions here and report back. |
|
#7
| |||
| |||
|
This is not necessary bad. You get this message when Windows Automatic Updates is turned Off. Many people like me don't turn on the annoying automatic updates for windows. |
|
#8
| |||
| |||
| Re: Malware and disabled security center
Well, to tell you the truth! I have had all sorts of "malware" ruining Windows Server 2003! Although I had all kinds of security precautions one could ever think of, at the end the server was "nailed"! After trying all kinds of malware utilities (and also purchased some of them since they showed me possible solutions that could only be solved by registration) most of the problems weren't solved. The BEST SOLUTION that I came across, and I am sure it will LITERALLY make your problems disappear, was Malwarebytes' Anti Malware. The great thing about this software is that it will perform fixes without any kind of purchase! The demo period is fully functional! Malwarebytes' Anti Malware can be downloaded from: http://www.malwarebytes.org/ I wish you all the best of luck! Last edited by RobertOnline : 24-09-2009 at 04:42 PM. |
|
#9
| |||
| |||
| Re: Malware and disabled security center
Can you specifically detail how the server was protected from malware? I'm sure you mean antimalware utilities. But, which ones and specifically, what were the problems? Perhaps if MBAM's "full version" is now in-use, some of the server's problems will be avoided. |
|
#10
| |||
| |||
| Re: Malware and disabled security center
Most important aspect of server security is to minimize the attack surface. Disable unneeded services (particularly IIS if it's not a webserver, terminal services, etc. if not used.) Close remote-access loopholes such as Administrative Shares and Remote Registry if you have no need of them. Disable CD and USB auto-run. (Very important!) Ensure that the firewall only allows access to those ports which are actually needed. (And yes on a DC that's no simple task but it's bad practice to just turn the firewall off instead) On a non-domain workgroup server, it's possible that 445 may be the only port you actually need open to the LAN, plus perhaps the email ports 110/25. And, most importantly, do not allow a Domain Admin logon to be used on any workstation, as this opens the way for any malware running on that workstation to attack the server across-the-wire. Instead, use a local Admin logon for maintenance work. Set a group policy to only allow designated server-operators to logon at the server console (and lock the console if it's normally left logged-on) This will stop users from treating the server as a 'spare computer' when the admin's not around. Attend to these essentials and your server probably won't get hit by malware. Fail to attend to them and I can pretty-much guarantee it will, no matter what anti-this or anti-that you install. |
|
#11
| |||
| |||
| Re: Malware and disabled security center
In the sense of postmortem analysis, it would have been quite helpful to know exactly /what/ got through their defenses and /what/ those defenses were that failed. Good basic server hardening is certainly one of several important aspects. |
|
#12
| |||
| |||
| Re: Malware and disabled security center
That is true, in my experience it's fortunately not too common for servers to be compromised. If it does happen, it warrants some thought as to why, and what can be done to prevent a repeat. The greatest concern for servers is probably SMB/RPC attack vectors, since these do not require any user-interaction, and will often work despite users having limited accounts. (and apparently server 2008 has a serious example of such already, which does not bode well for future Microsoft security!) |
![]() |
|
| Thread Tools | Search this Thread |
| |
Similar Threads for: "Malware and disabled security center" | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Microsoft Windows Security Center Disabled | kendra | Windows Security | 4 | 06-01-2009 05:23 PM |
| Security Center disabled | Scott-az | Windows Security | 4 | 16-11-2008 10:27 PM |
| Folder wscsvc, error 1058, security center disabled | ANameThatCan''tBeUsed | Windows Security | 2 | 04-07-2008 09:04 PM |
| Norton Internet Security 2008 and Vista's Security Center | howardavatar | Vista Security | 8 | 24-01-2008 09:33 AM |
| Microsoft windows security center disabled | Gary | Windows Security | 1 | 13-05-2007 03:06 AM |