Re: Security Center shows wrong a/v
- From: Lushington <Lushington@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Oct 2009 16:01:02 -0700
Renaming taskmgr.exe worked. So now what I need to know is what is blocking
taskmgr.exe from running under its own name.
Here is the msinfo32 report:
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Name DELL
System Manufacturer Dell Computer Corporation
System Model Dimension 2400
System Type X86-based PC
Processor x86 Family 15 Model 2 Stepping 9 GenuineIntel ~2657 Mhz
BIOS Version/Date Dell Computer Corporation A05, 12/2/2003
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name DELL\Terry
Time Zone Eastern Daylight Time
Total Physical Memory 512.00 MB
Available Physical Memory 285.60 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 1.22 GB
Page File C:\pagefile.sys
"Jose" wrote:
On Sep 30, 8:31 pm, Lushington <Lushing...@xxxxxxxxxxxxxxxxxxxxxxxxx>.
wrote:
Thanks.
Yes, there is more work to do.
As noted, SAV CE was installed and up to date. Windows update patches
likewise.
Although MBAM came up clean, Spybot S&D found some additional traces of
"Windows Protection Suite." I had to leave before I determined whether
allowing Spybot S&D to remove them solved the problem.
Spybot initially had a problem fixing the WPS issue because it couldn't
replace the hosts file. I was able manually deleted the hosts file and then
Spybot claimed it "fixed" the issue. When I attempted to edit the hosts file
back to the default (deleting all the lines below 127.0.0.1 localhost)
there was a permission issue when I attempted to save it. Because this was
XP Home, and I didn't have time to restart in Safe Mode, I saved the edited
file as hosts.txt and then was able to rename it to hosts.
I'll try the MSRT, but I suspect that this will not be simple, even with HJT
logs. Most likely, as Ken suggests, a reinstall will be the only way out.
"PA Bear [MS MVP]" wrote:
You've got MUCH more work to do!
NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!
1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.
2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting requested logs
in an appropriate forum, not here.
Checking for/Help with Hijackware:
•http://aumha.net/viewtopic.php?f=30&t=4075
•http://mvps.org/winhelp2002/unwanted.htm
•http://inetexplorer.mvps.org/tshoot.html
•http://www.mvps.org/sramesh2k/Malware_Defence.htm
•http://www.elephantboycomputers.com/page2.html#Removing_Malware
**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30or other appropriate forums.**
If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
Lushington wrote:
I have a friend with XP Home sp3. The computer was infested with Windows
Protection Suite. This was removed with a combination of Malwarebytes
Anti-Malware and manual deletion (MBAM didn't get it all). There are no
relevant hits for "protection" or "suite" searching either with Windows
Explorer or regedit, but there are 2 leftover bits of odd behavior.
Task manager does not run. There is no error message, just nothing
happens.
We have reset the registry keys but this didn't help. Using a copy of
taskmgr.exe from a clean machine also did not work.
Although there is an active and uptodate Symantec Antivirus Corporate
Edition installed, Windows Security Center still reports that "Windows
Protection Suite reports that it is up to date and virus scanning is on."
Uninstalling and reinstalling SAV CE is not an option; he doesn't have the
install media. I realize that he could just remove it entirely and
install
something else, such as NOD32, but at the moment he's not willing to do
so.
Similarly, the Task Manager issue probably is best dealt with by a clean
install. That too isn't a real option for him at the moment.
Short of reinstalling Windows and/or the antivirus app, any suggestions?
So far, the descriptions of your issues do not sound too scary. They
are just misunderstood.
Post the msinfo32 info, and run the lushing.exe, and then we will know
some things for sure and not have to resort to just trying things.
It sounds like you have limited access to the afflicted system so you
need to get things done chop-chop. Responding to my queries will only
take you a few minutes - even on a slow day, and will tell a great
story. Nothing to download, nothing to install...
I would be far, far, far, far away from a reinstall.
- References:
- Security Center shows wrong a/v
- From: Lushington
- Re: Security Center shows wrong a/v
- From: PA Bear [MS MVP]
- Re: Security Center shows wrong a/v
- From: Lushington
- Re: Security Center shows wrong a/v
- From: Jose
- Security Center shows wrong a/v
- Prev by Date: Desktop Recycle Bin
- Next by Date: Re: System Restore can't restore to restore point
- Previous by thread: Re: Security Center shows wrong a/v
- Next by thread: Re: Security Center shows wrong a/v
- Index(es):
Relevant Pages
|
