If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Malware and disabled security center
My daughter's computer (HP running WinXP Home SP2) has the same problem as
previously posted by another user. My daughter(who says she knew better) clicked on a suspicious link in an AIM message she received, AIM went crazy, and now Windows Security's firewall is disabled and auto update turned off, with the ability to turn the firewall back on denied because of a group control issue. The fix suggested by Bruce Chambers to the other poster to go into group policy editor (start-run-gpedit.msc) would not work for me, windows said it could not find it. McAfee found no virus, Ad-Aware found no malware, but Spybot found 6 entries that all relate to windows security center--it says it fixes them but the firewall problem remains and when I run Spybot again it finds the same 6 entries. They are all registry changes, they read as follows: WindowsSecurityCenter.AntiVirusDisableNotify settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0 WindowsSecurityCenter.AntiVirusOverride HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0 WindowsSecurityCenter.FirewallDisableNotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0 WindowsSecurityCenter.SP2Update HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Won dows\WindowsUpdate\DoNotAllowxps2!=dword:0 WindowsSecurityCenter.UpdateDisableNotiry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdayesDisableNotify!=dword:0 Any help would be appreciated, as I just spent many hours getting rid of the downloader-AWX Trojan that McAfee found but could not remove, and now this. Signed, A weary not-really-computer-savvy Mom who has better things to do. LOL |
Ads |
#2
|
|||
|
|||
Malware and disabled security center
AZK wrote:
My daughter's computer (HP running WinXP Home SP2) has the same problem as previously posted by another user. My daughter(who says she knew better) clicked on a suspicious link in an AIM message she received, AIM went crazy, and now Windows Security's firewall is disabled and auto update turned off, with the ability to turn the firewall back on denied because of a group control issue. The fix suggested by Bruce Chambers to the other poster to go into group policy editor (start-run-gpedit.msc) would not work for me, windows said it could not find it. McAfee found no virus, Ad-Aware found no malware, but Spybot found 6 entries that all relate to windows security center--it says it fixes them but the firewall problem remains and when I run Spybot again it finds the same 6 entries. They are all registry changes, they read as follows: Try booting the computer into "Safe Mode with Networking" (so as to minimize the interference by the Malware if possible) and then go to one of the following free online scanner sites and see if they can clean up the machine: Bit Defender http://www.bitdefender.com/scan8/ie.html Trend Micro http://housecall.trendmicro.com Kaspersky Online Scanner http://www.kaspersky.com/virusscanner Panda ActiveScan http://www.pandasoftware.com/activescan WindowSecurity.com TrojanScan http://windowssecurity.com/trojanscan Webroot http://www.webroot.com/ To boot the computer into "Safe Mode with Networking" turn it on and start tapping the F8 key rapidly just as soon as the first information of any kind shows on the screen. Keep tapping until the Windows XP Startup menu appears and choose "Safe Mode with Networking" from the menu. Note: If the initial Windows XP startup "splash screen" shows instead of the startup menu you have missed it and will have to restart and try again. Either you did not start tapping the key soon enough and/or you were tapping too slowly. Good luck Ron Martell Duncan B.C. Canada -- Microsoft MVP (1997 - 2006) On-Line Help Computer Service http://onlinehelp.bc.ca "Anyone who thinks that they are too small to make a difference has never been in bed with a mosquito." |
#3
|
|||
|
|||
Malware and disabled security center
As an additional note, the Group Policy Editor (GPEDIT) does not exist in XP Home. And if you're having trouble getting into Safe Mode, boot normally. Then click Start, Run and enter MSCONFIG Go to the BOOT.INI tab and check the /SAFEBOOT option. Reboot. This forces XP to boot into Safe Mode. Undo the change when you're finished.
-- Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. "AZK" wrote in message ... My daughter's computer (HP running WinXP Home SP2) has the same problem as previously posted by another user. My daughter(who says she knew better) clicked on a suspicious link in an AIM message she received, AIM went crazy, and now Windows Security's firewall is disabled and auto update turned off, with the ability to turn the firewall back on denied because of a group control issue. The fix suggested by Bruce Chambers to the other poster to go into group policy editor (start-run-gpedit.msc) would not work for me, windows said it could not find it. McAfee found no virus, Ad-Aware found no malware, but Spybot found 6 entries that all relate to windows security center--it says it fixes them but the firewall problem remains and when I run Spybot again it finds the same 6 entries. They are all registry changes, they read as follows: WindowsSecurityCenter.AntiVirusDisableNotify settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0 WindowsSecurityCenter.AntiVirusOverride HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0 WindowsSecurityCenter.FirewallDisableNotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0 WindowsSecurityCenter.SP2Update HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Won dows\WindowsUpdate\DoNotAllowxps2!=dword:0 WindowsSecurityCenter.UpdateDisableNotiry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdayesDisableNotify!=dword:0 Any help would be appreciated, as I just spent many hours getting rid of the downloader-AWX Trojan that McAfee found but could not remove, and now this. Signed, A weary not-really-computer-savvy Mom who has better things to do. LOL |
#4
|
|||
|
|||
Malware and disabled security center
My reply is at the bottom of your message :
"AZK" wrote: My daughter's computer (HP running WinXP Home SP2) has the same problem as previously posted by another user. My daughter(who says she knew better) clicked on a suspicious link in an AIM message she received, AIM went crazy, and now Windows Security's firewall is disabled and auto update turned off, with the ability to turn the firewall back on denied because of a group control issue. The fix suggested by Bruce Chambers to the other poster to go into group policy editor (start-run-gpedit.msc) would not work for me, windows said it could not find it. McAfee found no virus, Ad-Aware found no malware, but Spybot found 6 entries that all relate to windows security center--it says it fixes them but the firewall problem remains and when I run Spybot again it finds the same 6 entries. They are all registry changes, they read as follows: WindowsSecurityCenter.AntiVirusDisableNotify settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0 WindowsSecurityCenter.AntiVirusOverride HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0 WindowsSecurityCenter.FirewallDisableNotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0 WindowsSecurityCenter.SP2Update HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Won dows\WindowsUpdate\DoNotAllowxps2!=dword:0 WindowsSecurityCenter.UpdateDisableNotiry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdayesDisableNotify!=dword:0 Any help would be appreciated, as I just spent many hours getting rid of the downloader-AWX Trojan that McAfee found but could not remove, and now this. Signed, A weary not-really-computer-savvy Mom who has better things to do. LOL Relax first . You can't do anything if you are weird Now , take a day off work because this should be solved but it needs some time , some hours ... Perform carefully and strictly the "Check for and eliminate" instructions in my site http://pandaman.my.contact.bg to kill that malicious software . In addition ,on the bottom of the instructions there is a link to the "Special clean" instructions which you need to read When you are clean , make sure you visit all other sections and protect your PC and force your child use Limited accout and things like that ... Panda_man -- Bronze level Contributor http://pandaman.my.contact.bg Please , rate posts |
#5
|
|||
|
|||
Malware and disabled security center
Thanks to all for the replies, I guess I have some work to do. If one of
these steps finds and removes the malware responsible, will the registry settings go back to the way they should be or will I have to do it myself? I know less about editing registry than I do about malware. Sigh. Thanks again. |
#6
|
|||
|
|||
Malware and disabled security center
Ugh, same problem with me, I have been chasing this one for a week. This has
been the only place I have found the exact symptoms to my problem, however I have not seen any posts from users who were able to correct the errors. I will try the suggestions here and report back. "AZK" wrote: My daughter's computer (HP running WinXP Home SP2) has the same problem as previously posted by another user. My daughter(who says she knew better) clicked on a suspicious link in an AIM message she received, AIM went crazy, and now Windows Security's firewall is disabled and auto update turned off, with the ability to turn the firewall back on denied because of a group control issue. The fix suggested by Bruce Chambers to the other poster to go into group policy editor (start-run-gpedit.msc) would not work for me, windows said it could not find it. McAfee found no virus, Ad-Aware found no malware, but Spybot found 6 entries that all relate to windows security center--it says it fixes them but the firewall problem remains and when I run Spybot again it finds the same 6 entries. They are all registry changes, they read as follows: WindowsSecurityCenter.AntiVirusDisableNotify settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0 WindowsSecurityCenter.AntiVirusOverride HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0 WindowsSecurityCenter.FirewallDisableNotify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0 WindowsSecurityCenter.SP2Update HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Won dows\WindowsUpdate\DoNotAllowxps2!=dword:0 WindowsSecurityCenter.UpdateDisableNotiry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdayesDisableNotify!=dword:0 Any help would be appreciated, as I just spent many hours getting rid of the downloader-AWX Trojan that McAfee found but could not remove, and now this. Signed, A weary not-really-computer-savvy Mom who has better things to do. LOL |
#7
|
|||
|
|||
Malware and disabled security center
This is not necessary bad. You get this message when Windows Automatic Updates is turned Off. Many people like me don't turn on the annoying automatic updates for windows. -- glove ------------------------------------------------------------------------ glove's Profile: http://forums.techarena.in/member.php?userid=27125 View this thread: http://forums.techarena.in/showthread.php?t=535552 http://forums.techarena.in |
#8
|
|||
|
|||
Malware and disabled security center
RobertOnline wrote:
Well, to tell you the truth! I have had all sorts of "malware" ruining Windows Server 2003! Although I had all kinds of security precautions one could ever think of, at the end the server was "nailed"! Can you specifically detail how the server was protected from malware? After trying all kinds of malware utilities (and also purchased some of them since they showed me possible solutions that could only be solved by registration) most of the problems weren't solved. I'm sure you mean antimalware utilities. But, which ones and specifically, what were the problems? The BEST SOLUTION that I came across, and I am sure it will LITERALLY make your problems disappear, was Malwarebytes' Anti Malware. The great thing about this software is that it will perform fixes without any kind of purchase! The demo period is fully functional! Malwarebytes' Anti Malware can be downloaded from: http://www.malwarebytes.org/ I wish you *all* the best of luck! Perhaps if MBAM's "full version" is now in-use, some of the server's problems will be avoided. Respectfully, -- 1PW |
#9
|
|||
|
|||
Malware and disabled security center
Most important aspect of server security is to minimize the attack surface.
Disable unneeded services (particularly IIS if it's not a webserver, terminal services, etc. if not used.) Close remote-access loopholes such as Administrative Shares and Remote Registry if you have no need of them. Disable CD and USB auto-run. (Very important!) Ensure that the firewall only allows access to those ports which are actually needed. (And yes on a DC that's no simple task but it's bad practice to just turn the firewall off instead) On a non-domain workgroup server, it's possible that 445 may be the only port you actually need open to the LAN, plus perhaps the email ports 110/25. And, most importantly, do not allow a Domain Admin logon to be used on any workstation, as this opens the way for any malware running on that workstation to attack the server across-the-wire. Instead, use a local Admin logon for maintenance work. Set a group policy to only allow designated server-operators to logon at the server console (and lock the console if it's normally left logged-on) This will stop users from treating the server as a 'spare computer' when the admin's not around. Attend to these essentials and your server probably won't get hit by malware. Fail to attend to them and I can pretty-much guarantee it will, no matter what anti-this or anti-that you install. RobertOnline wrote: Although I had all kinds of security precautions one could ever think of, at the end the server was "nailed"! |
#10
|
|||
|
|||
Malware and disabled security center
Anteaus wrote:
Most important aspect of server security is to minimize the attack surface. Disable unneeded services (particularly IIS if it's not a webserver, terminal services, etc. if not used.) Close remote-access loopholes such as Administrative Shares and Remote Registry if you have no need of them. Disable CD and USB auto-run. (Very important!) Ensure that the firewall only allows access to those ports which are actually needed. (And yes on a DC that's no simple task but it's bad practice to just turn the firewall off instead) On a non-domain workgroup server, it's possible that 445 may be the only port you actually need open to the LAN, plus perhaps the email ports 110/25. And, most importantly, do not allow a Domain Admin logon to be used on any workstation, as this opens the way for any malware running on that workstation to attack the server across-the-wire. Instead, use a local Admin logon for maintenance work. Set a group policy to only allow designated server-operators to logon at the server console (and lock the console if it's normally left logged-on) This will stop users from treating the server as a 'spare computer' when the admin's not around. Attend to these essentials and your server probably won't get hit by malware. Fail to attend to them and I can pretty-much guarantee it will, no matter what anti-this or anti-that you install. RobertOnline wrote: Although I had all kinds of security precautions one could ever think of, at the end the server was "nailed"! In the sense of postmortem analysis, it would have been quite helpful to know exactly /what/ got through their defenses and /what/ those defenses were that failed. Good basic server hardening is certainly one of several important aspects. -- 1PW |
#11
|
|||
|
|||
Malware and disabled security center
That is true, in my experience it's fortunately not too common for servers to
be compromised. If it does happen, it warrants some thought as to why, and what can be done to prevent a repeat. The greatest concern for servers is probably SMB/RPC attack vectors, since these do not require any user-interaction, and will often work despite users having limited accounts. (and apparently server 2008 has a serious example of such already, which does not bode well for future Microsoft security!) "1PW" wrote: In the sense of postmortem analysis, it would have been quite helpful to know exactly /what/ got through their defenses and /what/ those defenses were that failed. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Spybot cancelling Safety Center !? | Sam | Security and Administration with Windows XP | 3 | April 30th 06 09:05 PM |
Security Center Service gets disabled automatically | Josper | Security and Administration with Windows XP | 2 | January 24th 06 07:20 PM |
Is malware disabling the Security Center service? | [email protected] | Security and Administration with Windows XP | 1 | January 23rd 06 12:05 PM |
Antivirus Tools Fool XP's Security Center | ! anonymous | General XP issues or comments | 4 | February 4th 05 06:56 AM |
PC Magazine article on Win XP SP 2 security hole | CMAR | The Basics | 1 | August 26th 04 05:46 AM |