Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 

29 posts


  Reply # 285110 25-Dec-2009 11:06
Send private message

Merry Christmas everyone!

Mr Ragnor, hopefully you are correct in your observation.

Anyway, below is the earlier log. I'm guessing that the Microsoft Security Center disabled would be due to Avast, is that right? I've seen this sort of report on scans of other computers too.

Malwarebytes' Anti-Malware 1.42
Database version: 3414
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/12/2009 8:11:05 p.m.
mbam-log-2009-12-23 (20-11-05).txt

Scan type: Quick Scan
Objects scanned: 109054
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\jrikd.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\user\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

156 posts

Master Geek

  Reply # 285111 25-Dec-2009 11:22
Send private message

No, the malware probably turned off the security centre. Avast does not do that. You should turn it back on.
I take it that after this scan when you were prompted to reboot that you did so promptly?

A way to test the security centre is to (briefly) pause the standard shield in Avast, a red shield from the MS security centre should immediately pop up in the system tray.

You should maybe test the other things that typically get disabled by malware, also, including task manager, and system restore. (No need to use system restore, just see if it can be accessed) and the "start>run" command.


29 posts


  Reply # 285114 25-Dec-2009 11:49
Send private message

Yes, I rebooted as soon as prompted by Malwarebytes.

Because I've seen so many Security Centers turned off on computers using other antivirus and firewalls, I left it as it was. However I notice now that it is on - seems that it resumed by itself!  It also doesn't show up as being off when I do a scan. However the red sheild doesn't pop up when I pause Avast.

I have checked those other functions - they all seem to be okay.

156 posts

Master Geek

  Reply # 285118 25-Dec-2009 12:29
Send private message

The "red shield" should pop up. Try (briefly) stopping on access protection, (right click the Avast system tray icon, select the bottom entry, don't be surfing the web at the time) and if it doesn't pop up, something is wrong.
Do you know how to use regedit?
Have you checked via the control panel that it is on?
Was any other AV used on this system, and how was it removed? (You can only have one resident AV installed at a time. Some leave remnants even after they are uninstalled.)

Merry Christmas!

29 posts


  Reply # 285149 25-Dec-2009 18:01
Send private message

Merry Christmas!

No, the red shield doesn't show up when pausing Avast (about 20 - 30 secs), even though in the Control Panel it shows that Security Center is on.

This computer was ex-lease, bought from NZ Laptops, so the hard disc was reformatted and supplied with Avast already installed. No other AV program has been used by us on this computer.

I haven't used regedit, though I have used something with a similar name on Macs years ago. I know that doesn't count Wink

Thanks for your help and showing an interest.

156 posts

Master Geek

  Reply # 285157 25-Dec-2009 19:05
Send private message

No problem. The security centre is not a foolproof warning device, it sometimes gets confused, and (as you see) it can be over-ridden by the right (=wrong) application.

If, however, you are anything like me, you would want it functioning correctly.

Click "Start>run" and in the box type in regedit.Click enter or OK. Navigation is similar to that of Windows Explorer. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
and there should be 6 entries. One of them (the top one) is AntivirusDisableNotify and the data in the right column should read 0x0000000 (0). (All the entries should have the same data.)
If it isn't, right-click the name field, secect Modify and change the "Hexadecimal" (default) value to (0).
Check that the other values are also set to zero, as above.
Test again.
If that fails to yield results, there is another thing can be done, to do with re-setting the security centre.

Quick question: Have you noticed, say, within the past two weeks, the yellow shield to do with Windows Updates active?

29 posts


  Reply # 285190 25-Dec-2009 23:21
Send private message

The Hexadecimal value for AntivirusDisableNotify and FirstRunDisabled were both 1. I set them to 0, rebooted and the setting didn't change. Now the red shield now shows up immediately Avast is paused.

Also, my wife (since it is her computer) hasn't noticed that there has been any yellow update shields.

Thanks again for your assistance Smile

156 posts

Master Geek

  Reply # 285192 25-Dec-2009 23:36
Send private message

rebooted and the setting didn't change.

Does this mean those modified settings have reverted to 1? That's a worry.
But if they haven't reverted, and everything works now, looks like you might be set.
I suggest you visit Windows Update just to be sure everything is patched, and check in the security centre that it is set to "automatic" or at least "notify".

29 posts


  Reply # 285194 26-Dec-2009 00:09
Send private message

Oops, that didn't come out too clearly, did it?
The settings stayed 0 after I re-set them.
So everything's cool Cool

156 posts

Master Geek

  Reply # 285197 26-Dec-2009 00:22
Send private message

Merry Christmas :)

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21

Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53

$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27

Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02

Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15

Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37

Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59

Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42

New Chief Technology Officer role created
Posted 19-Dec-2017 22:18

All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54

How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52

NOW to deploy SD-WAN to regional councils
Posted 19-Dec-2017 19:46

Mobile market competition issues ComCom should watch
Posted 18-Dec-2017 10:52

New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47

Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.