Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


29 posts

Geek


  Reply # 285110 25-Dec-2009 11:06
Send private message

Merry Christmas everyone!

Mr Ragnor, hopefully you are correct in your observation.

Anyway, below is the earlier log. I'm guessing that the Microsoft Security Center disabled would be due to Avast, is that right? I've seen this sort of report on scans of other computers too.




Malwarebytes' Anti-Malware 1.42
Database version: 3414
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/12/2009 8:11:05 p.m.
mbam-log-2009-12-23 (20-11-05).txt

Scan type: Quick Scan
Objects scanned: 109054
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\jrikd.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\user\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.


156 posts

Master Geek


  Reply # 285111 25-Dec-2009 11:22
Send private message

No, the malware probably turned off the security centre. Avast does not do that. You should turn it back on.
I take it that after this scan when you were prompted to reboot that you did so promptly?

A way to test the security centre is to (briefly) pause the standard shield in Avast, a red shield from the MS security centre should immediately pop up in the system tray.

You should maybe test the other things that typically get disabled by malware, also, including task manager, and system restore. (No need to use system restore, just see if it can be accessed) and the "start>run" command.

 
 
 
 




29 posts

Geek


  Reply # 285114 25-Dec-2009 11:49
Send private message

Yes, I rebooted as soon as prompted by Malwarebytes.

Because I've seen so many Security Centers turned off on computers using other antivirus and firewalls, I left it as it was. However I notice now that it is on - seems that it resumed by itself!  It also doesn't show up as being off when I do a scan. However the red sheild doesn't pop up when I pause Avast.

I have checked those other functions - they all seem to be okay.

156 posts

Master Geek


  Reply # 285118 25-Dec-2009 12:29
Send private message

The "red shield" should pop up. Try (briefly) stopping on access protection, (right click the Avast system tray icon, select the bottom entry, don't be surfing the web at the time) and if it doesn't pop up, something is wrong.
Do you know how to use regedit?
Have you checked via the control panel that it is on?
Was any other AV used on this system, and how was it removed? (You can only have one resident AV installed at a time. Some leave remnants even after they are uninstalled.)

Merry Christmas!



29 posts

Geek


  Reply # 285149 25-Dec-2009 18:01
Send private message

Merry Christmas!

No, the red shield doesn't show up when pausing Avast (about 20 - 30 secs), even though in the Control Panel it shows that Security Center is on.

This computer was ex-lease, bought from NZ Laptops, so the hard disc was reformatted and supplied with Avast already installed. No other AV program has been used by us on this computer.

I haven't used regedit, though I have used something with a similar name on Macs years ago. I know that doesn't count Wink

Thanks for your help and showing an interest.

156 posts

Master Geek


  Reply # 285157 25-Dec-2009 19:05
Send private message

No problem. The security centre is not a foolproof warning device, it sometimes gets confused, and (as you see) it can be over-ridden by the right (=wrong) application.

If, however, you are anything like me, you would want it functioning correctly.

Click "Start>run" and in the box type in regedit.Click enter or OK. Navigation is similar to that of Windows Explorer. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
and there should be 6 entries. One of them (the top one) is AntivirusDisableNotify and the data in the right column should read 0x0000000 (0). (All the entries should have the same data.)
If it isn't, right-click the name field, secect Modify and change the "Hexadecimal" (default) value to (0).
Check that the other values are also set to zero, as above.
Reboot.
Test again.
If that fails to yield results, there is another thing can be done, to do with re-setting the security centre.

Quick question: Have you noticed, say, within the past two weeks, the yellow shield to do with Windows Updates active?



29 posts

Geek


  Reply # 285190 25-Dec-2009 23:21
Send private message

The Hexadecimal value for AntivirusDisableNotify and FirstRunDisabled were both 1. I set them to 0, rebooted and the setting didn't change. Now the red shield now shows up immediately Avast is paused.

Also, my wife (since it is her computer) hasn't noticed that there has been any yellow update shields.

Thanks again for your assistance Smile

156 posts

Master Geek


  Reply # 285192 25-Dec-2009 23:36
Send private message

rebooted and the setting didn't change.

Does this mean those modified settings have reverted to 1? That's a worry.
But if they haven't reverted, and everything works now, looks like you might be set.
I suggest you visit Windows Update just to be sure everything is patched, and check in the security centre that it is set to "automatic" or at least "notify".



29 posts

Geek


  Reply # 285194 26-Dec-2009 00:09
Send private message

Oops, that didn't come out too clearly, did it?
The settings stayed 0 after I re-set them.
So everything's cool Cool
Thanks!

156 posts

Master Geek


  Reply # 285197 26-Dec-2009 00:22
Send private message

Merry Christmas :)

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Propel launch Disney Star Wars Laser Battle Drones
Posted 19-Nov-2017 21:26


UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.