Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 

29 posts


  #285110 25-Dec-2009 11:06
Send private message

Merry Christmas everyone!

Mr Ragnor, hopefully you are correct in your observation.

Anyway, below is the earlier log. I'm guessing that the Microsoft Security Center disabled would be due to Avast, is that right? I've seen this sort of report on scans of other computers too.

Malwarebytes' Anti-Malware 1.42
Database version: 3414
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/12/2009 8:11:05 p.m.
mbam-log-2009-12-23 (20-11-05).txt

Scan type: Quick Scan
Objects scanned: 109054
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\jrikd.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\user\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

156 posts

Master Geek

  #285111 25-Dec-2009 11:22
Send private message

No, the malware probably turned off the security centre. Avast does not do that. You should turn it back on.
I take it that after this scan when you were prompted to reboot that you did so promptly?

A way to test the security centre is to (briefly) pause the standard shield in Avast, a red shield from the MS security centre should immediately pop up in the system tray.

You should maybe test the other things that typically get disabled by malware, also, including task manager, and system restore. (No need to use system restore, just see if it can be accessed) and the "start>run" command.


29 posts


  #285114 25-Dec-2009 11:49
Send private message

Yes, I rebooted as soon as prompted by Malwarebytes.

Because I've seen so many Security Centers turned off on computers using other antivirus and firewalls, I left it as it was. However I notice now that it is on - seems that it resumed by itself!  It also doesn't show up as being off when I do a scan. However the red sheild doesn't pop up when I pause Avast.

I have checked those other functions - they all seem to be okay.

156 posts

Master Geek

  #285118 25-Dec-2009 12:29
Send private message

The "red shield" should pop up. Try (briefly) stopping on access protection, (right click the Avast system tray icon, select the bottom entry, don't be surfing the web at the time) and if it doesn't pop up, something is wrong.
Do you know how to use regedit?
Have you checked via the control panel that it is on?
Was any other AV used on this system, and how was it removed? (You can only have one resident AV installed at a time. Some leave remnants even after they are uninstalled.)

Merry Christmas!

29 posts


  #285149 25-Dec-2009 18:01
Send private message

Merry Christmas!

No, the red shield doesn't show up when pausing Avast (about 20 - 30 secs), even though in the Control Panel it shows that Security Center is on.

This computer was ex-lease, bought from NZ Laptops, so the hard disc was reformatted and supplied with Avast already installed. No other AV program has been used by us on this computer.

I haven't used regedit, though I have used something with a similar name on Macs years ago. I know that doesn't count Wink

Thanks for your help and showing an interest.

156 posts

Master Geek

  #285157 25-Dec-2009 19:05
Send private message

No problem. The security centre is not a foolproof warning device, it sometimes gets confused, and (as you see) it can be over-ridden by the right (=wrong) application.

If, however, you are anything like me, you would want it functioning correctly.

Click "Start>run" and in the box type in regedit.Click enter or OK. Navigation is similar to that of Windows Explorer. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
and there should be 6 entries. One of them (the top one) is AntivirusDisableNotify and the data in the right column should read 0x0000000 (0). (All the entries should have the same data.)
If it isn't, right-click the name field, secect Modify and change the "Hexadecimal" (default) value to (0).
Check that the other values are also set to zero, as above.
Test again.
If that fails to yield results, there is another thing can be done, to do with re-setting the security centre.

Quick question: Have you noticed, say, within the past two weeks, the yellow shield to do with Windows Updates active?

29 posts


  #285190 25-Dec-2009 23:21
Send private message

The Hexadecimal value for AntivirusDisableNotify and FirstRunDisabled were both 1. I set them to 0, rebooted and the setting didn't change. Now the red shield now shows up immediately Avast is paused.

Also, my wife (since it is her computer) hasn't noticed that there has been any yellow update shields.

Thanks again for your assistance Smile


156 posts

Master Geek

  #285192 25-Dec-2009 23:36
Send private message

rebooted and the setting didn't change.

Does this mean those modified settings have reverted to 1? That's a worry.
But if they haven't reverted, and everything works now, looks like you might be set.
I suggest you visit Windows Update just to be sure everything is patched, and check in the security centre that it is set to "automatic" or at least "notify".

29 posts


  #285194 26-Dec-2009 00:09
Send private message

Oops, that didn't come out too clearly, did it?
The settings stayed 0 after I re-set them.
So everything's cool Cool

156 posts

Master Geek

  #285197 26-Dec-2009 00:22
Send private message

Merry Christmas :)

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05

Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05

School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10

Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01

Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26

New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25

N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22

Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45

Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30

JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59

Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34

NZ Police releases public app
Posted 8-Jan-2020 11:43

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.