Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 

29 posts


  Reply # 285110 25-Dec-2009 11:06
Send private message

Merry Christmas everyone!

Mr Ragnor, hopefully you are correct in your observation.

Anyway, below is the earlier log. I'm guessing that the Microsoft Security Center disabled would be due to Avast, is that right? I've seen this sort of report on scans of other computers too.

Malwarebytes' Anti-Malware 1.42
Database version: 3414
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/12/2009 8:11:05 p.m.
mbam-log-2009-12-23 (20-11-05).txt

Scan type: Quick Scan
Objects scanned: 109054
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\jrikd.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\user\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

156 posts

Master Geek

  Reply # 285111 25-Dec-2009 11:22
Send private message

No, the malware probably turned off the security centre. Avast does not do that. You should turn it back on.
I take it that after this scan when you were prompted to reboot that you did so promptly?

A way to test the security centre is to (briefly) pause the standard shield in Avast, a red shield from the MS security centre should immediately pop up in the system tray.

You should maybe test the other things that typically get disabled by malware, also, including task manager, and system restore. (No need to use system restore, just see if it can be accessed) and the "start>run" command.

29 posts


  Reply # 285114 25-Dec-2009 11:49
Send private message

Yes, I rebooted as soon as prompted by Malwarebytes.

Because I've seen so many Security Centers turned off on computers using other antivirus and firewalls, I left it as it was. However I notice now that it is on - seems that it resumed by itself!  It also doesn't show up as being off when I do a scan. However the red sheild doesn't pop up when I pause Avast.

I have checked those other functions - they all seem to be okay.

156 posts

Master Geek

  Reply # 285118 25-Dec-2009 12:29
Send private message

The "red shield" should pop up. Try (briefly) stopping on access protection, (right click the Avast system tray icon, select the bottom entry, don't be surfing the web at the time) and if it doesn't pop up, something is wrong.
Do you know how to use regedit?
Have you checked via the control panel that it is on?
Was any other AV used on this system, and how was it removed? (You can only have one resident AV installed at a time. Some leave remnants even after they are uninstalled.)

Merry Christmas!

29 posts


  Reply # 285149 25-Dec-2009 18:01
Send private message

Merry Christmas!

No, the red shield doesn't show up when pausing Avast (about 20 - 30 secs), even though in the Control Panel it shows that Security Center is on.

This computer was ex-lease, bought from NZ Laptops, so the hard disc was reformatted and supplied with Avast already installed. No other AV program has been used by us on this computer.

I haven't used regedit, though I have used something with a similar name on Macs years ago. I know that doesn't count Wink

Thanks for your help and showing an interest.

156 posts

Master Geek

  Reply # 285157 25-Dec-2009 19:05
Send private message

No problem. The security centre is not a foolproof warning device, it sometimes gets confused, and (as you see) it can be over-ridden by the right (=wrong) application.

If, however, you are anything like me, you would want it functioning correctly.

Click "Start>run" and in the box type in regedit.Click enter or OK. Navigation is similar to that of Windows Explorer. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\
and there should be 6 entries. One of them (the top one) is AntivirusDisableNotify and the data in the right column should read 0x0000000 (0). (All the entries should have the same data.)
If it isn't, right-click the name field, secect Modify and change the "Hexadecimal" (default) value to (0).
Check that the other values are also set to zero, as above.
Test again.
If that fails to yield results, there is another thing can be done, to do with re-setting the security centre.

Quick question: Have you noticed, say, within the past two weeks, the yellow shield to do with Windows Updates active?

29 posts


  Reply # 285190 25-Dec-2009 23:21
Send private message

The Hexadecimal value for AntivirusDisableNotify and FirstRunDisabled were both 1. I set them to 0, rebooted and the setting didn't change. Now the red shield now shows up immediately Avast is paused.

Also, my wife (since it is her computer) hasn't noticed that there has been any yellow update shields.

Thanks again for your assistance Smile

156 posts

Master Geek

  Reply # 285192 25-Dec-2009 23:36
Send private message

rebooted and the setting didn't change.

Does this mean those modified settings have reverted to 1? That's a worry.
But if they haven't reverted, and everything works now, looks like you might be set.
I suggest you visit Windows Update just to be sure everything is patched, and check in the security centre that it is set to "automatic" or at least "notify".

29 posts


  Reply # 285194 26-Dec-2009 00:09
Send private message

Oops, that didn't come out too clearly, did it?
The settings stayed 0 after I re-set them.
So everything's cool Cool

156 posts

Master Geek

  Reply # 285197 26-Dec-2009 00:22
Send private message

Merry Christmas :)

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40

Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36

Microsoft ices heated developers
Posted 6-Jul-2018 20:16

PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45

Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40

Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04

N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08

Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03

Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27

Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13

Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00

Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12

Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52 to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34

Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.