Do I remove diabled.securitycenter ?

September 20, 2011 at 22:08:50
Specs: Windows XP
I ran malwarebytes anti-malware after my computer said it had just recovered from a serious error (upon turning it on tonight). It reports disabled.securitycenter has a virus. What do I do now? Is that a valid program that got infected, or is it the virus itself? Do I click the "remove selected" box?

Sorry, I know nothing; I am no techie, just a basic computer user, so thanks for any guidance you can give me.


See More: Do I remove diabled.securitycenter ?

Report •


#1
September 21, 2011 at 20:17:42
elrich,

Can you provide the log Malwarebytes' produced?

Start the program and go to the Logs tab. It should be there.

Need to see if the following are being reported:
Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) .

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) .


Thanks

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#2
September 22, 2011 at 10:18:04
Thank you for being willing to help. I later remembered that the original warning, when I logged on that night, said it had recovered from a "Blue Screen Error". I don't know if that helps you any. This is the exact log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5083

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/20/2011 10:40:12 PM
mbam-log-2011-09-20 (22-40-12).txt

Scan type: Quick scan
Objects scanned: 155268
Time elapsed: 7 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#3
September 22, 2011 at 18:56:53
elrich,

On this Registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.


This Registry key controls warnings about your AntiVirus software being out of date, not installed, etc.
If the value is set to 1 you don't get any warnings.

On the other side of the coin, malicious software can prevent notifications that your AV is disabled from happening, so that you do not know about the action.

Did you disable notifications in your Security Center?
Do you have any kind of software that may be preventing this?


Let's do the scan that follows. You will need to use Internet Explorer for this scan.

Download ESET Online Scanner:
http://www.eset.com/us/online-scanner

Press the ESET Online Scanner download button
[*]In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
[*]Allow the ActiveX to download, and click 'Install':
http://www.eset.com/us/online-scann...
[*]Click Start
[*]Make sure that the option Remove found threats is unticked/not checked!
[*]Click Scan, and wait for the scan to finish
[*]If any threats are found, click the 'List of found threats', then click 'Export to text file...'
[*]Save the file to your Desktop as: ESET Scan

Please provide the contents of ESET Scan in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

Related Solutions


Ask Question