Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Icon


  • Please log in to reply
10 replies to this topic

#1 athelos

athelos

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 23 January 2008 - 04:50 PM

Ive got an icon in the bottom right of my screen. Its a little shield (red) with a white cross in it. It says its the windows security alert and according to this thing my avg is turned off. Ive checked and double checked and my avg is still turned on (as always). Ive just finished running and avg anti spyware in safe mode and nothing was detected. Im going to try again in safe mode with SAS and probably avg anti virus too. This thing wasnt there this morning when i logged on.


UPDATE:

Strange. I left my computer in safe mode to do the SAS scan while I watched a film. Came back to it a couple of hours later and nothing had been detected so i restarted to come here and see if i had got a reply and the icon has disappeared...

Edited by athelos, 23 January 2008 - 07:03 PM.

Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:53 AM

Posted 23 January 2008 - 07:16 PM

Maybe silly but did you check the SAS log for it.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 24 January 2008 - 02:39 PM

I done what you said and the latest log i can find for some odd reason is dated 12-29-2007....

The only reason I can think of this is because I scanned in safe mode. I dont know if it produced different logs for which type of mode you are in does it? Ill check just incase. Also, when I scan in safe mode I scan under the administrator. Should I do that or should I scan under my user name.... Or does it even make a difference?

EDIT: Oh and by the way there is still no sign of the icon.

Edited by athelos, 24 January 2008 - 02:40 PM.

Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#4 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 24 January 2008 - 03:21 PM

This is getting stranger. I have started my computer in safe mode and logged in under administrator and found the SAS log. No threats were found. (Just to clear this up, when scanning in safe mode should I scan under administrator or my user name, or does it make a difference?)

Anyway, I restarted my computer straight from safe mode, logged on and the security icon has appeared again... Is this something to be concerned about or a ploy by microsoft to get me to use one of their anti viruses. Ive heard of rouge things giving false reports but this isnt trying to get me to buy anything or click on any link its just alerting me that my avg is "apparently" turned off...im stumped.
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:53 AM

Posted 24 January 2008 - 04:30 PM

Very strange indeed as I want to know the item in question.
Run the tools from your account. Can you post a screen shot of the warning?
How to make a screen shot in Windows
Use the latest version of SmitfraudFix.
Please print out and follow the generic instructions for using "SmitfraudFix". ". Make sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 24 January 2008 - 05:29 PM

Posted Image

^^^ ^^^

Hope It works. Ill run smitfraud now.
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#7 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 24 January 2008 - 06:11 PM

So, heres my smitfraud log...To me it looks clean but then what do I know:

SmitFraudFix v2.274

Scan done at 22:49:56.85, 24/01/2008
Run from C:\Documents and Settings\All Users\Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


IEDFix

IEDFix.exe by S!Ri


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A9CC2A7-85CF-4306-B248-F92A6248410E}: DhcpNameServer=192.168.1.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A9CC2A7-85CF-4306-B248-F92A6248410E}: DhcpNameServer=192.168.1.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C344871D-AA88-40DE-9721-3F6DAED410C6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9A9CC2A7-85CF-4306-B248-F92A6248410E}: DhcpNameServer=192.168.1.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C344871D-AA88-40DE-9721-3F6DAED410C6}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9A9CC2A7-85CF-4306-B248-F92A6248410E}: DhcpNameServer=192.168.1.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:53 AM

Posted 24 January 2008 - 06:12 PM

OK that is THE legitimate windows security icon. It is telling you you AV is turned Off. You need to right click the 4 collored square next to it . That will open AVG, then turn it on. Update it and I believe it has a test the AV proceedure.
It also looks like you have both the Comodo and windows firewall on.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 24 January 2008 - 06:14 PM

Really? I didnt think I had a firewall so I downloaded Comodo. Which icon is the windows firewall and which of the 2 is generally better?

Thank you for the help by the way :D
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#10 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:53 AM

Posted 24 January 2008 - 06:19 PM

Well the shield has gone again and as far a I could tell it was on. How and why would it randomly switch itself off aswell?

UPDATE:

*sighs* I just turned my pc on and off and there it is again. If it is the legit thing as you said boopme then im not going to worry overly much but what is bothering me is why? Its not done it before, avg is definately turned on and updated. Could it be because there are 2 firewalls? Come to think of it it started around the time i downloaded comodo...

Edited by athelos, 24 January 2008 - 06:52 PM.

Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:53 AM

Posted 24 January 2008 - 07:40 PM

Hello, Yes you look Clean


Open Start>Control Panel>SecurityCenter

The red brick wall is the firewall. Clicking the arrow to the right of "ON" will open a smalll window, it will tell you about the running firewall.

Clicking the brickwall at the bottom of page will give you the option to turn off the Win wall.

Also on the Virus Protection line ,clicking the arrow should bring up a choice for windows to Not monitor the AV .

Here's what a lot of the Rogues look like S!Ri Bad Guy Images

Edited by boopme, 24 January 2008 - 07:44 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users