Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Both SUPERAntiSpyWare and Malwarebytes' won't/can't update


  • Please log in to reply
49 replies to this topic

#1 LouieChuckyMerry

LouieChuckyMerry

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 31 March 2009 - 06:47 AM

Hello, and many thanks in advance for anyone willing to give of their time (and expertise); I really appreciate it. My OS is Windows XP Home SP3, and my defenses are avast! Home Edition, SUPERAntiSpyWare Free Edition, and Malwarebytes' Anti-Malware Free Edition, with only avast! running in real-time. I also use Windows firewall (edited 1 April to add this fact). To the best of my recollection here's what's transgressed. On 26 March I logged on, watched avast! automatically update, manually updated Superantispyware and Malwarebytes, then ran a Malwarebytes' quick scan, the results of which showed everything clean except for


Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)


After an hour-long Google session I decided to label these as 'Ignore.' On with my business, mostly typical surfing and emailing, the occasional music download, and everyday noting that avast! updated automatically within minutes of logging on. On 28 March I once again manually updated Superantispyware and Malwarebytes', but didn't run a scan with either. No problems, system running well. Today, the 31st, I logged on and attempted to manually update, both Superantispyware and Malwarebytes', but to no avail. Superantispyware gave the error message "There was an error trying to retrieve definitions. Make sure your firewall is not blocking SUPERANTISPYWARE.EXE from accessing the Internet." and Malwarebytes' simply sat without ever showing any progress in the progress bar. However, I was able to update avast!, both definition files and program (the program was already up to date). Since then I've rebooted with no change, done a system restore (to a checkpoint on the 30th; after testing, I undid the checkpoint) with no effect, uninstalled and reinstalled Superantispyware with no effect (then did a system restore--Revo Uninstaller restore point--so the definition file was newer), and removed the two above Malwarebytes' scan findings (after taking them off the ignore list and running a new scan) with no effect. Now I'm typing this. My system doesn't seem slow, I was able to download both HijackThis and ComboFix with no trouble, and I've experienced no redirection of searching/browsing that I've noticed. To the best of my addled brain I've done nothing differently the last some days than I've done the last some months. Any advice/help, once again, would be much appreciated. Also, if I've posted in the wrong place, then please feel free to redirect me. Thanks.

Edited by LouieChuckyMerry, 31 March 2009 - 09:14 PM.


BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 31 March 2009 - 08:47 AM

Please place those on the ignore list, and make sure they get restored, via System Restore. Do you need help with System Restore.

You did not have a true threat. This was a false positive from MBAM

#3 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling

Posted 31 March 2009 - 05:02 PM

When the Security Center gets its notifications turned off for any reason, those entries will show up. A while back I got those too because I had turned off the notifications from the Security Center. I did that because the Security Center could not detect my av\fw because of a problem with the WMI. Even though Security Center had detected my protection at one time, I thought that maybe an update to my software made it so that Security Center could not detect it anymore (it says that it cannot detect all of them) but then someone here told me it should be able to and how to fix it and once I fixed that and turned the Security Center notifications back on, Malwarebytes or SAS (I cannot remember which program detected it) no longer comes up with that notification.

The info in the link that Jay provided does not indicate to me that it is a false positive. Also, some of the info in that link is incorrect, such as the part about if you have a third party firewall, such as ZoneAlarm, Security Center notifications should be disabled. They should not be as the Security Center can monitor most third party av\fw software. I happen to have ZoneAlarm fw and until my WMI had a problem, Security Center correctly identified and monitored it, as well as my ZoneAlarm av, and once I fixed the problem with the WMI, it does again.

I have no idea why you cannot update your protection and that does seem odd. After reading your post I updated my SAS just to make sure there wasn't a problem on their end and had no problem. Not being able to update those programs seems odd, as does you getting the Security Center notification thing if there is no reason for your notifications to be turned off, as in, if you did not turn it off. If you turned it off and do not care if it monitors your protection, then white list it and do not worry about that one. That is what I did when I had either Malwarebytes or SAS detect it before I fixed it, but I only did that because I had turned off the notifications myself.

#4 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 31 March 2009 - 07:35 PM

QUOTE
Is it safe to keep these entries in the ignore list permanently? (assuming the above reasons continue to be valid)


Yes it is safe and this is the correct course of action for all user/legit software initiated system modifications that MBAM may detect .

One thing people reading this need to keep in mind is that there is no way to tell how something got disabled , only that it is . The vast majority of people never go beyond the antivirus software preinstalled on their system and the occasional free scanner so these detections (for the vast majority of people) will only show up if malware has disabled them.


Thank you!

#5 LouieChuckyMerry

LouieChuckyMerry
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 31 March 2009 - 08:23 PM

Thank you both for your input; I'll see to it that I return those entries to the Malwarebytes' ignore list. Also, thank you for your patience, as I think that I'm on the other side of the globe, thus having me asleep while you're awake and alert. And, the mention of firewalls reminded me: when I first received the Superantispyware error notice, I went to Windows Security Center to check on my firewall only to find it disabled. This I did not do. I reinstalled my OS three months ago, in the process installing SP3 and switching from AVG to avast!, from adAware to Malwarebytes', and adding Superantispyware to my defenses, avast! running in real-time and Superantispyware and Malwarebytes' used for weekly scans. And I've always enabled the Windows firewall. In those three months this is the first 'security' problem I've encountered, and I don't recall manually disabling the firewall. Not sure if this makes a difference. Also, if memory actually serves for once, Superantispyware, Malwarebytes' , and avast! have all updated their program versions recently. Anyway, I'll fix the Malwarebytes' issue; any ideas about the reason for my original post, the fact that from almost one day to the next I can no longer update either Superantispyware or Malwarebytes'? Thanks again.

#6 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 31 March 2009 - 08:45 PM

Windows Firewall may not be configured correctly.

Please use the following fix from Microsoft:

http://support.microsoft.com/kb/283673

Edited by Jay-P VIP, 31 March 2009 - 08:45 PM.


#7 LouieChuckyMerry

LouieChuckyMerry
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 31 March 2009 - 09:11 PM

Thank you again for answering my call. However, it seems that I'm not being clear (I'm only on my second cup of morning coffee so the brain is still not at tope speed). I've already re-enabled my firewall; I did this first thing after yesterday unexpectedly discovering that it had--don't know how/why--been disabled. This, though, was simply a discovery in the process of investigating my main problem: why, without doing anything to my knowledge, am I suddenly unable to update either Superantispyware or Malwarebytes'. I tried my best to explain this in my first post, but after rereading that post I realize that it's a bit unclear? Please, is there any information I can supply you to help clarify my issue? I'm at my computer for the next some hours, and any more help you can supply would be greatly appreciated.

#8 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 PM

Posted 31 March 2009 - 09:16 PM

You were very clear about the problem but I think the reason you are not getting an answer as to why you cannot update those programs is nobody knows :thumbsup:

The only time I have had trouble updating either of those programs was when my firewall was blocking them from getting out and since I am sure you already checked that, I am clueless. I am sorry I cannot help you with that

#9 LouieChuckyMerry

LouieChuckyMerry
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 31 March 2009 - 09:27 PM

No need to be sorry, and I'm sorry if I came across as edgy. It's tough to communicate with typed words only; perhaps I should throw in the occasional smiley-thing. :thumbsup: I Googled about with the exact wording of the Superantispyware error message, and got some hits, but the discussions were, for the most part, above my head. I think that I'll try one of my oldest Restore Points and see what happens. And, feel free to keep thinking 'outloud' as I always learn something from the ideas. Thanks.

Edited by LouieChuckyMerry, 31 March 2009 - 09:29 PM.


#10 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:57 PM

Posted 31 March 2009 - 09:48 PM

You have nothing to be sorry for, you did not come across to me as edgy and even if you did, it would not be a big deal. Most of us get edgy when dealing with computer problems. :thumbsup:

The message that SAS gave you is basically saying that it was not allowed to access the internet and the usual cause of that is that the firewall is blocking it. Since it seems you are only using the windows firewall, that should not be the case as it does not stop things in your computer from accessing the internet, it only keeps things from the internet from accessing your computer and that is why I am stumped.

Edited by Stang777, 31 March 2009 - 09:49 PM.


#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:57 AM

Posted 31 March 2009 - 10:01 PM

Download processexplorer

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Under File and save as, I would like you to paste the contents of that report into a reply here
Chewy

No. Try not. Do... or do not. There is no try.

#12 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 31 March 2009 - 10:16 PM

Hello again!

I am sorry that we did not solve the problem all at once. What I was targeting was that we take this one step at a time.

Please hold off on DaChew's solution.

It looks like that a Winsock Layer that both programs use, has been damaged.

This most commonly happens on Windows XP.

Please download WinsockXPFix, and run the program.

Referenced Malwarebytes' help community:

may have damaged the winsocket. I recommend using the WinsockxpFix.exe from here:
http://www.snapfiles.com/get/winsockxpfix.html


Thank you! Please tell me if this worked!

#13 LouieChuckyMerry

LouieChuckyMerry
  • Topic Starter

  • Members
  • 151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 PM

Posted 31 March 2009 - 10:35 PM

Wow, my coffee finally kicked in :thumbsup: , but perhaps a bit too early. Since my last post I've successfully restored to a checkpoint from 24 March, updated Superantispyware, Malwarebytes, and avast! successfully, run a Malwarebytes' quick scan to verify that the two 'infected' registry bits are back to the ignore list, downloaded and installed the newest Firefox update (lost in the restore), and rescued three kittens from a burning building. Sorry, couldn't resist. Seriously, the system restore seems--seems--to have done the trick; and yet, I still find myself wondering about the original issue. Shall I take any of the most recently suggested steps from you kind folk, or should I simply be happy that I can once again update my Superantispyware and Malwarebytes'? I'm more than willing to further the understanding of the original issue, and am actually quite curious (hate to let a good coffee buzz go to waste). Plus, perhaps someone else can learn from further tests. Thanks for all your kind help, and let me know about tests to be run or other thoughts.

#14 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:57 AM

Posted 31 March 2009 - 10:37 PM

Hmmm, I thought that generally if the winsocket is damaged, one cannot access the internet at all.

Glad to see that you got it fixed. If it were me, I would probably run the program Chewy suggested and keep the log if it gives you one, and if it does not, copy and paste it into something else for future reference. That way, if it happens again, you can run the program again to see if something different is running. Other than that, I would just be happy it is working and leave it alone.

Btw, I am happy to know that you saved those kittens :thumbsup:

Edited by Stang777, 31 March 2009 - 10:45 PM.


#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:57 PM

Posted 31 March 2009 - 10:43 PM

Jay,

please read the whole thread you quoted and compare to this one

http://www.malwarebytes.org/forums/index.p...ic=8672&hl=

My request for a list of running processes is the best line of inquiry here, not blindly applying fixes
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users