Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malawarebytes and Super Antispyware can't update


  • Please log in to reply
9 replies to this topic

#1 hiero

hiero

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 21 May 2009 - 02:56 PM

I saw/read the other thread. Mine is slightly different as MBAM removed 3 registry values

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

during the same scan, this was removed:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SYS32DLL (Worm.KoobFace) -> Quarantined and deleted successfully.





My System Restore is Corrupted... Do I have any other options for restoring those registry values? It was removed by MBAM and not placed in quarantine.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 21 May 2009 - 06:53 PM.


BC AdBot (Login to Remove)

 


#2 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:48 AM

Posted 21 May 2009 - 06:29 PM

Why do you want to restore those registry values?

The first three can be easily restored by going into the Control Panel and then Security Center and disabling those notifications if you do not want to be notified about them.

I see no reason to restore the last one, KoobFace is not something I would want on my system

#3 hiero

hiero
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 21 May 2009 - 11:09 PM

On the other thread, it says that by me deleting those registry values, that is the reason I am now unable to update my malawarebytes nor superantispyware. When i try to update, I get an error stating my firewall is blocking the connection NO MATTER what I do with my Zone Alarm (turning it off, allowing access, etc). Now I am stuck without a way to update those programs.

How will disabling notifications in the control panel restore those registry values? thanks

#4 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:48 AM

Posted 22 May 2009 - 12:16 AM

You are welcome and the first three entries listed above are from the notifications from the Security Center and those registry entries are changed when you change the notification from the Security Center. Did you turn off those notifications originally, as in before you ran Malwarebytes? If you did not, then some malicious program probably did.

I have the auto update notifications turned off because I have auto update turned off by choice, but those other ones should be set to notify you if they are detecting your protection correctly. If they are not correctly detecting your protection, you might want to investigate why that is.

I do not see why any of the changes Malwarebytes made to your system would make Zonealarm not allow you to update those programs.

I also use Zonealarm and if it wasn't for the fact that you said even with Zonealarm turned off, I would think that somehow you have Zonealarm configured to not allow those programs access to the internet. If you cannot update them even when ZA is turned off, then obviously it is not Zonealarm that is blocking those attempts.

Is ZA the only firewall you have installed?

BTW, I have no idea what other thread you are referring to.

I just did a search through my Windows folder and registry for SYS32DLL and I do not have it so it does not seem to be a necessary file or registry entry. I have also Googled it and most hits for it show it to be a worm. Getting rid of that does not seem to be a reason for you not being able to update those programs but that does not mean it could not have damaged your system to the point of you not being able to update these kind of programs while it was on it.

Edited by Stang777, 22 May 2009 - 12:44 AM.


#5 hiero

hiero
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 22 May 2009 - 04:22 AM

I am referring to this thread:
http://www.bleepingcomputer.com/forums/t/215542/both-superantispyware-and-malwarebytes-wontcant-update/


I only use ZA (and AVG anti-virus), and this problem popped up after those registry values were removed (similar to the OP in that thread)

#6 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:48 AM

Posted 22 May 2009 - 05:28 AM

When I had those same registry entries, the first three, fixed by one of those programs, all I did to undo what the program did was go back into the Security Center and make it so that those notifications were turned back off. That changed the registry entries back to where they were picked up again by which ever program picked them up the first time and changed them and then I put them on the ignore list until I solved the problem that caused me to disable them in the first place.

Have you tried going to the Security Center and making those changes yet?

Like I said before, those are the only entries you should even attempt to restore as the other one is malicious and should not be on your system.

If that does not work, I would post in the Am I Infected forum to get help with this problem, especially since your system restore has also been corrupted and if you were not the one to turn off those notifications

#7 hiero

hiero
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 22 May 2009 - 06:05 AM

I went to the security center. So am I supposed to turn everything back off? I tried that and nothing has fixed yet.

#8 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:48 AM

Posted 25 May 2009 - 06:03 PM

Since none of that has helped I think your best bet would be to post in the Am I Infected section of this forum.

#9 sachin naik

sachin naik

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:18 PM

Posted 26 May 2009 - 09:35 AM

my dear friend i cant understand why u are confused by such simple things

Do you know why your malwarebytes detected those 3 threats before (i mean the disable notify), thats definitely becoz you must have turned your firewall, virus protection and windows updates OFF, so if you are going to delete these 3 objects using malwarebytes and restart your PC, then after your restart your firewall, anti-virus protection and windows updates should definitely be turned ON, Malwarebytes cannot delete them thats totally impossible what you are saying

You are infected by a rootkit maybe gaopdx (rootkit), which blocks your updates, just download the AVG anti-rootkit tool (just 1 MB in size) and run an full scan

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,768 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:48 AM

Posted 26 May 2009 - 01:18 PM

The Disabled.SecurityCenter entries do not necessarily mean malware. They are registry keys that can be:
  • Disabled by malware to prevent notification that your protection has been disabled
  • Disabled intentionally by the user.
  • Disabled by other security programs to prevent conflicts, duplicate warnings and allow them to have control.

This key controls the warning you get about your antivirus software (out of date, not installed .....). If the value is set to 1 you wont get any of these warnings and multiple malicious applications do this to prevent you from knowing that they have disabled your antivirus software. MBAM is re-enabling this function in your log

explanation by nosirrah

For example, if you have McAfee Security Center or Norton Internet Security installed, they will disable announcements of Window Security Center in order to signal things by themselves. Other security programs like Spybot S&D will provide similar detections for these type of registry changes and ask you to allow or deny them. Please refer to this discussion thread and click the link in Post #2 for a more detailed explanation.

If a scan is showing these entries and there no other signs of infection, then it's likely another security program has disabled them. If that's the case, then having MBAM add them to the Ignore list will prevent the detections from showing in future scans. If you are experiencing symptoms of malware, do not use other security programs and did not disable them yourself, then further investigation is warranted as there is no way to specifically tell how or by what something became disabled. MBAM only shows that it is disabled.

If you cannot update through the program's interface (preferable method), try to manually download the definition updates and just double-click on mbam-rules.exe to install. If necessary, download mbam-rules from another computer, save to a USB stick or CD, transfer the file to the infected machine and then doubl-click on it to install.Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users