The Disabled.SecurityCenter entries do not necessarily mean malware. They are registry keys that can be:
- Disabled by malware to prevent notification that your protection has been disabled
- Disabled intentionally by the user.
- Disabled by other security programs to prevent conflicts, duplicate warnings and allow them to have control.
explanation by nosirrah
This key controls the warning you get about your antivirus software (out of date, not installed .....). If the value is set to 1 you wont get any of these warnings and multiple malicious applications do this to prevent you from knowing that they have disabled your antivirus software. MBAM is re-enabling this function in your log
For example, if you have McAfee Security Center or Norton Internet Security installed, they will disable announcements of Window Security Center in order to signal things by themselves. Other security programs like Spybot S&D will provide similar detections for these type of registry changes and ask you to allow or deny them. Please refer to this discussion thread
and click the link in Post #2 for a more detailed explanation.
If a scan is showing these entries and there no other signs of infection, then it's likely another security program has disabled them. If that's the case, then having MBAM add them to the Ignore list will prevent the detections from showing in future scans. If you are experiencing symptoms of malware, do not use other security programs and did not disable them yourself, then further investigation is warranted
as there is no way to specifically tell how or by what something became disabled. MBAM only shows that it is disabled.
If you cannot update through the program's interface (preferable method
), try to manually download the definition updates
and just double-click on mbam-rules.exe
to install. If necessary, download mbam-rules from another computer, save to a USB stick or CD, transfer the file to the infected machine and then doubl-click on it to install.
Mbam-rules.exe is not
updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page
, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref
) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows
to show it.
- XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
- Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
Then perform a new Quick Scan
in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally
(not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs
tab and copy/paste the contents of the new report in your next reply.