Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot - Windows Security Centre


  • Please log in to reply
9 replies to this topic

#1 CharlieO

CharlieO

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 07 August 2005 - 01:12 PM

Running Spybot just now, it has picked up two entries titled "Windows Security Center.AntiVirusDisableNotify" and "Windows Security Center.AntiVirusDisableOverride". in both cases "dword=0".

Should I be concerned?

Thanks.

BC AdBot (Login to Remove)

 


#2 Kat

Kat

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 07 August 2005 - 03:37 PM

Me too....have the same problem as CharlieO, except my Spybot picked up "Windows Security Center.UpdateDisableNotify", along with "Windows Security Center.AntiVirusDisableNotify".

Is this related to the fact that I keep getting those annoying popups from Microsoft, saying that my antivirus protection needs to be updated and that I should sign up for automatic updates with them. I'm running AVG, which I update frequently BTW.

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 07 August 2005 - 09:00 PM

That should be nothing to worry about. Those are just Spybot telling you that XP SP2's Security Center monitoring and notifications have been altered from how they were set when SP2 was first installed.

Security Center is designed to do two things

1. Let you know if you aren't running an antivirus or firewall and monitor the ones you have along with Automatic updates.

2. Notify you if updates are available and if there are problems with your antivirus and/orfirewall.

Well, the Security Center (SC) doesn't work too well as far as I've seen insofaras recognizing the antivirus and firewall you may prefer to run. It is supposed to recognize them and monitor. But if it doesn't recognize your program, you can click the "Recommendations" button and tell SC that you will monitor that program yourself. When you do that you set the relevant Override registry key to Dword=1.

For notifications, if you set Security Center to not notify you of new updates and problems, the registry value will be changed for DisableNotify keys.

So you need to open Security Center and check to see if anything has been changed. If it's been changed from how you had it set you probably have some malware on your system. You can open Security Center from the Control Panel. To check the notification status click the link in the left hand column that says Change the way Security Center alerts me

Set this like you want it. But even if the settings in the Security Center have been changed by you Spybot is going to notify you that the registry was changed from the defaults. It's really kind of confusing, especially since it lists the value as zero (what the default value was originally in the registry) instead of 1, which is what it has actually been changed to.

So if SC is like you want it, after scanning with Spybot, right click on those entries it finds and choose ignore and it won't worry you any more about it.

Kat, I had a bit of trouble getting the Automatic Updates turned off completely when I had to reinstall windose & SP2. I belive it quit buggin me when I turned off the notification--that little link is hard to see. :thumbsup:

Edit: Sorry, Kat, just reread your post. If the alerts are bugging you about your antivirus, tell SC that you'll monitor your AV yourself AND turn off notifications for it. Just make sure you keep your AV updated yourself and reboot after making any changes to SC. Personally, I have everything turned off, notfications and monitoring, except for notification of problems with the firewall settings. :flowers:

The thing about people

is they change

when they walk away.--Mipso


#4 Kat

Kat

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 07 August 2005 - 11:09 PM

Thanks PapaK! Like you, I've been telling SC to alert me only if there's a firewall problem by checking off that box in the settings area of "Change the Way Security Center Alerts Me"...which means the virus protection and automatic updates boxes are unchecked.
Every couple of days, though, I get that silly popup, telling me I may need to update my AV program, after which I go to the SC again and find that all 3 of the boxes have reverted to "checked" status. Is this 'cuz I have my cookies "tolerance" level set really low...500 mb? :thumbsup:

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 07 August 2005 - 11:48 PM

I don't think cookies have anything to do with it. Do you have SC set to monitor your AV? IOW, what do you see in the main screen under Virus Protection? Mine says NOT MONITORED because it's turned off.

The Alert Settings/notifications box is just for a problem with the AV settings. I guess you could stiil get notified of updates if SC is set to monitor the AV.

Otherwise you have something suspicious going on.

The thing about people

is they change

when they walk away.--Mipso


#6 Kat

Kat

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 08 August 2005 - 09:47 PM

PapaK...here's what I see when I open SC. Screenshot

I don't seem to have any choice when it comes to virus protection; it is "ON" all the time. Is that because I am running AVG? When I click on the little up and down arrows (I marked them with an arrow on my screenshot), all I get is what you see...the narrative about AVG.

Where should I see "not monitored"?

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 08 August 2005 - 11:24 PM

Well, this is what I see with all monitoring turned off:
http://img.photobucket.com/albums/v159/Papakid/SC.jpg

And alerts with only the firewall on:
http://img.photobucket.com/albums/v159/Papakid/Alerts.jpg

Your Recommendations button is missing. That's not good. My gut tells me it's a glitch with Windows itself, but am not sure. I haven't had an AV that SC could monitor, so it could be that AVG keeps that turned on until its uninstalled. You should worry if it gets turned off.

I also see by that, that you have the Windows firewall turned on. Are you relying solely on that or do you have another software firewall running? Having two is not a good idea. But it may be that having the windows firewall on is allowing those notices to pop up. Do you have any screenshots of them?

Tell ya what let's do. Download Registrar Lite and install it. I want to take a look your registry keys that may help figure out what is going on. This is just an easier to use registry editor. Be careful and don't let the cat jump on the keyboard. :thumbsup:

When it is installed, open the program. Now copy and paste the following bold text and paste it into the address bar and click Go.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center

Now click on the icon that looks like a floppy disk. Give the file a name and save it somewhere convenient like the desktop. Now right click the file and open it with Notepad. Copy and paste the entire contents of the file into your next reply to this post.

The thing about people

is they change

when they walk away.--Mipso


#8 Kat

Kat

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 09 August 2005 - 10:41 PM

Oh, how weird, PapaK...that I have no "recommendations" button. However, my alerts screen looks just like yours, with only the firewall on.

But what the heck! Look at all the firewalls named in my Registry Lite scan!! Where'd they come from?? They don't show up on the Add/Remove Programs list....I don't get it.

As for a screenshot of the popup, haven't been bothered by one for a couple of days now....everything holding steady. Before, when I got the popup that said my virus protection might not be up to date...blah, blah, blah .....I'd return to the SecCtr and find that the "alert me" button had reset itself to "on"...so I'd turn it off, only to have the same thing happen the next day or a couple of days later. Short answer: no screenshot available, 'cuz it hasn't happened in the last few days.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

#9 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:28 AM

Posted 11 August 2005 - 01:31 AM

Hey Kat, sorry to have kept you waiting.

But what the heck! Look at all the firewalls named in my Registry Lite scan!! Where'd they come from?? They don't show up on the Add/Remove Programs list....I don't get it.

No that's normal. It doesn't mean you have those programs installed. Those are just the programs the security Center will monitor. Although I find it strange that AVG isn't in the list, but you're able to monitor it, and Kaspersky (which is what I use) is in the list, but I can't get SC to monitor it. That's why I don't think the SC really works very well.

The only thing I can think of that might explain why you don't have a recommendations button and the monitor keeps turning itself back on is because maybe AVG itself has a way of doing that as a means of self protection. Or you've got a corrupt file somewhere.

Looking at the reg file you just posted, the notification for the AV is still turned off. The AV monitor is still turned on. To work around not having a Recommendations button, you could change the value of "AntiVirusOverride"=dword:00000000 to "AntiVirusOverride"=dword:00000001

That would turn your antivirus monitoring to off. Let me know if you want to do that. Unless the notices you've been getting are really, really buggin ya, I don't think it's worth worrying about.

Or you could post a HijackThsi log for me to look at. :thumbsup:

The thing about people

is they change

when they walk away.--Mipso


#10 Kat

Kat

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 12 August 2005 - 11:07 AM

Well, PapaK, things have become "interestinger and interestinger" over the last couple of days, and I don't know if it is partly related or not....I tried Juno's
"speedband" for a couple of weeks then opted out yesterday. And this morning, those alert popups came back, saying the computer was possibly at risk, etc., and upon checking, my SC had reset itself to monitoring everything...firewall, Virus, etc. I also suddenly had an exe file that would display as it was closing itself, upon shutdown, and Google tells me it was related to Juno's speedband and firewalls, etc. Ah HAH, methinks. I just did a "remove program" on the speedband (didn't know it was even there to remove in the first place), and I now no longer have that exe file displaying itself upon shutdown...the "remove" must've taken care of it.

Sigh....who knows.....I've had the alert popup before, prior to my speedband trial...so I don't know how much, if at all, its addition and then deletion contributed to the popup's recurrence this morning.

I'm going to do what you suggest for now....just sit on it and see what happens. But I gotta tell ya...I'll be back if the alert popups come back 'cuz I am a horribly "anal-retentive" person who goes nuts, not being able to fix such an annoyance. :thumbsup: Unless you suggest I do go ahead and post a HJT file.

Meanwhile, thanks sooooo much for bearing with me on this ongoing journey. Should I delete Registrar Lite now, along with System Security Suite, which I downloaded when I had another problem which you super bleepers also helped me with?

PS: Here's a screenshot of my popup pal. Not again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users