Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False 'No Antivirus' and 'Firewall Running' Alert from Windows Security Centre (system tray)


  • This topic is locked This topic is locked
16 replies to this topic

#1 TommY_Gee

TommY_Gee

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 16 March 2011 - 06:10 PM

After turning my computer on this morning I received a Balloon pop up from Windows security Centre (red shield in the system tray) informing me that No antivirus and firewall are currently running. I have online armour and AVG Free installed and running (and have had for years). I have tried deleting the contents of WINDOWS\system32\wbem\Repository so the data base could be rebuilt upon start up, no success.

Please note:
- I Have XP professional with Sp3 installed
- AVG and online armour are running fine
- I do not wish to tick the monitor my firewall/antivirus Option found in windows security centre recommendations
- I installed Skype’s whiteboard meeting app last night, besides that nothing has changed from yesterday.

Any Help on this would be greatly Appreciated.
Thanks,
Tom

Edited by hamluis, 18 March 2011 - 07:39 AM.
Moved from XP forum to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:01:50 PM

Posted 16 March 2011 - 06:17 PM

Never used it myself but this may help: How To Use Dial-a-fix To Repair Windows Internals Problems http://www.bleepingcomputer.com/forums/topic160132.html

#3 TommY_Gee

TommY_Gee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 16 March 2011 - 07:18 PM

Never used it myself but this may help: How To Use Dial-a-fix To Repair Windows Internals Problems http://www.bleepingcomputer.com/forums/topic160132.html


Thank you for your help, unfortunatly after running Dial-a-fix (followed the instructions on the guide) and restarting the computer the alerts still occur. Any other ideas I can try?

#4 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:01:50 PM

Posted 16 March 2011 - 11:24 PM

No, sorry. Anything beyond using D-A-F to explore and repair the WMI is waaaaayyy beyond my pay grade. :P
Have you tried the obvious--in 'services.msc" check that WMI and Security Center are set to automatic, and are running?

#5 happyjohn

happyjohn

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 17 March 2011 - 12:26 AM

Try this-right click in empty space in the system tray. Select Properties, click Customize. Select Windows Security Alerts. Open the down menu and select Always hide. OK Apply OK.

Edited by happyjohn, 17 March 2011 - 12:29 AM.


#6 TommY_Gee

TommY_Gee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 17 March 2011 - 05:11 PM

No, sorry. Anything beyond using D-A-F to explore and repair the WMI is waaaaayyy beyond my pay grade. :P
Have you tried the obvious--in 'services.msc" check that WMI and Security Center are set to automatic, and are running?

I believe thay are, what are the names of the services?

Try this-right click in empty space in the system tray. Select Properties, click Customize. Select Windows Security Alerts. Open the down menu and select Always hide. OK Apply OK.

Hey john thansk for you input, but I don't really want to hide the problem I want to fix it..

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 56,270 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:50 PM

Posted 17 March 2011 - 05:22 PM

The Windows Security Center...does not detect all versions of firewalls and AV programs.

Which is why it provides the user option of turning it off and not monitoring for those functions.

Louis

#8 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:01:50 PM

Posted 17 March 2011 - 05:29 PM

From your OP: I have tried deleting the contents of WINDOWS\system32\wbem\Repository

Exactly how did you "try" to do this? What did or didn't happen?

Security Center is...well Security Center. WMI is Windows Management Instrumentation

[attachment=90693:services.jpg]

#9 TommY_Gee

TommY_Gee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 17 March 2011 - 06:44 PM

The Windows Security Center...does not detect all versions of firewalls and AV programs.

Which is why it provides the user option of turning it off and not monitoring for those functions.

Louis


Yes Louis but Avg and Online armor were recognised up until two days ago (at least on my system), then all of a sudden windows secruity centre does not recognise them...

From your OP: I have tried deleting the contents of WINDOWS\system32\wbem\Repository

Exactly how did you "try" to do this? What did or didn't happen?

Security Center is...well Security Center. WMI is Windows Management Instrumentation

[attachment=90693:services.jpg]


I stopped the computer management service and security center service, then I deleted the Repository folder, restarted the computer, the Repository folder reappeared/was reconstructed but the windows security centre errors persisted.

Edited by TommY_Gee, 17 March 2011 - 06:49 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:50 PM

Posted 17 March 2011 - 08:21 PM

Some types of malware will disable security tools. Have you run an updated scan?

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 TommY_Gee

TommY_Gee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 17 March 2011 - 09:44 PM

Some types of malware will disable security tools. Have you run an updated scan?


Boop, Thanks in advance for the help, it's much appreciated heres my Mbam Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6080

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/03/2011 1:44:16 PM
mbam-log-2011-03-18 (13-44-16).txt

Scan type: Quick scan
Objects scanned: 191171
Time elapsed: 2 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
f:\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
f:\WinRAR.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Edited by hamluis, 18 March 2011 - 07:38 AM.
Edited content.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:50 PM

Posted 18 March 2011 - 10:16 AM

Do you still have that AV issue now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 TommY_Gee

TommY_Gee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 19 March 2011 - 03:03 AM

Do you still have that AV issue now?

Unfortunatly yes

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:50 PM

Posted 19 March 2011 - 09:43 AM

Rats! Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 TommY_Gee

TommY_Gee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 19 March 2011 - 06:36 PM

Rats! Please go here....
Preparation Guide ,do steps 6 - 9.


Step 6 went ok, But when trying to run step 7 dds.scr a notepad of random symbols opens and thats all that occurs (no dos window).

Edit: Also I just noticed that it is listed as an autocad script, and theres no 'open with' option when right clicking on it.

Edited by TommY_Gee, 19 March 2011 - 06:40 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users