Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix and MSE


  • Please log in to reply
12 replies to this topic

#1 timw128

timw128

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 28 February 2012 - 11:14 PM

Hello-
I just ran a Combofix scan in Safe Mode and was notified by Combofix that a MSE scanner was running and I needed to disable it. I did try Security Essentials in the past, but removed it because it was always acting up. I used Revo to get rid of it and manually searched the registry for any traces. None found! So why does Combofix do this?... I do have the presence of mind to disable my avast!7 Internet Security 2012 prior to restart in Safe Mode.
Any plausible explanations?
Thanks in advance!
tim

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:20 AM

Posted 29 February 2012 - 12:22 AM

It may be that some part of MSE is still active on your computer and Comboxfix is detecting this.

Also, I will give you our standard Comboxfix speech, which is that you should not run Combofix unless you have been trained in how to use it. More on the subject here.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:20 PM

Posted 29 February 2012 - 02:59 AM

For xp

Press windows+R key and type

cmd and click ok

For vista and 7,open command prompt as administrator and run these commands one by one followed by ENTER

net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt

Run combofix now

good luck

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 29 February 2012 - 07:39 AM

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. When issues arise due to complex malware infections, possible false detections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. When false detections are identified, experts have access to the developer and can report them so he can investigate, confirm and make corrections. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

Also be aware that using ComboFix is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 timw128

timw128
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 29 February 2012 - 06:19 PM

Thank you for the advice regarding Combofix. For the record, I have been guided through the process of its usage at both bleepingcomputer.com and majorgeeks.com. I do appreciate your concern on that matter.
Now, with that said, could I please get some advice on how to track this MSE issue down?... Again, I thank you in advance.
Regards-
tim

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 29 February 2012 - 07:08 PM

narenxp provided instructions.

The Security Center gets its data from the Windows Management Instrumentation (WMI) Repository and uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through WMI. In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software.

Windows does not detect all anti-virus programs and some anti-virus programs do not report its status to Windows. Sometimes after you have uninstalled a firewall, anti-virus or anti-malware program the entry remains in the Security Center index because the uninstaller failed to remove it by design or due to sloppy coding. In such cases, you will need to force the operating system to repair Windows Management Instrumentation (WMI) Repository. Essentially this forces Windows to redo the inventory of installed security programs and rebuild the Security Center index.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 timw128

timw128
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 March 2012 - 02:20 AM

Thanks for the tutorial. I understand the issue now.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 01 March 2012 - 08:01 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 timw128

timw128
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 March 2012 - 08:14 PM

All is well now. I did the WMI Repository repair and restructure a little differently. My XP Pro x86 is SP2, but I made a back up disk w/SP3 slipstreamed and used that to correct the problem. Now, one more trivial issue to fix...Where do I go to post a query about my User Account picture issue?
Thanks!
tim

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 01 March 2012 - 09:04 PM

Now, one more trivial issue to fix...Where do I go to post a query about my User Account picture issue?

Start a new topic in the Operating Systems Subforums for your OS.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Celena

Celena

  • Banned Spammer
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 01 March 2012 - 11:09 PM

narenxp provided instructions.

The Security Center gets its data from the Windows Management Instrumentation (WMI) Repository and uses a two-tiered approach for detection status. One tier is manual, and the other tier is automatic through WMI. In manual detection mode, Windows Security Center searches for registry keys and files that are provided to Microsoft by independent software manufacturers. These registry keys and files let Windows Security Center detect the status of independent software.

Windows does not detect all anti-virus programs and some anti-virus programs do not report its status to Windows. Sometimes after you have uninstalled a firewall, anti-virus or anti-malware program the entry remains in the Security Center index because the uninstaller failed to remove it by design or due to sloppy coding. In such cases, you will need to force the operating system to repair Windows Management Instrumentation (WMI) Repository. Essentially this forces Windows to redo the inventory of installed security programs and rebuild the Security Center index.

I too had this same problem and now my problem is ok too. Thanks for your Thread :)

#12 timw128

timw128
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 02 March 2012 - 12:15 AM

Thanks for all the guidance!...Have a Merry Christmas everyone! :)

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 02 March 2012 - 03:59 PM

You're both welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users