Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows security disabled


  • Please log in to reply
4 replies to this topic

#1 byteguy

byteguy

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state
  • Local time:06:11 AM

Posted 24 July 2013 - 11:44 AM

I've had this problem on one computer and fixed it (but I can't recall just how I did it).  The computer reports that there are security warnings. The windows security service is not running and will not start.  In addition, the computer reports all downloads that allow fixes or remote access are viruses and are deleted.

There was a Google redirect but I solved that by doing a system restore back a couple of weeks.

I am not at that computer now, so from memory:

System--Win 7 Pro

Security--Norton internet security (360, I believe)

 


I have the power to channel my imagination into ever-soaring levels of suspicion and paranoia.

BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:11 PM

Posted 24 July 2013 - 01:30 PM

:step1:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

 

:step2: Install and run MBAM

 

 

:step3:  Please download MiniToolBox , save it to your desktop and run it.

 

Checkmark the following checkboxes:

  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and paste the content into your next post.

 

:step4: ESET Online Scanner

==================

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 byteguy

byteguy
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state
  • Local time:06:11 AM

Posted 24 July 2013 - 02:17 PM

I'll be heading down to this job shortly.


I have the power to channel my imagination into ever-soaring levels of suspicion and paranoia.

#4 byteguy

byteguy
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state
  • Local time:06:11 AM

Posted 24 July 2013 - 05:44 PM

I went out to the client's place of business and ran rkill, tdsskiller, combofix and then scanned with malwarebytes and when I left it was scanning with trend housecall.  Also ran the minitoolbox.

Before running housecall, I restarted the computer and all seems to be fine.  No Windows security messages, I can now download scanners, remote access software, etc.

I have the logs if you wish to see them.

The problem seems to be solved.  Thanks for your support.

BTW--I don't know if I could have talked the client into having a remote scan done by someone he doesn't know.  He's a CPA and has lots of confidential data on the machine.


I have the power to channel my imagination into ever-soaring levels of suspicion and paranoia.

#5 byteguy

byteguy
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington state
  • Local time:06:11 AM

Posted 28 July 2013 - 11:37 AM

Now that the problem has gone away, I'm wondering just what happened. This is the second machine infected this way.  This one was using Norton 360.  The last one I worked on had McAfee.

Main symptom was that the computer had a Google redirect and also reported that the windows security was turned off.  It was impossible to turn it on.

Neither machine would allow the client to download remote control software or anti-malware software.  However, I could actually visit the machine and load these programs from a flash drive.  Each failure to download resulted in a message saying the file was identified as a virus and deleted.  This happened even after disabling the anti-malware software on the computer. 

While I was successful at fixing the problem, I'm not just sure what was going on.  Knowing what really was happening would enable a faster fix.

So--anyone with a suggestion would certainly be helpful.

 

Thanks for all your good work.  You really do a great job on this site.


I have the power to channel my imagination into ever-soaring levels of suspicion and paranoia.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users