Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Automatic Updates Automatically Disables After Reboot


  • Please log in to reply
4 replies to this topic

#1 DavidWu007

DavidWu007

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 25 November 2013 - 02:06 AM

Greetings fellow people,

 

I have a Dell Studio 1735 running Vista Ultimate 32-bit.

Recently I updated Microsoft Security Essentials (MSE) and downloaded a couple of .mp3 music files.

At the same time I also noticed a strange error with my laptop..

 

Everytime I turn my machine on, I get this 'red shield with an [X]' icon on my taskbar.

When I click it, I get taken to windows security center and my [Automatic updating] is disabled.

On rare occasions, ALL of the items in windows security center are disabled.

So I turn it back 'em on; only to have it disabled on my next startup.

 

I suspected I may have a malware issue here so I ran a couple of full scans.

MSE found nothing.

MalwareBytes Anti-Malware came out empty as well.

IObit Malware Fighter also landed on nothing.

 

Right now I have no solutions to this problem.

I'm seeking some advice and any help would be greatly appreciated!

Thanks in advance.

 

P.S. My recently downloaded .mp3 files have not been removed as I do not know if this issue is related to them.



BC AdBot (Login to Remove)

 


#2 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:10:33 PM

Posted 25 November 2013 - 03:29 AM

Hey man,

can you get onto your OS at all.  Meaning in normal boot or in Safe mode?

Do you have more than one antivirus running, if so the new or other antivirus will always try to disable security center being that with the expection of MBAM you dont want two antiviruses running, they will fight eachother. 

To stop the issue try this

 

After you login

 

Press Windows key + R

Type: services.msc

Scroll down to Windows Defender

Select it make sure it is running and it is status is set to Automatic.

If not fixed AND if you have another antivirus you can either delete the 3rd party antivirus, or in this same services.msc turn off windows defender, which most antiviruses will do for you be default.

 

Still broken

this is from www.answers.microsoft.com

 

But BEFORE you do any of this please backup your files and make a recovery disc so IF something happens you can get back to at least where you are now.  If you have any questions please ask me before you post.  I will check back around noon CST USA.

Try the above stuff first and reboot, then do the below, but BACKUP first  here is a guide from Microsoft.com

 

 

 

Consider changing the way Security Center alerts to disable the warning.

 

There have been some recent reports of this situation. It may be due to a miscommunication between MSE and the WMI database. It may also be due to undetected malware.

Some people report that opening MSE, performing an update check and turning off and back on again the MSE real time protection resolves the issue temporarily or permanently.

 

If the WMI repository is broken, the following may help:

We've seen a number of reports here of this behavior following the recent upgrade of MSE.

I suspect that there are multiple causes.

Some have reported that uninstalling and reinstalling MSE resolves it.

Others have said that forcing an update or running a scan with MSE each time it happens solves it after a few days.

Others have reported that turning real time protection of and back on has resolved it.

And still others indicate nothing fixes it.

The problem can also be due to a broken WMI repository (see below) and perhaps a resource issue -- that is, the PC is low on memory or running slowly due to many programs and processes starting with Windows causing MSE and the Alert Center to not communicate in a timely manner after which it gives up (either reporting status to WMI, or WMI querying the MSE status). Try a clean boot or disabling excess startup programs to see if that's your case. 

Here are procedures to correct the WMI repository that causes the Windows Security Center to report that no antivirus, antispyware, or firewall is active, yet MSE is actively protecting your PC and in green status.

 

When running this in Vista7, you must run the procedures as an administrator, elevated.

 

Method A

Start>Run>services.msc [enter]

Scroll down to Windows Management Instrumentation and double-click it.

Now click on the "Pause" button. Leave that window open and double-click

My Computer. Navigate to %systemroot%\Windows\System32\wbem (where

%systemroot% is the drive where XP is installed). Delete the Repository

folder and *only* the Repository folder. Now go back to the WMI service

window you left open and restart the service.

This will rebuild the Repository and hopefully straighten out the

incorrect entries for all your duplicates.

In order to see the Windows files, you may need to unhide them:

Make sure you are able to see all hidden files and extensions (View tab

in Folder Options).

Check "Display the contents of system folders".

Check "Show hidden files and folders".

Uncheck "Hide protected operating system files" and click "OK" to the

dialog box.

 

Method B from MVP Torgeir Bakken (more elegant)

Open a command window (Start/Run --> cmd.exe) and run the following commands:

 

net stop winmgmt

cd /d %windir%\system32\wbem

ren repository repository.old 

(or delete it using the command "rd /s repository" instead of the ren command)

net start winmgmt

It may take a minute or so to complete while WMI rebuilds the database.

 

Alternatively, see this blog post: http://ashwinrayaprolu.wordpress.com/2011/05/13/repairing-fixing-wmi-repository/

 

If you suspect an infection:

You can start here:  https://consumersecuritysupport.microsoft.com/  (which will lead to the paid support options of http://www.answerdesk.com if you are in the US)

In other regions not served by the link above, go here:   http://Support.microsoft.com/security and go to the “assisted support” or contact us menu.

This web site - http://www.bleepingcomputer.com -  contains details for many of the common infections, often immediately after they began to appear in the wild, and instructions are provided for how to remove the infections using their malware removal guides. They also have forums where you can seek help from people who specialize in malware removal.

 

This may also be helpful - How to get rid of malware:

http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/how-to-get-rid-of-malware/ba80504b-61f1-4d71-960f-b561798b7b42

 

Try Hitman Pro Trial Version: http://www.surfright.nl/en/hitmanpro This program may be run from a flash drive. You may need to run it in Safe Mode or Safe Mode With Networking.

And/or

Try TDSS Killer: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller TDSS Killer may be run from a flash drive. You may need to run it in Safe Mode or Safe Mode With Networking.

 


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?

#3 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:10:33 PM

Posted 26 November 2013 - 03:27 AM

i know I put alot in this post, but how are you doing.


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?

#4 DavidWu007

DavidWu007
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 PM

Posted 26 November 2013 - 06:56 PM

I used Method A and the WMI doesn't seem to be the issue.

I entered safe mode and ran TDSS Killer and Hitman Pro scan a couple times.

On my final Hitman scan I got these results:

 

FKFKFFKFKFKFK.jpg

I can't remove it since my trial is expired and I don't know to what degree its harm is.

 

I'll probably hit up the microsoft website when I have the time.

As of right now I still have university and I have to study for my finals right now.

So I'm not checking this thread daily.


Edited by DavidWu007, 26 November 2013 - 06:58 PM.


#5 czarboom

czarboom

  • Members
  • 608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central Texas
  • Local time:10:33 PM

Posted 27 November 2013 - 12:07 AM

These are standard tracking cookies from Chrome it seems, except the malware, thats a virus.  to double check print off the file paths, or write or copy them paths and go to each one.  But before that you can look at this site

https://www.virustotal.com/en/

This a a virus scanner from top companies in the business, so like 52 of them.  You can find it by the file path, online etc.  and click and drag the file to this browser site, and it will scan it and tell you if anyone knows anything about. it

Then if you havnt tried it already go to

http://www.bleepingcomputer.com/tutorials/repair-windows-with-windows-startup-repair/

to run startup repair mode,

If you did it then dont worry about it, I do about 5 of these at a time so sometimes I get the past confused without logs to read

 

When you used Hitman, were you in safemode with network,

If not them Hitman will mark abunch of programs as false positives..  Also make sure the anit virus is disabled, firewall and that jazz.  Then run as you would.

 

Again if this doesnt work, you need to refresh, or reboot your OS.  See the above instructions.  Is the BIOS correct also? 

Please let me know what steps from above you have completed, and what is the result. 

DOING THIS OUT OF ORDER is not a good thing, and can result is big issues, so please go through this WHOLE process.  I understand college, doing it while I do this, but no worries if you got more pressing stuff, just private message me or reply here, with steps completed, and results

good luck


CZARBOOM 
 
"Never Stop Asking Questions, Question Your Environment, Question Your Government, above all Question Yourself.  We all lose when you Stop asking Why?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users