Results 1 to 13 of 13
  1. #1
    New Lounger
    Join Date
    Mar 2010
    Location
    Detroit, MI, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Security Center reports multiple AVs & firewalls

    Win-XP SP3
    Security Center incorrectly reports that multiple AVs and firewalls are running. I uninstalled all AV and firewalls and determined that the problem goes back 6 months when "Security Master AV" got into system. That was successfully removed (well, so I thought, anyway). Can't find any registry entries (even offending CLSID removed!) or files/folders from that infection. Multiple AV/AM scans show system is clean.

    Can anyone identify Security Center's source for info it displays? Any other ideas as to where problem may originate or suggestions for resolution?

    I have reinstalled firewall (ZA) and AV/AM (MSE V2), so I am good from that standpoint, but it would be great if Security Center issue were cleared up. Thanks!

  2. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Langa Letter: XP's No-Reformat, Nondestructive Total-Rebuild Option

    A repair install of Windows XP may resolve the issue with security center provided that the original trojan has been eliminated.

    How to disable the security Center under windows XP?

    Or you could just shut down all security center messages and warnings.
    Windows XP's security center is not too terribly effective imo at any rate.

    Personaly, I'd shut down security centers warnings and messages before considering
    the above repair option.

    You need to be confident the trojan has been removed and
    the messages are indeed a result of a corruption of the security center itself.

    I recommend also running the free version of MBAM as a second opinion prior to
    any of the above.

  3. #3
    Lounger MaBelleMichelle's Avatar
    Join Date
    Jan 2011
    Location
    Imagine
    Posts
    34
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by CLiNT View Post
    You need to be confident the trojan has been removed and
    the messages are indeed a result of a corruption of the security center itself.
    I would run your AV/AM in Safe Mode before I was "confident" that the trojan was removed. Have you done that?
    Sont des mots qui vont très bien ensemble

  4. #4
    New Lounger
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    20
    Thanks
    0
    Thanked 1 Time in 1 Post

  5. #5
    New Lounger
    Join Date
    Mar 2010
    Location
    Detroit, MI, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks, Clint.
    Virus/Trojan Removal Status: This is a dead puppy. Dead, buried, and then banished to the netherworld.
    Repair Install: Only value in this that I see would be to correct the problem by basically reinstalling. Not really worth the effort for this problem.
    Shutdown SC Messages: Not a bad idea since two out of the three categories (AV/AM, Firewall, Automatic Updates) are valueless if I can't find the solution. Still, this is basically a cosmetic solution ("Go away, child, you're bothering me").
    I installed and ran COMODO, ESET, SuperAntispyware, and a few others already. Plus a couple of online scans. MBAM is always on the system as the free version is "on demand" and does not interfere with runtime software. Every one of them reports an absolutely clean system.

    Still, I sincerely appreciate your response and hope you understand if I "hold out" to see if anyone knows the answer to where SC gathers its info from.

  6. #6
    New Lounger
    Join Date
    Mar 2010
    Location
    Detroit, MI, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sorry, Ack ... thanks for the input (and I didn't mean for it to seem that I ignored your assistance).
    Yes! That is exactly where I started when I removed it back in July, 2010. (bleepingcomputer,com is always a good place to start and is often the only info/instructions required!)
    Double-checked all files and registry entries. Actually found that the filenames were different (common situation these days). Scanned system (including registry) for matches on all files and registry entries. Clean, clean clean. Only hits were on "Security Master" and these were only in the "Search MRU" entries.

  7. #7
    New Lounger
    Join Date
    Mar 2010
    Location
    Detroit, MI, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    MaBelleMichelle,
    Where are my manners! As with "ack", I simply passed right by your post. Sincere apologies to you (as well as reiterating them to "ack").
    Yes. Ran AV/AM in both Safe Mode and "normal startup". I ran each AV/AM installed (as noted in my previous reply) plus MBAM which I updated just prior to first reboot into Safe Mode.
    There are no symptoms of the infection on the system except that SC reports incorrectly. It's a "head scratcher", for sure! That is why I believe that SC is reporting "incorrectly". (If I knew where it gathered its info from, I could at least know why this is occurring.)

  8. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Hi,

    See if the procedure explained here helps: http://www.pchell.com/support/multip...y_center.shtml

    Regards

    Rui

  9. #9
    New Lounger
    Join Date
    Mar 2010
    Location
    Detroit, MI, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rui,
    Thanks for that. Sounds like it should solve the problem. Will do this and get back to you as soon as I can (not for a day or two probably, so please bear with me).

  10. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by Klatu240 View Post
    Rui,
    Thanks for that. Sounds like it should solve the problem. Will do this and get back to you as soon as I can (not for a day or two probably, so please bear with me).
    No problem, just let us know how it goes when you complete it.

    Regards

    Rui

  11. #11
    Lounger MaBelleMichelle's Avatar
    Join Date
    Jan 2011
    Location
    Imagine
    Posts
    34
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Great "Fix" and hope it does the trick!!!
    Sont des mots qui vont très bien ensemble

  12. #12
    New Lounger
    Join Date
    Mar 2010
    Location
    Detroit, MI, USA
    Posts
    7
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rui, MaBelleMichelle, and everyone else who had advice for me:

    Thanks much to all of you. Rui's link to "pchell.com" was exactly what the doctor ordered. Worked great and took very little time to complete.

    One thing, however: Upon reboot, Security Center was still reporting multiple firewalls (though the AV status was reporting correctly). I thought perhaps I may have checked too quickly after reboot, so I closed SC, waited a minute, and then looked again. Still the same! So I opened the Windows Firewall applet, noticed that the Windows Firewall was "OFF" (correct -- I use ZoneAlarm on that system), and decided to turn the Windows Firewall "ON", wait about 1 minute, turn it "OFF" again, wait 1 minute and then rechecked SC. Everything is being reported correctly now.

    You guys may just be my best friends now! Thanks again (and again) !!

  13. #13
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I am glad it's finally solved .

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •