Jump to content

3 problems found


Recommended Posts

Last week I reported some problems MB scan found which were F/P.

Today I ran a scan and 3 more problems were found:

All three read:

Vemdor: Hijack Security Cemter

Category: Registry Data

Items:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

Other: Bad (1) Good (0)

Action Taken: No action taken

Link to post
Share on other sites

Not FPs. If you or a program you know set them, add to them to ignore and they won't show up again.

Do you know what these three exceptions pettain to? I ran a scan a few days ago and nothing found. Today I did a download of latest MB updates and then ran a scan and got these 3 exceptions.

What could be causing it? I always do manual updates of Windows Critical Updates, but never got these MB exceptions before. Could it be something new added to this latest download of MB updates that would pick that up?

Alice

(I ran a scan with NIS and SpyBot and nothing found.)

Link to post
Share on other sites

Could it be something new added to this latest download of MB updates that would pick that up?

Yes, it was added to the definitions in the last 2 days

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Hijack.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

I have Security Center disabled myself

Link to post
Share on other sites

Yes, it was added to the definitions in the last 2 days

I have Security Center disabled myself

Did you get the same 3 exceptions I did?

If you did, how did you correct?

I your Security Center still in your Control Panel. Mine is not showing any longer!

Link to post
Share on other sites

If you go into the XP Security center, click on "Change the way security center alerts me", and uncheck all 3 boxes, you will get those three warnings in your scan. As was mentioned, simply add them to your ignore list if you or a program disabled the notifications.

Regarding Security Center missing from Control Panel, I doubt it's related to MBAM.

Link to post
Share on other sites

If you go into the XP Security center, click on "Change the way security center alerts me", and uncheck all 3 boxes, you will get those three warnings in your scan. As was mentioned, simply add them to your ignore list if you or a program disabled the notifications.

Regarding Security Center missing from Control Panel, I doubt it's related to MBAM.

If you unchecked all three boxes, then Automatic Updates would be enabled (ON). Why would MB show you that there were 3 exceptions if Automatic Updates was ON?

Also, why is MB notifying us of MS security settings? I know many people who do not want automatic updates and want to update manually. I presume that all of them will also be receiviang these MB exceptions (Hijack Security Center).

Why is MB getting involved in MS security center? Very, very confusing to me and probably many others.

(Does anyone know why the Security Center is missing in the Control Panel?)

Link to post
Share on other sites

If you unchecked all three boxes, then Automatic Updates would be enabled (ON). Why would MB show you that there were 3 exceptions if Automatic Updates was ON?

Also, why is MB notifying us of MS security settings? I know many people who do not want automatic updates and want to update manually. I presume that all of them will also be receiviang these MB exceptions (Hijack Security Center).

Why is MB getting involved in MS security center? Very, very confusing to me and probably many others.

(Does anyone know why the Security Center is missing in the Control Panel?)

Having these boxes unchecked does not mean that Automatic Updates is on or off, but rather that it won't notify you if it's off. Why does MBAB notify you of this? Because some malware uncheck this box without the user's knowledge. I have automatic updates disabled, and I don't want security center hounding me on this.

It's simply alerting the SC notifications are disabled. If a user says "Wait, I didn't disable those notifications", it could be an indicator that malware did so without their knowledge.

You may have become infected with malware that removed the .cpl file for Security Center, thus why it's not appearing in Control Panel. You can try the steps below to restore it:

First off, the following procedure will launch Windows Security Center.

Start -> Run -> wscui.cpl

One workaround to your current problem would be to go to

C:\Windows\System32, right click on wscui.cpl, and select Send to -> Desktop

(create shortcut). This would at least give you a way of launching Security

Center should you not be able to restore the Control Panel icon.

As for the missing icon in Control Panel, run the Registry Editor (Start ->

Run -> regedit.exe) and navigate to the following registry key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control

Panel\don't load

Take a look in the right hand pane for an entry containing mscui.cpl. If

found, right click on it and delete it.

Link to post
Share on other sites

Having these boxes unchecked does not mean that Automatic Updates is on or off, but rather that it won't notify you if it's off. Why does MBAB notify you of this? Because some malware uncheck this box without the user's knowledge. I have automatic updates disabled, and I don't want security center hounding me on this.

It's simply alerting the SC notifications are disabled. If a user says "Wait, I didn't disable those notifications", it could be an indicator that malware did so without their knowledge.

You may have become infected with malware that removed the .cpl file for Security Center, thus why it's not appearing in Control Panel. You can try the steps below to restore it:

First off, the following procedure will launch Windows Security Center.

Start -> Run -> wscui.cpl

One workaround to your current problem would be to go to

C:\Windows\System32, right click on wscui.cpl, and select Send to -> Desktop

(create shortcut). This would at least give you a way of launching Security

Center should you not be able to restore the Control Panel icon.

As for the missing icon in Control Panel, run the Registry Editor (Start ->

Run -> regedit.exe) and navigate to the following registry key.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control

Panel\don't load

Take a look in the right hand pane for an entry containing mscui.cpl. If

found, right click on it and delete it.

You said "Take a look in the right hand pane for an entry containing mscui.cpl. If found, right click on it and delete it."

Did that and 'lo and behold' - Security Center is back in Control Panel. Thanks much for your help.

Alice

#1- When the 3 Security Center 'errors' show up after the MB scan, I should click on Ignore, correct?

#2- I notice when I click on the Ignore and try to close the MB, I get a pop-up that reads:

"A scan is in progress. Are you sure you want to close MB?"

What is that all about? I thought the scan was finished and when I clicked on Ignore for all 3 'exceptions,' I would be allowed to close MB. The pop-up box has YES and NO under the wording. Should I just click on YES?

Link to post
Share on other sites

You said "Take a look in the right hand pane for an entry containing mscui.cpl. If found, right click on it and delete it."

Did that and 'lo and behold' - Security Center is back in Control Panel. Thanks much for your help.

Alice

#1- When the 3 Security Center 'errors' show up after the MB scan, I should click on Ignore, correct?

#2- I notice when I click on the Ignore and try to close the MB, I get a pop-up that reads:

"A scan is in progress. Are you sure you want to close MB?"

What is that all about? I thought the scan was finished and when I clicked on Ignore for all 3 'exceptions,' I would be allowed to close MB. The pop-up box has YES and NO under the wording. Should I just click on YES?

Good, I'm glad that took care of it. Something must have moved it to to the "don'tload" key.

1. That is correct.

2. Come to think of it, I had the exact same thing happen a couple days ago. I ended up having to kill the MBAM app. Maybe one of the MBAM mods could comment on this? I really didn't think much of it. I'll try another scan today and see what happens. (I'm sure it will display the 3 "HijackSecurityCenter" warnings . . .

Link to post
Share on other sites

Good, I'm glad that took care of it. Something must have moved it to to the "don'tload" key.

1. That is correct.

2. Come to think of it, I had the exact same thing happen a couple days ago. I ended up having to kill the MBAM app. Maybe one of the MBAM mods could comment on this? I really didn't think much of it. I'll try another scan today and see what happens. (I'm sure it will display the 3 "HijackSecurityCenter" warnings . . .

You said "I'll try another scan today and see what happens. (I'm sure it will display the 3 "HijackSecurityCenter" warnings . . . "

If you clicked on Ignore, wouldn't the 3 SC warnings NOT display again?

Link to post
Share on other sites

Update: Just did a quick scan, chose to ignore all 3 SecCenter warnings. But I did still get the "A scan is in progress, do you wish to close MBAM?", to which I answered yes and the program closed normally. Opened it back up and the ignore items are in the ignore tab, so those were saved.

Not sure, this is a new behavior that I started seeing this week. FWIW, I'm not running active protection.

Link to post
Share on other sites

Having these boxes unchecked does not mean that Automatic Updates is on or off, but rather that it won't notify you if it's off. Why does MBAB notify you of this? Because some malware uncheck this box without the user's knowledge. I have automatic updates disabled, and I don't want security center hounding me on this.

I am still trying to understand the above. I've looked in the Security Center and I have the Automatic Updates checked for "Turn Off Automatic Updates."

If I check on "Automatic," the check next to "Turn Off Automatic Updates" goes away.

You said, "if those boxes are unchecked, does not mean that Automatic Upddates is ON or OFF."

But, as I see it, if those boxes are UNchecked, the Automatic is ON. If you check one of those boxes, the Automatic check - ON - goes away.

Am I reading something wrong here? Your help would be appreciated in helping me understand. As a novice, this is all so confusing.

Thanks,

Alice

Link to post
Share on other sites

Hi all,

The reason why we are flagging these Registry values is because we are seeing a massive increase in the number of malware infections that are disabling the securit center functions during the course of compromising the victim machine.

The detections act as a repair to restore(enable) security center settings in that scenario B)

If you have knowingly disabled these settings or one of your installed softwares have disabled them then you will need to add to the MBAM ignore list or we will keep flagging and trying to re-enable them.

Unfortunetly MBAM has no way of knowing whether the security centre functions were disabled by malware or whether the end user has consented(wants them) to be switched off.

hth

Link to post
Share on other sites

#2- I notice when I click on the Ignore and try to close the MB, I get a pop-up that reads:

"A scan is in progress. Are you sure you want to close MB?"

What is that all about? I thought the scan was finished and when I clicked on Ignore for all 3 'exceptions,' I would be allowed to close MB. The pop-up box has YES and NO under the wording. Should I just click on YES?

This has happened to me whenever MBAM found something and I didn't remove the "infections". Sometimes, in a case like that, I would add the "infections" to the Ignore List but MBAM does not realize that they are not infections and thinks that there should be some action taken (remove). I think if you click "Main Menu" (if my memory serves me correctly), it will allow you to get back into the scan options.

swagger (Keith)

Link to post
Share on other sites

Alice -

You're missing a step from my post. Once in Security Center, click on "Change how Security Center Notifies Me" on the middle left hand side of the window (I believe it's in blue lettering, no button". Those are the boxes I'm referring to.

Many thanks. Now I understand. Sorry for the bother.

Link to post
Share on other sites

I just ran an MB scan (after downloading latest updates) on my grandson's Acer Aspire One 10.1" and only see one exception, which is:

Vendor: Disabled.Security Center

Category: Registry Data

Items:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdateDisableNotify

Other: Bad (1) Good (0)

Action Taken: No action taken

As you can see, the description is different than the (3) exceptions I found on my desktop. Is this 1 item that was found on the Acer the same as the 3 that were found on my desktop?

And can I just add this one (1) to the ignore list on the MB on the Acer?

Thank you.

Link to post
Share on other sites

It looks like the Acer only has notifications for Windows Update disabled, and not Firewall and AV.

Right again! Two items were still checked.

I wish I could keep you as a 'friend' when I have a problem with MB. Your explanations are so informative and "to the point."

Just wanted to mention. I did uncheck those boxes and ran another MB scan and the Acer did then come up with 3 exceptions.

But the explanations are a bit different.

The 3 found on my desktop (with WinXPsp3) were all described as:

Vemdor: Hijack Security Cemter

The 3 now found on the Acer (WinXPsp3 also) are:

Vendor: Disabled.Security Cemter

The Acer has: Disabled.Security Center and the desktop has: Hijack Security Center.

Are they both the 'same' and can I now add the 3 found on the Acer to the Ignore list?

Link to post
Share on other sites

This has happened to me whenever MBAM found something and I didn't remove the "infections". Sometimes, in a case like that, I would add the "infections" to the Ignore List but MBAM does not realize that they are not infections and thinks that there should be some action taken (remove). I think if you click "Main Menu" (if my memory serves me correctly), it will allow you to get back into the scan options.

swagger (Keith)

Re: Your: " think if you click "Main Menu" (if my memory serves me correctly), it will allow you to get back into the scan options."

Nope. Even if you click on the "Main Menu," you still get the pop-up asking "Are you sure you want to abort the scan?"

Link to post
Share on other sites

Re: Your: " think if you click "Main Menu" (if my memory serves me correctly), it will allow you to get back into the scan options."

Nope. Even if you click on the "Main Menu," you still get the pop-up asking "Are you sure you want to abort the scan?"

Next time an infection pops up, I'll be mindful of what I do to get back out and I'll post back here... Sorry about that!

swagger

Link to post
Share on other sites

Just tested it... Either way you go... If you ignore everything and hit the Remove button, it will prompt you with "There are no items left to remove" or if you hit the Main Menu button at any point, it will prompt you with "Are you sure you want to abort the scan?" Pick your poison I guess!

swagger

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.