Jump to content

disabled security center


lubhas
 Share

Recommended Posts

Hi,

My computer was infected and this webpage opening automatically "http://www.big-think.info/misc/home-based-business.html"

I ran Malwarebytes and got this mbam-log.

I have deleted C:\RECYCLER\S-1-5-21-5734621702-1190962137-949962179-0756\MsMxEng.exe (Worm.Autorun.:) -> Delete on reboot.

Can you please tell me can I restore these registries.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

mbam-log-2009-12-27

Malwarebytes' Anti-Malware 1.42

Database version: 3437

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

12/27/2009 5:08:23 AM

mbam-log-2009-12-27 (05-08-23).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)

Objects scanned: 140010

Time elapsed: 16 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\RECYCLER\S-1-5-21-5734621702-1190962137-949962179-0756\MsMxEng.exe (Worm.Autorun.:) -> Delete on reboot.

Link to post
Share on other sites

;)

Please help me..... I am new to this and I am not well aware of how things happen in this forum.

please tell me can I restore these registries.

Hi,

My computer was infected and this webpage opening automatically "http://www.big-think.info/misc/home-based-business.html"

I ran Malwarebytes and got this mbam-log.

I have deleted C:\RECYCLER\S-1-5-21-5734621702-1190962137-949962179-0756\MsMxEng.exe (Worm.Autorun.;) -> Delete on reboot.

Can you please tell me can I restore these registries.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

mbam-log-2009-12-27

Malwarebytes' Anti-Malware 1.42

Database version: 3437

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

12/27/2009 5:08:23 AM

mbam-log-2009-12-27 (05-08-23).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)

Objects scanned: 140010

Time elapsed: 16 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\RECYCLER\S-1-5-21-5734621702-1190962137-949962179-0756\MsMxEng.exe (Worm.Autorun.:o -> Delete on reboot.

Link to post
Share on other sites

As far as I know the Security Center notifys are in fact fixed by MBAM. Those 'infections' regarding Security Center might not be actual infections at all but values changed from the Windows defaults.

In this case MBAM detects them and when fixing restores them to Windows defaults.

Regarding this I can not comment:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Does your Quick Scan now come up clean? Please update your MBAM via built-in updater and run Quick Scan.

Link to post
Share on other sites

As far as I know the Security Center notifys are in fact fixed by MBAM. Those 'infections' regarding Security Center might not be actual infections at all but values changed from the Windows defaults.

In this case MBAM detects them and when fixing restores them to Windows defaults.

Regarding this I can not comment:

Does your Quick Scan now come up clean? Please update your MBAM via built-in updater and run Quick Scan.

Thanks. This time MBAM

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.