Jump to content

'UpdatesDisableNotify' registry item found on scan


Recommended Posts

Good morning,

For the record I am running a Compaq Presario AMD Athlon 64 Processor 3300+, 2411MHz/1.93 GBs RAM, running Windows Xp Home, SP3., with IE8, and using Avast as my anti-virus and Comodo as my firewall along with other Spyware programs including Malwarebytes AntiMalware 1.44 (Free). All programs are completely updated and patched.

This morning during my Malwarebytes scan it found: Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0)

After reading about similar scan results on this forum I went ahead and had Malwarebytes 'remove' it and now I see it is in my 'quarantine' folder.

My question is two-fold:

(1) What caused this to happen?

(2) Can I safely delete it from Quarantine?

Thanks and regards,

2harts4ever

Link to post
Share on other sites

Hello, welcome to MalwareBytes, and good afternoon.

A malware more than likely caused the setting to be changed so that you would not be notified of Windows updates.

You did right, and yes, you can have it permanently deleted.

But I also would highly urge you to a) get your antivirus program updated & B- have your AV program do a full scan.

Hopefully the result will be nothing found.

Next, start MBAM, force an Update and then do a full scan.

Link to post
Share on other sites

Hello, welcome to MalwareBytes, and good afternoon.

A malware more than likely caused the setting to be changed so that you would not be notified of Windows updates.

You did right, and yes, you can have it permanently deleted.

But I also would highly urge you to a) get your antivirus program updated & B- have your AV program do a full scan.

Hopefully the result will be nothing found.

Next, start MBAM, force an Update and then do a full scan.

Hi Maurice

I have the same report as 2harts4ever, but in my case I explicitly set my Windows Automatic Updates to notify me but not automatically download or install updates (guess who I don't trust :)), I have Windows firewall turned off (ZoneAlarm does the job better for me) and I use ClamWin (updated daily) for antivirus work (used to use Defender but it was a mess).

I just wanted to confirm that I can safely ignore the registry reports - there were three entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [DDCE48E4F4FA04EE593E673D3DA1B2EB]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [82410135D61B335E0D089A7D56C1A587]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [CEF49A219B20AFD3DF88001F7ECBE25D]

Two empty folders were also reported, and I can't remember whether the contents were likely to have been deleted during prior cleaning efforts months or years ago using other products, but either way I'm confident that those are OK to ignore.

So far I'm impressed with MalwareBytes' performance for quick scans.

Best,

Peter

mbam_log_2010_02_24__11_26_18_.zip

Link to post
Share on other sites

Hi Maurice,

I appreciate your response. My Avast is updated and shows nothing when I run a full scan so I guess I am okay.

My main reason for posting was to see if it was okay to delete this entry from the quarantine folder. Unless I hear back from you I will do just that.

Thanks and regards,

2harts4ever

Link to post
Share on other sites

Hi Maurice

I have the same report as 2harts4ever, but in my case I explicitly set my Windows Automatic Updates to notify me but not automatically download or install updates (guess who I don't trust :)), I have Windows firewall turned off (ZoneAlarm does the job better for me) and I use ClamWin (updated daily) for antivirus work (used to use Defender but it was a mess).

So far I'm impressed with MalwareBytes' performance for quick scans.

Best,

Peter

Hi there,

I strongly advise you to take another Antivirus, like Avira, Panda Cloud, Avast (all free).

Reason is that I believe ClamWin does not use realtime scanning, and I suppose it does not have a proactive protection either. This is really imortant if you don't want to get infected.

Also, Malwarebytes protection module can provide you with an extra protection layer.

Hope this helps :) .

Link to post
Share on other sites

Hi there,

I strongly advise you to take another Antivirus, like Avira, Panda Cloud, Avast (all free).

Reason is that I believe ClamWin does not use realtime scanning, and I suppose it does not have a proactive protection either. This is really imortant if you don't want to get infected.

Also, Malwarebytes protection module can provide you with an extra protection layer.

Hope this helps :) .

Hi Blaze

I used to use other AV products (some commercial, some free) but all of them slowed the system down so badly that work became impossible. The number of false positives was also IMHO unacceptable.

Over time I've tried:

AntiVir

Avast

AVG

BitDefender

F-Prot

F-Secure

McAfee

Panda

Sophos

Symantec

TrendMicro

I chose ClamWin on the advice of a seasoned expert, precisely because it's a manual scanner, so that there isn't the constant drain on resources.

From time to time I use http://www.virustotal.com when I need to assess suspect files, and it's amazing how much disagreement there can be in the results.

I tend to keep all my systems under as much control as I can otherwise.

For example, I have a hosts file that's gi-normous (600K) and which keeps access to the nastier sites to a minimum, since I access the 'Net for work very frequently (been online since about '90 - before the advent of the Web - even met my wife online through UseNet in 1994).

I use ZoneAlarm (free version) and restrict everything as much as it allows (for being free). That can be a little irritating at times but IMHO it's worth it.

My access to the outside world goes through a wi-fi router and then a cable modem. The wi-fi access isn't as tightly controlled as I would like but not all the devices accessing it are equally capable. But I still limit the assigned IPs to a handful, and each accessing device is also controlled for assigned name and MAC address. Access to the router uses 128 bit encryption and four key WEP (which I know isn't good but it's the highest common denominator for now).

In all those years I've had a small handful of mostly minor infestations - nothing to even need to restore from a backup - while others around me seem to get hammered on a regular basis.

And depending on the results of my trials of MalwareBytes, it could be added to my arsenal if I can determine a level of trust in the accuracy of the reports. They don't have to be 100%, just consistent and able to be interpreted by me so I don't go off half-cocked.

For example, on another system MalwareBytes has flagged a bunch of files including the zip of a .bmp that I created years ago from a digital image and which has been tested repeatedly and come up clean. I'll finish running tests on the reported files and then post the results here for info.

Thanks for the suggestions - always appreciated. Maybe virtualization will stop much of this from happening in the near future. Maybe.

Best,

Peter

Link to post
Share on other sites

Hi Maurice

I have the same report as 2harts4ever, but in my case I explicitly set my Windows Automatic Updates to notify me but not automatically download or install updates (guess who I don't trust :)), I have Windows firewall turned off (ZoneAlarm does the job better for me) and I use ClamWin (updated daily) for antivirus work (used to use Defender but it was a mess).

I just wanted to confirm that I can safely ignore the registry reports - there were three entries:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [DDCE48E4F4FA04EE593E673D3DA1B2EB]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [82410135D61B335E0D089A7D56C1A587]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. [CEF49A219B20AFD3DF88001F7ECBE25D]

..............

Best,

Peter

Hello Peter,

I'd have MBAM remove those 3 entries. Then go check Security Center and visually re-check your settings.

I have no issue with you using ClamWin (as you noted in later post).

Also, I too have AU set to notify but not auto-download. But that being said, I keep up with updates.

Link to post
Share on other sites

Hello Peter,

I'd have MBAM remove those 3 entries. Then go check Security Center and visually re-check your settings.

I have no issue with you using ClamWin (as you noted in later post).

Also, I too have AU set to notify but not auto-download. But that being said, I keep up with updates.

Hi Maurice

OK, will do. Knowing how some options of Microsoft's products seem to need to be unchecked/rechecked to make them function as they should, I can understand that. I'll rescan afterwards.

I too keep up with updates - but I do my own manual setting of a restore point immediately prior :)

Best,

Peter

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.