Re: malware

Started by Baz, Nov 09, 2010, 19:23:43

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Baz

did a check earlier with Malwarebytes and it flagged 3 items but I think they were the warnings windoze gives for no firewall/AV protection etc. think it was Disabled Security Centre  in the registry.  Do I remove them or not

Simon

I thought this was a clean Windows installation? 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Baz

it is   what have I done wrong?

Rik

Not installed AV as soon as you'd activated?
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Baz

wheres Simons post gone :dunno:

AV was first thing I put on Rik

Simon

Sorry, I removed my post asking if this was the new Windows installation, as I thought I'd miread Baz's post. 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

I'm confused, so I'm going to go and eat. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Ray

Ray
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

Quote from: Baz on Nov 09, 2010, 19:30:24
wheres Simons post gone :dunno:

It's back now.  ;D

I'm also confused as to what these messages are.  Are you saying they were just notifications that the security centre wasn't active?
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

armadillo

Baz, if you can post screen shots of the messages from Malwarebytes, it would help.

Baz

I think thats what they are Simon heres a pic




BTW  off topic here why cant you add an image if you use the quick reply box

Simon

Because it's supposed to be quick.  ;)
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Steve

The attached image to me says one of two things either the firewall ,updates and AV are off or the notifications to tell you that these services are not running has been disabled.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Baz are you running a AV suite that disables the security centre and uses its own version? So it lets you know when there are updates, has its own firewall and of course AV?
Damned, if you do damned if you don't

Glenn

I'm thinking it looks like Antivirus 2010, or one of it's clones has installed.
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Baz

Quote from: Steve on Nov 10, 2010, 12:24:21
The attached image to me says one of two things either the firewall ,updates and AV are off or the notifications to tell you that these services are not running has been disabled.

just checked and I do have the notification turned off,firewall is on....on a side note is it a good idea to use windows firewall as well as the router one or just one of them.I think i ran it with just the router before


Gary, I run NOD32 AV.dont think it turns off any thing

Gary

Quote from: Glenn on Nov 10, 2010, 12:53:02
I'm thinking it looks like Antivirus 2010, or one of it's clones has installed.
Its possible the rouge AV's are hard to pick up by some AV's still. When I used to wipe a hardrive I used Darik's Boot And Nuke, a simple wipe  just marks the space as free where as Boot and Nuke wipes the drive thoroughly. Not sure if a virus  survives a normal wipe?
Damned, if you do damned if you don't

Gary

Quote from: Baz on Nov 10, 2010, 12:54:37
just checked and I do have the notification turned off,firewall is on....on a side note is it a good idea to use windows firewall as well as the router one or just one of them.I think i ran it with just the router before


Gary, I run NOD32 AV.dont think it turns off any thing
I would definitely use Windows firewall as well as the routers Baz.

Try this to reset your security centre

. Go to control panel and open Administrative tools.
2. Click on services.
3. Go down to Windows Management Instrumentation.
4. Stop this service. Stop Security Center service too.
Set them to Automatically start.
5. Exit out of this area, to your desktop.
6. Right click Start, and choose Explore.
7. Go to c:\windows\system32\wbem\repository.
Delete this subdirectory ONLY.
Leave the others there.
8. Exit back to your desktop and reboot your computer (you might need to boot twice).

That will fix any issues with things not being recognised if the registry has got messed up
Damned, if you do damned if you don't

Simon

Can you expand the Vendor column to reveal any more information, Baz?
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Baz

Quote from: Simon on Nov 10, 2010, 13:28:49
Can you expand the Vendor column to reveal any more information, Baz?

in where Simon?

sorry I got it now.It just says Disabled.Securitycenter

Baz

Gary if I reset that will it start all the annoying pop ups telling me I havent got this set or AV is out of date etc.Thats why I stopped it originally.Do I need it on

Simon

It's telling you you're not protected, Baz, but if you've got AV and security installed, and updated, you shouldn't get the popups. 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Glenn

#22
Quote from: Baz on Nov 10, 2010, 14:12:51
Gary if I reset that will it start all the annoying pop ups telling me I havent got this set or AV is out of date etc.Thats why I stopped it originally.Do I need it on

Classic Antivirus 2009/10 behaviour
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: Glenn on Nov 10, 2010, 14:51:22
Classic Antivirus 2009/10 behaviour
It does sound like it, reset it anyway if you get those popups you may well have a security issue, and need to run something better than Nod32 its not great at picking up things like AV 20009/2010. Disable your System restore as well when you run an AV as system restore will basically copy the rouge av anyway. Try using something else other than Malwarebytes to see what comes up, Prevx would be good if you can install it. If you have been infected again, then you have security issues with your system somewhere.  :( turn the firewall on and what date are your nod32 updates at? Have you got all your MS patches as well?
Damned, if you do damned if you don't

armadillo

Quote from: Gary on Nov 10, 2010, 16:06:54
.. need to run something better than Nod32 its not great at picking up things like AV 20009/2010.

I do not understand what you mean. NOD32 has one of the highest detection rates of any AV system and it is non-intrusive. When you say "picking up things like AV 20009/2010" (and I assume you mean 2009/2010), what are you referring to? Is AV2009/2010 a virus that you say Nod32 does not pick up or do you mean a version of Norton or Kaspersky, i.e NAV2010 or KAV2010 is better than NOD32? IMHO, NOD32 knocks the socks off Norton though Kaspersky is excellent if your system is compatible with it. I was a beta tester for Kaspersky for a year or so but I got several blue screens per day (even with the final release candidate) and eventually settled on NOD32 as I got fed up after about 100 restores of my system with Acronis True Image.

PS - one can never tell without facial expressions to go by. I am not being combative. I am just genuinely interested in what you mean because I did not understand it.