jctcom
asked on
Event ID 1802, 1806 Source SecurityCenter
Hello I have a Windows XP Pro SP3 computer that reports that the Anti-Virus status is unknown. It also keeps posting the above errors in the Event Viewer (Application Section).
The computer in question is running Panda Internet Security 2009 (But not the firewall section. Using Windows Firewall). In doing some searching I found some references to possible WMI corruption and found a link that allowed me to rebuild the WMI structure which did get rid of some other WMI related messages in the event viewer but I can't get these ones fixed (Short of telling the Security center not to monitor the AV).
Here are the full errors: 1806
The Windows Security Center was unable to establish event queries with WMI to monitor service start/stop.
1802
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.
There was some malware that was removed but they system is coming up clean now and I have rechecked all the Windows Updates are current.
Is there a way to remove and re-install the SecurityCenter?
any help would be much appreciated.
Carl.
The computer in question is running Panda Internet Security 2009 (But not the firewall section. Using Windows Firewall). In doing some searching I found some references to possible WMI corruption and found a link that allowed me to rebuild the WMI structure which did get rid of some other WMI related messages in the event viewer but I can't get these ones fixed (Short of telling the Security center not to monitor the AV).
Here are the full errors: 1806
The Windows Security Center was unable to establish event queries with WMI to monitor service start/stop.
1802
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.
There was some malware that was removed but they system is coming up clean now and I have rechecked all the Windows Updates are current.
Is there a way to remove and re-install the SecurityCenter?
any help would be much appreciated.
Carl.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
excellent, glad I could help
you will probbly find your malware made this change?
ASKER
Didn't realize I would get to post a comment so it is posted above in the thread.
Carl.
Carl.
ASKER
You are probably right. I wish they would make an anti-virus software that actually picks up malware as well (I know most of them pick up some but they seem to miss an awful lot.)
ASKER
The malware in question was winifixer. but the client has no idea how he got it on the system. I would have thought that one would be popular enough and around long enough that Panda should have picked it up.
ASKER
Actually looking at the log there were a few other as well including "Rogue.AdProtect" and "Trojan.Zlob" But I think these were remnants of an earlier infection that might not have been totally removed?
ASKER
Thank you for the quick response and the solution.
It seems I was missing the %SystemRoot%\System32\WBEM