• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1388
  • Last Modified:

security center messed up

Computer is running Windows xp pro sp3. Recently removed xp antivirus 2011. I had to renable the security center by modifying registry entries. I'm now getting the following message. " We're sorry. The security center could not change your automatic update settings. To try changing these settings yourself, go to system in control panel..." When I go to system in control panel, the automatic updater is already enabled.
0
techieguy_1000
Asked:
techieguy_1000
1 Solution
 
mrcannonCommented:
Sounds like the infection broke these settings.  I would try a system restore - if the restore points are available, then maybe Combofix and then in place repair of XP if those fail.

0
 
NivleshCommented:
also try malwarebytes from www.malwarebytes.org .. i love this software since it helps cleanup all infections
0
 
rpggamergirlCommented:
Here's another option you can try... RogueKiller, after running mode 2, also run mode 6

There's an article on RogueKiller:
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html

And as had been suggested, ComboFix here's the link, please post the resulting log.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


If the problem persists, use TDSSKiller:
Download, extract and run TDSSkiller.exe
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
techieguy_1000Author Commented:
I ran roguekiller tonight, it hung instantly, I could not choose any options. I am running combofix now, it discovered rootkit activity and is still scanning.
0
 
younghvCommented:
With RogueKiller, you will sometimes have to start it repeatedly until it will run through and give you the options you need.

I've started saving it as 'RK' when downloading it. Not sure if malware can identify it by name - but the developer does recommend multiple starts if needed.
0
 
techieguy_1000Author Commented:
Attached is the combofix log file
combofixlog.txt
0
 
rpggamergirlCommented:
ComboFix deleted a couple of backdoor files..

Did you install this program "Tarma Installer"?
If so, ComboFix had deleted it maybe because the file looks suspicious(connects remotely to download more files).
We can always get it back from the quarantine folder.

Maybe you can try dial-a-Fix, or try TDSSKiller, what CF deleted wasn't a rootkit. so if it discovered rootkit activity then I would try running TDSSKiller.
0
 
techieguy_1000Author Commented:
I have no idea what Tarma installer is, so I'm going to leave that deleted. Tdskiller did not find any infections. Dial a fix seems to have worked. The error message is gone, and I'm getting windows updates. Thank you rpggamergirl you really are a genius!
0
 
rpggamergirlCommented:
You're welcome, glad to know it's resolved.

To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /Uninstall

Or simply rename ComboFix.exe to Uninstall.exe and double click it.

Thank you for using Experts-Exchange!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now