Re: Malware and disabled security center

As far as problems with the Windows Firewall and Windows Updates logon as an
administrator and then use regedit to open the registry editor. Go to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies and right click and select export.
Choose a name and save the key to a folder. Hopefully you will not need it
again but this is best practice when messing with the registry to save
existing configuration before making a change. Then go down to Microsoft,
select Windows Firewall, right click and select delete. Do that same for
Windows\WindowsUpdate. Then reboot your computer and see if that helps. I
HIGHLY recommend that if at all possible you do not allow other users to be
local administrators on your computer or you do not use your local
administrator account unless needed as that malware or spyware needed
administrator access to do the changes that it did. The risk is particularly
high when using any internet application or opening email. --- Steve

http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx
-- Protect Your PC tips

"Dan_E" <Dan_E@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D62F3343-AC4E-4217-B9FC-A66530B02647@xxxxxxxxxxxxxxxx
Ugh, same problem with me, I have been chasing this one for a week. This
has
been the only place I have found the exact symptoms to my problem, however
I
have not seen any posts from users who were able to correct the errors.

I will try the suggestions here and report back.

"AZK" wrote:

My daughter's computer (HP running WinXP Home SP2) has the same problem
as
previously posted by another user. My daughter(who says she knew better)
clicked on a suspicious link in an AIM message she received, AIM went
crazy,
and now Windows Security's firewall is disabled and auto update turned
off,
with the ability to turn the firewall back on denied because of a group
control issue. The fix suggested by Bruce Chambers to the other poster
to go
into group policy editor (start-run-gpedit.msc) would not work for me,
windows said it could not find it. McAfee found no virus, Ad-Aware found
no
malware, but Spybot found 6 entries that all relate to windows security
center--it says it fixes them but the firewall problem remains and when I
run
Spybot again it finds the same 6 entries. They are all registry changes,
they read as follows:

WindowsSecurityCenter.AntiVirusDisableNotify
settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusDisableNotify!=dword:0

WindowsSecurityCenter.AntiVirusOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusOverride!=dword:0

WindowsSecurityCenter.FirewallDisableNotify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\FirewallDisableNotify!=dword:0

WindowsSecurityCenter.SP2Update
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wondows\WindowsUpdate\DoNotAllowxps2!=dword:0

WindowsSecurityCenter.UpdateDisableNotiry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\UpdayesDisableNotify!=dword:0

Any help would be appreciated, as I just spent many hours getting rid of
the
downloader-AWX Trojan that McAfee found but could not remove, and now
this.

Signed,
A weary not-really-computer-savvy Mom who has better things to do. LOL








.