Vista Security Center Issue

Home | NewsGroups | Search | About

microsoft.public.security.virus

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

Subject

Author

Date

Vista Security Center Issue

Daniel

01-13-2008

Re: Vista Security Center Issue

Malke

01-13-2008

Re: Vista Security Center Issue

M.Butzin

04-06-2008

Re: Vista Security Center Issue

Malke

04-06-2008

Re: Vista Security Center Issue

M.Butzin

04-08-2008

Re: Vista Security Center Issue

Malke

04-08-2008

Posted by Daniel on January 13, 2008, 4:54 am

Please log in for more thread options

| Hi David, After reading your answer to this post i went to Task Manger
| and found five (5) svchost.exe services running - 3 Network Services ,
| and 2 System. Now after seeing your answer and checking
| Process Library and finding out this svchost.exe could be used by a
| Trojan, How can i find out the path's of these services in Task Manger
| like in your example? Thanks Ron (Defender)
|

It is common to have multiple SVCHOST.EXE processes running. Each load
specifcommunication
capabilities of the OS.

Like I said, it is not the name of the file that is important, it is the Fully
Qualified
Name and Path to that file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Posted by Malke on January 13, 2008, 9:02 am

Please log in for more thread options

Posted by M.Butzin on April 6, 2008, 2:31 am

Please log in for more thread options

> Daniel wrote:

>> My pc will not allow me to turn on my firewall. It tells me the group

>> policy has been set to disallow me to change the settings. I am the only

>> person who uses this pc and it is in my home. I have ran avast

>> anti-virus and found a trojan in my iexplore.exe and service.exe files.

>> I have attempted to remove them repeatedly and then run another scan but

>> they keep returning. I would like to get my security center back on and

>> under my control. Can someone please help me?

>> I am operating with Windows Vista Home Premium. Thank you

> Go through these general malware removal steps systematically -

> http://www.elephantboycomputers.com/page2.html#Removing_Malware

> Include scanning with David Lipman's Multi_AV and follow instructions to

> do all scans in Safe Mode. Please see the special Notes regarding using

> Multi_AV in Vista.

> http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

> http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html -

> download site

> The site is in German but David's tool is in English so don't let that

> worry you. Scroll all the way down to almost the bottom of the page and

> you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".

> You'll see "Download von www pctipp.ch" and the live link to download

> Multi_AV.

> You can also check to see if there are targeted removal steps for your

> malware here:

> Bleeping Computer removal how-to's -

> http://www.bleepingcomputer.com/forums/forum55.html

> When all else fails, run HijackThis and post your log in one of the

> specialty forums listed at the first link above (not here, please).

> Not all tools used will work in Vista and you will need to run them

> elevated. If you are unable to remove the infection by following the

> general steps, register at one of the HijackThis forums as suggested.

> Standard caveat: If the procedures look too complex - and there is no

> shame in admitting this isn't your cup of tea - take the machine to a

> professional computer repair shop (not your local version of

> BigComputerStore/GeekSquad). Please be aware that not all local shops are

> skilled at removing malware and even if they are, your computer may be so

> infested that Windows will need to be clean-installed. Have all your data

> backed up before you take the machine into a shop.

> Malke

> --

> Elephant Boy Computers

> www.elephantboycomputers.com

> "Don't Panic!"

> MS-MVP Windows - Shell/User

Malke,
But won't you transfer the virus to the backup?

Marc B.

Posted by Malke on April 6, 2008, 10:28 am

Please log in for more thread options

M.Butzin wrote:

Snipping judiciously when quoting is wise.

> Malke,

> But won't you transfer the virus to the backup?

What virus? What backup? Are you talking about my warning to always try and
backup data before taking the machine to a professional? Then yes, of
course one will want to scan the data before putting it back onto a clean
machine. That is simply common sense. But there is no reason to throw out
tons of non-infected pictures of "baby's first steps" in a panic!

Or was there something else you wanted to know?

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

Posted by M.Butzin on April 8, 2008, 2:09 am

Please log in for more thread options

> M.Butzin wrote:

> Snipping judiciously when quoting is wise.

>> Malke,

>> But won't you transfer the virus to the backup?

> What virus? What backup? Are you talking about my warning to always try

> and

> backup data before taking the machine to a professional? Then yes, of

> course one will want to scan the data before putting it back onto a clean

> machine. That is simply common sense. But there is no reason to throw out

> tons of non-infected pictures of "baby's first steps" in a panic!

> Or was there something else you wanted to know?

> Malke

> --

> MS-MVP

> Elephant Boy Computers

> www.elephantboycomputers.com

> Don't Panic!

No, I am concerned that if a person sets up their computer to "automatically
back up their system on a certain date and time" and later discover that
their system has been infected, then they'll have a harder time restoring
their system, unless the virus doesn't transfer to a system settings only
backup. Norton and Windows, as you know allows this to be done on a schedule
in the back ground, while the user continues until their system begins
acting weird . Which leads to a false sense of security, right? Pointing out
that even the back up "maybe/is infected" and if they use a system restore
can continue to have problems.

Inexperienced users think "Oh, I backed up my system automatically two days
ago" I'll just restore to that point and all is fine. The reality maybe that
they are just starting over with a Trojan or Virus.<> Is there a way to
ensure that a back up is Virus~Trojan free? <> I back up to a portable HD
after a scan but I am even suspicious of that. I just down loaded Ad Aware
and my PC would not let me extract it, but (Spybot S&D & Norton 360) ran
fine without finding anything (Windows Vista Home Prem) but when I ran MS
Malicious Software Removal Tool, it did fix the problems.

Article ID : 890830
Last Review : March 11, 2008
Revision : 44.3

Similar Threads	Posted
Clamwin, Windows Vista and Security Center	November 3, 2007, 11:53 am
XP SP2 Security Center Question	July 19, 2005, 3:47 pm
Spybot results .... Windows Security Center	August 11, 2005, 7:30 am
DSO Exploit/Windows security center.antivirusDisableNotify and	August 30, 2005, 8:27 pm
Security issue with MS Exchange and Windows 2003 Server	November 28, 2005, 5:05 pm
Microsoft update virus security issue (W2k SP4) error: 0x8DDD0002	August 18, 2005, 1:17 pm
Media Center Edition and AV	March 8, 2006, 1:35 am
How do I make windows sec. center detect my own developed antiviru	September 30, 2007, 6:46 pm
backdoor:Win32/Hackdef.L C:\program files\Adobe Help center\Browser\es262-32.dll	November 22, 2006, 2:08 pm
Vista is infected.	March 6, 2008, 5:14 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML Sitemap

XML Sitemap