PDA

View Full Version : Disabled task manager, regedit, system restore, and windows auto update



finaldaze
2008-01-16, 06:18
First and foremost, thanks for a great product. It has found a few things that I was sure I had removed months back. Currently I have something adjusting settings in my registry to disable my task manager, regedit, system restore, and windows auto update. Spybot shows me what was changed and I go fix it but if I reboot they are disabled again. Where do I go from here? Thanks ahead of time for the help.

spybotsandra
2008-01-16, 12:09
Hello,

Which version of Spybot-S&D are you running?
Do you have the latest updates installed?

Which items do you mean exactly?
What are they named?

Best regards
Sandra
Team Spybot

finaldaze
2008-01-16, 13:38
I'm running spybot v. 1.5.0.9 and the lastest updates are installed.

This is what spybot found after the run through...

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $FD4267D3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1343024091-813497703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskM gr

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $D60CD1E3] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1343024091-813497703-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegis tryTools

Microsoft.WindowsSecurityCenter.RegistryTools: [SBI $E83B95F3] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableRegistryTools

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $B2E55F62] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2008-01-15 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-01-09 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-01-09 Includes\DialerC.sbi (*)
2008-01-09 Includes\HeavyDuty.sbi (*)
2007-12-26 Includes\Hijackers.sbi (*)
2008-01-09 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2008-01-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-01-09 Includes\Malware.sbi (*)
2008-01-09 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-01-09 Includes\PUPSC.sbi (*)
2008-01-09 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-01-09 Includes\SecurityC.sbi (*)
2007-11-07 Includes\Spybots.sbi (*)
2008-01-09 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2007-12-12 Includes\Trojans.sbi (*)
2008-01-09 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll

So I fixed them myself and everything was fine. After rebooting and trying to use task manager, again it was locked (greyed out). So I ran spybot again and it found the same errors so I let spybot fix them and rebooted again. Alas, they're back...

I know how to fix what is changing but I want to know what is changing it.

Thanks again.

spybotsandra
2008-01-16, 13:41
Hello,

Spybot - Search & Destroy is detecting Windows Security Center associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot-S&D to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot-S&D will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs do also disable the Windows Security Center in order to take care of things themselves.
The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Some more information is also available in our forum:
http://forums.spybot.info/showthread.php?t=87

Best regards
Sandra
Team Spybot

finaldaze
2008-01-17, 03:22
I understand that some AV software (I have Norton) can disable these setings so to test if Norton was changing them I disabled Norton and rebooted. I was still blocked from my task manager, registry editor and auto updates. If Norton is not blocking me, who is the "someone" that is?