PDA

View Full Version : Spybot fixes error which then re-appears !



mariner77
2009-05-08, 05:41
Hi there,

When I run a SPybot S&D (or Malware Bytes antiMalware) I get an error:

Microsoft.WindowsSecurityCenter.AntiVirusOverride - 1 entries security (Spybot S&D)

and for MalwareBytes:

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I apparently removed succesfully on both, but it keeps cropping up on Spybot S&D all the time when I do repeat scans.

Indeed when I was infected, I got a red shield popup on startup saying "Your computer may be at risk"
and I had to go into Control Panel-> Security Centre -> and click on the anti virus "recommendations" button to select
"I have an anti-virus program that I'll monitor myself".

I've done this several times, sometimes I still get the red shield warning up and sometimes not.

The results when I do these scans also seem inconsistent.
At one point I thought I had removed it after running both scans, but now it's cropped up again in Spybot.

I've also removed an "Adware.Agent" entry using Malware bytes when I thought I was clean:

Files Infected:
C:\System Volume Information\_restore{77CE76F8-E959-472D-9FDE-5F909B65082F}\RP1848\A0582040.exe (Adware.Agent) -> Quarantined and deleted successfully.

Right now, Malwarebytes runs clean but Spybot S&D still finds the error again, even after fixing it, shutting down and restarting.
And upon statup I still get the "Your computer may be at risk" red shield message associated with my anti-virus settings.
(though I went through a period where it didn't appear and thought it was fixed)

Bearing in mind I've already tried removing it myself what do I need to do ?
Post a HJT log ?

Thanks in advance.

mariner77
2009-05-08, 06:43
Oh just to expand on the Spybot error (if it helps....)

(SBI $3604910C) Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride (is not) dword:0

With "Kind" showing "Registry change" on the right hand side.........

drragostea
2009-05-09, 02:58
Hm... It could be possible that your AV was not recognized by Windows Security Center or it did not integrate properly into Security Center when it was installed. What AV do you use?

This detection by Spybot is giving you a head's up that the monitoring of your AV has been disabled (by the user [most likely since you said you did that]). That might explain why you constantly get that red shield warning. You fix it in the Spybot and you tell Security Center to ignore it.

mariner77
2009-05-09, 07:06
Hm... It could be possible that your AV was not recognized by Windows Security Center or it did not integrate properly into Security Center when it was installed. What AV do you use?

This detection by Spybot is giving you a head's up that the monitoring of your AV has been disabled (by the user [most likely since you said you did that]). That might explain why you constantly get that red shield warning. You fix it in the Spybot and you tell Security Center to ignore it.

Let me put it another way........

If I select "I have an antivirus program that I'll monitor myself", then I run a Spybot scan, fix the error and shutdown, should I get the red shield up again with my security center setting (that I chose before I shutdown) reversed when I re-start ?

If not(as would seem logical) then what advice do you have to fix the problem ?

By the way, when you said, "most likely since you said you did that", I only did it AFTER it was initially disabled by "someone" else(as in the actual Spybot error description......)

Hope that basic logic makes sense.

drragostea
2009-05-10, 05:06
If I select "I have an antivirus program that I'll monitor myself", then I run a Spybot scan, fix the error and shutdown, should I get the red shield up again with my security center setting (that I chose before I shutdown) reversed when I re-start ?
No, because if you fix it, Spybot resets the registry value of the Security Center. When you tell Windows that you'll monitor your AV status yourself, the registry value is changed to 1. When Spybot fixes it, it is resetted to 0 (default value). So you're going in a circle. As long as you keep fixing it and telling Windows that your going to monitor your AV, it's not going to work.

You never answered my question about what AV program you used.

mariner77
2009-05-10, 06:35
No, because if you fix it, Spybot resets the registry value of the Security Center. When you tell Windows that you'll monitor your AV status yourself, the registry value is changed to 1. When Spybot fixes it, it is resetted to 0 (default value). So you're going in a circle. As long as you keep fixing it and telling Windows that your going to monitor your AV, it's not going to work.


Fair enough, but the fact that I never changed the security setting myself before "someone" changed it, meant that it didn't matter whether I changed it or not.
I still got the error, even after Spybot said it had fixed it, regardless of whether I changed the security setting or not.



You never answered my question about what AV program you used.

I'll tell you what happened to me.......

I was using AVG Free Edition and this what Windows recognized as my AV.

I was being censored on youtube(believe what you like) and almost instantly I got the red shield pop up with "Your AVG may be out of date".....

Hence the "anti-virus override" error....... ?

Panicking a bit, I shut down my computer quick and saw a strange task named like "[[[[[[[[[[[[[[" (or something similar) ending.........

Then logging back on, I uninstalled AVG(hey if you get an AVG error at the exact same time as being censored and having weird tasks cropping up, you tend not to trust that either....) and tried resetting security centre to "I have my own antivirus program", and then went round in the circle trying to get Spybot to fix it.

The good news is, after slagging off Spyware Doctor (for other reasons) I ran a full scan and found errors, one of which was a trojan relating I think to the "System Volume Information" restore folder. (my memory isn't great)

Anyway, since then I don't get the error anymore. (touchwood), so I think this is solved.

One things for sure, it certainly wasn't me who changed the security setting, more likely some good soul censoring at youtube..........

Now my e-mail that I registered with youtube has in it's Junk folder an e-mail "Try out IP to location database" sent at the exact same time.

Oh yeah, I'm so scared big brother........ :fear: :rolleyes:

Think youtube, think c*ns**s*ip, think power-grabbing scumbags and their IT minnions who don't want the truth getting out and will do anything to stop free speech that reflects the real truth.

No wonder Rupert Muroch says "the internet will soon be over".......

www.infowars.com

Matt
2009-05-10, 11:55
Hi mariner77,



One things for sure, it certainly wasn't me who changed the security setting

Aggressive Malware can do this as well... :fear:

Please remember... you can always do that (http://forums.spybot.info/showpost.php?p=304562&postcount=2), just to make sure that you're really clean.

drragostea
2009-05-10, 19:52
I was being censored on youtube(believe what you like)
I don't know what that means, I don't jump to conclusions.
The Antivirus override detection made by Spybot was probably because that red shield popped up. Does this happen each time you visit Youtube? Any Youtube video?

Censored... that could possibly hint that your ISP or your area might be blocking access to some sites.

mariner77
2009-05-10, 22:02
Hi mariner77,

Aggressive Malware can do this as well... :fear:

That's exactly what I think it was too........
[/QUOTE]



Please remember... you can always do that (http://forums.spybot.info/showpost.php?p=304562&postcount=2), just to make sure that you're really clean.

Thanks, I nearly did, until I ran a spyware doctor scan, found a trojan(relating to financial phishing sites strangely) but it seems to have fixed it. (I got over 800 errors !) although to be fair 99.9% of these were "host file" errors....... Can't remember exactly.

So I think I'm ok as the error has now stopped appearing and I've also downloaded the 30 day trial for AVG, done complete scans and scanned for rootkits too.....

Suppose I'd like to be doubly safe and post a HJT but not really fair to post one now when I don't have any errors ! :laugh:
Or should I ?

Thanks for your help.

drragostea
2009-05-10, 22:06
Or should I ?
Your choice.

mariner77
2009-05-10, 22:47
I don't know what that means, I don't jump to conclusions.

It means that I posted a comment they didn't like, and they stopped it from appearing. That's what happened I assure you.



The Antivirus override detection made by Spybot was probably because that red shield popped up.


I agree.



Does this happen each time you visit Youtube? Any Youtube video?


Never before, it's the first time it's happened.
Strangely at the same time as posting a comment relating to a site they are censoring now.....

I've always been able to access the site and post (unpolitical) comments at will (and I guess I probably still can unless they've turned off my "commenting" ability full stop)

Here are some articles that explain what's happening.
Its' totally safe I assure you.......

You Tube In Egregious Censorship Of Alex Jones Channel
(http://www.prisonplanet.com/you-tube-in-egregious-censorship-of-alex-jones-channel.html)

You Tube Censors Hugely Popular "Question Your Reality" Video (http://www.prisonplanet.com/articles/march2008/070308_c_censors.htm)

"After receiving over 50,000 views in a few hours and on its way to shoot to the top of the most viewed chart, You Tube brazenly pulled a popular video from their rankings system Friday in an act of wanton censorship.

"Question Your Reality," a stirring and well put together video montage featuring talk show host Alex Jones was rocketing up the charts, already having reached number 2 most viewed on News and Politics and soaring up the general most discussed and most viewed categories.

A moment later, it was nowhere to be seen as You Tube cleared the slate and prevented the clip from going completely viral."

More Political Censorship at YouTube (http://www.infowars.com/more-political-censorship-at-youtube/)

"Popular YouTube contributor NufffRespect reports that Google-owned YouTube has monkey wrenched with his channel. In the information column on the video included here (The Queen’s 2008 Christmas Message), he asks: “…why has YouTube got rid of all the honors on my last video and on my channel? This channel is at No.16 Most Subscribed UK (ALL TIME), and No.13 Most Viewed UK (ALL TIME) but now YouTube has removed this channel from these lists. Why?”



Censored... that could possibly hint that your ISP or your area might be blocking access to some sites.


Well if they are blocking sites, then I've yet to find a site I can't access....

Anyway, thanks for your help.

Please do read the articles and watch the vidoes.
At the end of the day there's an important issue of "net neutrality" (and free speech) at stake here that concerns everybody who wants to see it continue......

P.S Incredible - just watching a youtube video myself that was pulled as I was watching it ! :sad: