View Full Version : File unable to be cleaned
techinstructor
2014-02-11, 01:00
Hi,
I'm running Windows 7 Home Premium (64 bit) and ESET Smart Security 5 Version 5.2.9.1. Upon startup I had a red flag in my Windows Action Center that informed me that I needed to start the Windows Security Center. I attempted to do this, but was not able to.
Microsoft support led me to the Security Center Properties and told me to choose "Log On" and click "Browse" to enter the name of my computer (which is an Asus K52JC notebook, if that matters). When I enter my computer name I get an error message, "An object (User or Built-in security principal) withe the following name cannot be found: "timobile". Check the selected object types and locations for accuracy (they look correct to me) and ensure that you have typed the object name correctly, (it is correct) or remove this object from the selection. Windows support suggested the possibility of malware if the service would not start after this step.
When I try to start the service, I get this message: "Windows could not start the Security Center service on Local Computer. Error 1068: The dependency service or group failed to start."
So after checking the ESET logs and seeing that all was well and up to date - no evidence of any recent activity in the logs, I ran Malwarebytes (nothing found) and then Spybot Search and Destroy which found some registry issues, all of which it was able to fix except for 1 (HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSD\General\ -- I didn't understand what the threat was, only that it was unable to clean it. Interestingly, when I looked this up in the registry, one of the items in the General folder was ComputerName.
So, my questions are:
1) Should I even be concerned with this issue? I wondered if I even needed to run Windows Security Center if I'm running ESET.
2) If I do need to run Windows Security Center, then does anyone have any suggestions as to what steps I could try from this point?
Thank you for your help.
Some antiviruses disable the Windows Security Center,because they have a security center of their own,but on searching,I couldn't find anything about Eset having that,plus you probably wouldn't all of a sudden get the red flag from action center if that was the case.
Btw,when looking for the above info,I saw you have a reply from somebody at Eset forum.Small world,eh? :D:
From the looks of this
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSD\General\,plus you finding Computer Name in the registry,I'm almost certain that is just a usage track:
http://www.safer-networking.org/faq/usage-tracks/
To be surer on that,you could post a logfile.To make it easier to tell you how to post a logfile,could you let me know if you're running Spybot 1.6.2 or Spybot 2.1/2.2? :)
You were following this from Microsoft?
http://support.microsoft.com/kb/2519899
I'd like to try a different way,and see what happens.
Please go back into Services,click on Security Center,rightclick and select Properties,then click the Dependencies tab.
Under "this service depends on the following system components",is Remote Procedure Call (RPC) and Windows Management Instrumentation listed there?
If they are,close the properties window,then go back out and scroll through Services until you find the Remote Procedure Call (RPC) service,and make sure it is started.(You can pull the line beside 'Names' over a bit with your mouse if the services are difficult to see.)
If that's okay,then scroll until you find Windows Management Instrumentation,click on it,and check to see if that started.If it isn't going,then click Start.(If the service was stopped and you get an error when starting it,please tell me.)
If Windows Management Instrumentation was stopped and started when you told it to,go back to Security Center,and try starting it again.
techinstructor
2014-02-11, 06:14
You were following this from Microsoft?
http://support.microsoft.com/kb/2519899
Yes, that was my guide.
I'd like to try a different way,and see what happens.
Please go back into Services,click on Security Center,rightclick and select Properties,then click the Dependencies tab.
Under "this service depends on the following system components",is Remote Procedure Call (RPC) and Windows Management Instrumentation listed there?
If they are,close the properties window,then go back out and scroll through Services until you find the Remote Procedure Call (RPC) service,and make sure it is started.(You can pull the line beside 'Names' over a bit with your mouse if the services are difficult to see.)
If that's okay,then scroll until you find Windows Management Instrumentation,click on it,and check to see if that started.If it isn't going,then click Start.(If the service was stopped and you get an error when starting it,please tell me.)
If Windows Management Instrumentation was stopped and started when you told it to,go back to Security Center,and try starting it again.
Ok....Nothing was listed under "this service depends on the following system components"
Remote Procedure Call had been started, but not Windows Management Instrumentation.
When I tried to start Windows Management Instrumentation, I got the following error:
"Windows could not start the Windows Management Instrumentation service on Local Computer. Error 2: The system cannot find the file specified."
As an aside, which may or may not be related.... I am really behind on my Windows Updates because the Updater quit working properly several months ago and I was not able to repair it. It will alert me to the files I need to update, but if I try to download and install the files with the updater, I get an error message and the update in never completed. The only way I can do the updates is to manually download and install each file individually which takes forever, so I procrastinate and have gotten behind. I'm wondering now if might be affected by the Windows Management Instrumentation service, though it wasn't listed in the dependencies.
Thanks for the help.
You're welcome. :)
As an aside, which may or may not be related.... I am really behind on my Windows Updates because the Updater quit working properly several months ago and I was not able to repair it. It will alert me to the files I need to update, but if I try to download and install the files with the updater, I get an error message and the update in never completed. The only way I can do the updates is to manually download and install each file individually which takes forever, so I procrastinate and have gotten behind. I'm wondering now if might be affected by the Windows Management Instrumentation service, though it wasn't listed in the dependencies.
The security center is listed as dependent on Windows Management Instrumentation in Windows 7.
http://www.blackviper.com/windows-services/windows-management-instrumentation/
I'm thinking if the service was stopped you would have had a red flag from the action center several months ago.I'm not saying No,but a conditional probably not. :)
When searching for a solution,I saw your post from November last year:
https://forum.eset.com/topic/1365-win32kryptikbojt-trojan-variant-found/
Which makes me feel kind of weird,since this is the second time it happened,but it was purely accidental. :red:
But in light of that,I think I'll ask if you would post in the malware forum here,in case there is anything left of the trojan,as things do not seem quite right with your computer even now.
If you do post in malware removal,then please follow this:
"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance))
And if you don't mind,link to this topic here,so whoever helps you can see everything here.
And this is malware removal:
http://forums.spybot.info/forumdisplay.php?22-Malware-Removal
techinstructor
2014-02-11, 22:29
The security center is listed as dependent on Windows Management Instrumentation in Windows 7.
http://www.blackviper.com/windows-services/windows-management-instrumentation/
I'm thinking if the service was stopped you would have had a red flag from the action center several months ago.I'm not saying No,but a conditional probably not. :)
The flag very well may have been there for some time. The recommendation to start the Security Center, does not always appear and I confess to being laxed about managing error messages and updates. I share my notebook with my husband and don't use it for extended periods too often. I usually just do a quick check on things, e.g. email, news, etc and then give it back to him. I should be more diligent in keeping up with the operating side of things. My husband doesn't mess with any of that. He just wants it to work right! But to get back to the subject.... the computer has had "issues" for some time now.
When searching for a solution,I saw your post from November last year:
https://forum.eset.com/topic/1365-win32kryptikbojt-trojan-variant-found/
Which makes me feel kind of weird,since this is the second time it happened,but it was purely accidental. :red:
But in light of that,I think I'll ask if you would post in the malware forum here,in case there is anything left of the trojan,as things do not seem quite right with your computer even now.
I wondered this as well. The issue with Windows updater started prior to the trojan (last summer to be specific). But since the trojan, my ASUS Control Deck always stops working on startup. There don't seem to be any other ramifications from this, other than the message appears after each startup. I tried reinstalling to no avail. I've also had problems with my Elan trackpad for about a year. I can't disable it and cannot turn off touch to click which makes typing fun, since the cursor will just suddenly change positions. So my notebook is really a mess. I'm considering doing a system recovery and starting over, but I don't want to do that if until I know it's clean.
I'm in the process of getting the logs and backing up my registry. I will move the thread to "Malware Removal" and look for further responses there.
Thank you again. I used to be pretty savvy with computers, but I'm truly brunt out on keeping up with the complexity of the machines and operating systems of today. Still if I want to use it, I have to "suck it up" and learn new stuff. :D:
You're welcome. :)
My husband is the exact same way.Though to be fair,he dealt with everything when I spilled a Tim Horton's on my laptop.Maybe he could be a computer coffee spiller technician fixer upper or something,he. :D: Now I have to use an external keyboard.Oopsie!
Good luck in malware removal.It usually takes a couple days for a reply.And if you don't get a reply after 4 full days,there is a waiting room in there,also. :)