Security Center reports multiple AVs & firewalls

Topic

New Reply

Win-XP SP3
Security Center incorrectly reports that multiple AVs and firewalls are running. I uninstalled all AV and firewalls and determined that the problem goes back 6 months when “Security Master AV” got into system. That was successfully removed (well, so I thought, anyway). Can’t find any registry entries (even offending CLSID removed!) or files/folders from that infection. Multiple AV/AM scans show system is clean.

Can anyone identify Security Center’s source for info it displays? Any other ideas as to where problem may originate or suggestions for resolution?

I have reinstalled firewall (ZA) and AV/AM (MSE V2), so I am good from that standpoint, but it would be great if Security Center issue were cleared up. Thanks!

Reply | Quote

Replies

Langa Letter: XP’s No-Reformat, Nondestructive Total-Rebuild Option

A repair install of Windows XP may resolve the issue with security center provided that the original trojan has been eliminated.

How to disable the security Center under windows XP?

Or you could just shut down all security center messages and warnings.
Windows XP’s security center is not too terribly effective imo at any rate.

Personaly, I’d shut down security centers warnings and messages before considering
the above repair option.

You need to be confident the trojan has been removed and
the messages are indeed a result of a corruption of the security center itself.

I recommend also running the free version of MBAM as a second opinion prior to
any of the above.

Reply | Quote

You need to be confident the trojan has been removed and
the messages are indeed a result of a corruption of the security center itself.

I would run your AV/AM in Safe Mode before I was “confident” that the trojan was removed. Have you done that?

Reply | Quote

http://www.bleepingcomputer.com/virus-removal/remove-security-master-av

Reply | Quote

Sorry, Ack … thanks for the input (and I didn’t mean for it to seem that I ignored your assistance).
Yes! That is exactly where I started when I removed it back in July, 2010. (bleepingcomputer,com is always a good place to start and is often the only info/instructions required!)
Double-checked all files and registry entries. Actually found that the filenames were different (common situation these days). Scanned system (including registry) for matches on all files and registry entries. Clean, clean clean. Only hits were on “Security Master” and these were only in the “Search MRU” entries.

Reply | Quote

MaBelleMichelle,
Where are my manners! As with “ack”, I simply passed right by your post. Sincere apologies to you (as well as reiterating them to “ack”).
Yes. Ran AV/AM in both Safe Mode and “normal startup”. I ran each AV/AM installed (as noted in my previous reply) plus MBAM which I updated just prior to first reboot into Safe Mode.
There are no symptoms of the infection on the system except that SC reports incorrectly. It’s a “head scratcher”, for sure! That is why I believe that SC is reporting “incorrectly”. (If I knew where it gathered its info from, I could at least know why this is occurring.)

Reply | Quote

Thanks, Clint.
Virus/Trojan Removal Status: This is a dead puppy. Dead, buried, and then banished to the netherworld.
Repair Install: Only value in this that I see would be to correct the problem by basically reinstalling. Not really worth the effort for this problem.
Shutdown SC Messages: Not a bad idea since two out of the three categories (AV/AM, Firewall, Automatic Updates) are valueless if I can’t find the solution. Still, this is basically a cosmetic solution (“Go away, child, you’re bothering me”).
I installed and ran COMODO, ESET, SuperAntispyware, and a few others already. Plus a couple of online scans. MBAM is always on the system as the free version is “on demand” and does not interfere with runtime software. Every one of them reports an absolutely clean system.

Still, I sincerely appreciate your response and hope you understand if I “hold out” to see if anyone knows the answer to where SC gathers its info from.

Reply | Quote

Hi,

See if the procedure explained here helps: http://www.pchell.com/support/multiple_antivirus_in_security_center.shtml

Regards

Rui

Reply | Quote

Rui,
Thanks for that. Sounds like it should solve the problem. Will do this and get back to you as soon as I can (not for a day or two probably, so please bear with me).

Reply | Quote

Rui,
Thanks for that. Sounds like it should solve the problem. Will do this and get back to you as soon as I can (not for a day or two probably, so please bear with me).

No problem, just let us know how it goes when you complete it.

Regards

Rui

Reply | Quote

Great “Fix” and hope it does the trick!!!

Reply | Quote

Rui, MaBelleMichelle, and everyone else who had advice for me:

Thanks much to all of you. Rui’s link to “pchell.com” was exactly what the doctor ordered. Worked great and took very little time to complete.

One thing, however: Upon reboot, Security Center was still reporting multiple firewalls (though the AV status was reporting correctly). I thought perhaps I may have checked too quickly after reboot, so I closed SC, waited a minute, and then looked again. Still the same! So I opened the Windows Firewall applet, noticed that the Windows Firewall was “OFF” (correct — I use ZoneAlarm on that system), and decided to turn the Windows Firewall “ON”, wait about 1 minute, turn it “OFF” again, wait 1 minute and then rechecked SC. Everything is being reported correctly now.

You guys may just be my best friends now! Thanks again (and again) !!

Reply | Quote

I am glad it’s finally solved :).

Reply | Quote