Windows Vista Forums

Security Center, firewall, and system restore disappeared or disabled after Virus

  1. #1



    Newbie
    Join Date : Dec 2011
    Posts : 1
    Vista Home Basic 32bit
    Local Time: 07:54 AM

    Security Center, firewall, and system restore disappeared or disabled after Virus

    My computer running vista recently caught the windows vista 2012 antivirus virus. After I cleaned my system using malware bytes and a tutorial online I couldn't do a system restore, find my security center or firewall under services.msc. Is there any way I can restore these?? Any help would be very much appreciated as I need this computer to be safe again. Thank you in advance!

      My System SpecsSystem Spec

  2.   


  3. #2
    Yard Dog's Avatar

    Senior Member



    Join Date : Oct 2011
    Central Florida in a small town
    Posts : 2,175
    Vista Home Basic. 32 bit SP 2
    Local Time: 08:54 AM
    usa us florida

     

    Re: Security Center, firewall, and system restore disappeared or disabled after Virus

    Hello, you may not have got it all, use automated instructions here : Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)

      My System SpecsSystem Spec

  4. #3
    Wide Glide's Avatar

    Junior Member
    Join Date : Dec 2011
    Central Louisiana
    Posts : 10
    Vista Home Premium 64 bit
    Local Time: 07:54 AM
    usa us louisiana

     

    Re: Security Center, firewall, and system restore disappeared or disabled after Virus

    If you are still needing assistance, please refer to the following removal guide as outlined below. This is to insure no steps have been skipped.

    NOTE: DO NOT do any cleaning until instructed to do so, Do to the nature of this Malware, System Files could by accident be deleted

    Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)

    It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.


    Step 1.
    This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes.

    FixNCR.reg

    Once that file is downloaded, Double-click on the FixNCR.reg file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step

    Step 2.
    Now we must first end the processes that belong to Win 7 Antispyware 2012 & Vista Antivirus 2012 and clean up some Registry settings so they do not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.

    RKill Download Link

    Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Win 7 Antispyware 2012 & Vista Antivirus 2012 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Win 7 Antispyware 2012 & Vista Antivirus 2012 when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Win 7 Antispyware 2012 & Vista Antivirus 2012 . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead.

    • Do not turn off computer until after running Malwarebytes when using rkill or the process will have started again and you will have to start over.
    • Vista and Windows 7 users, right click and click run as administrator.
    • Keep running Rkill until no malicious processes are detected

    Step 3.

    There have been reports of this infection being bundled with the TDSS rootkit infection. To be safe you should also run a program that can be used to scan for this infection. Please follow the steps in the following guide:


    How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
    If TDSSKiller requires you to reboot, please allow it to do so.



    Step 4.
    Lets run another scan with Malwarebytes' (Mbam), Updating first to the latest database(if posible, if not continue)

    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • If it asks for a Restart DO SO, Very Important
    • PLease post this log in your next reply

    Step 5.
    Now please download SUPERAntiSpyware and save to Desktop



    • Double-click the icon on your desktop named SUPERAntiSpyware.exe. This will start the installation. Keep following the prompts in order to continue with the installation process.
    • Please select your language you want the program to use and then press the OK
    • You will now be prompted to update the SUPERAntiSpyware definitions. Please press the Yes button to allow the program to download and install the latest updates
    • After the definitions are updated, the welcome screen for SUPERAntiSpyware will appear.
    • When you get to the screen asking if you would like to send the diagnostics, you can choose to allow it to or not. Either choice will have no affect on the effectiveness of its malware scan. When you get to the last screen, click on the Finish button.
    • You will now be prompted if you would like SAS to protect your home page. If you select the Protect Home page option, SUPERAntiSpyware will alert you if another program is trying to change your browser’s home page. Click Yes
    • Then you will be at the main screen for SUPERAntiSpyware. Click the Preferences button, then Scanning Control tab, and put a checkmark in the following options
      • Close browsers before scanning.
      • Scan for tracking cookies.

    • Now press the Close button to go back to the main screen.
    • Click on the Scan your Computer… button to begin the scanning process. You should select the Perform Complete Scan option and then press the Next button to start scanning your computer.
    • When the scan is finished a screen will appear showing the summary of what was detected. You should click on the OK button to close the summary screen box and continue with the removal process.
    • You should now click on the Next button to remove all the listed malware. If it displays a message stating that it needs to reboot, please press the Yes button to allow it to do so. VERY IMPORTANT to DO
    • Click the Repair Tab after the restart if any issues still remain and SAS will atempt to fix them. Please check all boxes and then click Repair Selected Items

    Step 5.


    Download DDS and save it to your desktop
    Disable any script blocker if your Anti-Virus/Anti-Malware has it.
    Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
    Then double click dds.scr to run the tool.
    When done, the DDS.txt file will open.
    Click Yes at the next prompt for Optional Scan.


    • When done, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt



    • Save both reports to your desktop
    • Please include the following logs in your new topic that you will create: DDS.txt and Attach.txt
    • YOu may attach these 2 logs



    ~~~~~~~~~~~~~~~~~~~~~
    LOgs to reply with:

    • Mbam Log (Copy & Paste)
    • DDS.txt
    • Attach.txt




    Last edited by Wide Glide; 28 Dec 2011 at 04:32 PM. Reason: miss spelling
      My System SpecsSystem Spec

  5. #4



    Newbie
    Join Date : Jan 2012
    Houston
    Posts : 1
    Vista Home Premium 32bit
    Local Time: 06:54 AM
    usa us texas

     

    Re: Security Center, firewall, and system restore disappeared or disabled after Virus

    I had the same problem after following all the procedures in this thread to remove the Vista Security 2011 Virus. All was repaired but the Security Center.
    I used a registry fix at the link below that restored the Security Center and solved my problem.
    Be sure to read the entire thread and save your registry before attempting to run the fix. Windows Security Center Service has been removed - Microsoft Answers

    This resolved issues with bfe, security center, firewall, defender, and network discovery.

    Last edited by Animal Ed; 04 Feb 2012 at 04:04 PM. Reason: Added Information!
      My System SpecsSystem Spec


Security Center, firewall, and system restore disappeared or disabled after Virus
Similar Threads
Thread Forum
Virus, now cant open security center System Security
Security Center won't start/ is being disabled System Security
Re: Windows 2003 System Restore Disabled Server General
System Restore has disappeared General Discussion
Solved Mcafee Security Center will not work after System Restore System Security