After malware attack I can't turn security center and windows defender on!

HI!

I have a huge problem. My computer was attacked by malware a few days ago. I immediately ran a full scan with my Antivirus (AVG Internet Security Business Edition 2012). It found 3 threats and I deleted them. Now, I've noticed that even though I have the pop up blocker turned on, pop up windows open steadily. I'm currently using Google Chrome and I even installed the AdBlocker extension, which makes it a little bit better. Now, every time I open a new website, AVG alerts me that it found a threat and that it has been successfully removed. Problem is, when I check the AVG log and the Virus Vault, it is all empty. A repeated full scan don't show any results. Today I also noticed, that I can't open my Windows Defender. Whenever I try to turn it on, I get an error:
"Windows Defender encountered an error: 0x80070424. The specified service does not exist as an installed service." Then I tried to access the Security Center and when I open it, it tells me Security Center is turned off. Now, when I try to turn it on, it tells me: "The Security Service can't be started." Also, Windows Firewall service is not running either. When I try to update the firewall settings, it tells me: "Windows Firewall was unable to make the requested updates". Trying to turn Windows Firewall on, also fails. Error message "Due to an unidentified problem, Windows cannot display Windows Firewall settings." AND: 2 Windows Security updates failed as well. Security Update for Windows Vista (KB2633171) and Security Update for Windows Vista (KB2507618).

I'm really really desperate and don't know what to do. I've looked up several forums, but can't really find answers. I'm not a computer genius,... so I really need help! I really would appreciate it, if somebody can help me! I attacked several attachments.
:cry:

Thanks!
 

Attachments

  • AVG Event History.jpg
    AVG Event History.jpg
    200.6 KB · Views: 289
  • Security Center.jpg
    Security Center.jpg
    45.4 KB · Views: 304
  • Windows Firewall.jpg
    Windows Firewall.jpg
    41.5 KB · Views: 180
  • Windows Defender.jpg
    Windows Defender.jpg
    63.8 KB · Views: 172
  • Update history.jpg
    Update history.jpg
    155.1 KB · Views: 92
  • Properties.jpg
    Properties.jpg
    60.7 KB · Views: 131

My Computer

Tried System Restore to go back to before all this happened? If necessary you can get to it easily in Safe Mode (tap F8 repeatedly while booting up) and choose 'Safe Mode with Networking' for a reason I'll explain in a second.
System Restore is under Start/All Programs/Accessories/System Tools or go to Start/Run and type in rstrui.exe and click OK or Enter. It will initiate OK in this mode while the infection or whatever it is, can't.

Failing that you can do all the following in this mode:

Download, install, update (important) and then run a full scan using the FREE version of this tool: Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer

Hopefully that will rid you of whatever it is.
 

My Computer

System One

  • Operating System
    Win 10 Pro x64 x 2
    Manufacturer/Model
    Alienware ALX x58
    CPU
    Intel® Core™ i7-975 Extreme O/C to 4.02 GHz, 8MB Cache
    Motherboard
    Asus® P6T Deluxe V2 X58 LGA1366
    Memory
    24GB Corsair Vengeance DDR3 SDRAM at 1600MHz - 6 x 4096MB
    Graphics Card(s)
    1792 MB NVIDIA® GeForce® GTX 295 Dual Core
    Sound Card
    Onboard Soundmax® High-Definition 7.1 Performance Audio
    Monitor(s) Displays
    Samsung XL2370 HD LED backlit 23" W/S 2ms response time
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 x 500gb SATA II
    1 x 1TB SATA II
    1 external eSATA LaCie 3TB
    (Non-RAID)
    PSU
    Alienware® 1200 Watt Multi-GPU
    Case
    Unique
    Cooling
    4 case fans @ CPU water cooling.
    Internet Speed
    1gb/s up and down
If the above does not work, uninstall your anti virus and Defender. You can just reinstall, but I would use Malwarebytes and Microsoft Security Essentials, which has Defender included.
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Hello Ex_Brit!
First of all, thanks for the advise. I still would like to ask you another question though... How do I know if I have restore points? I tried to get to restore it through Control Panel and Backup and Restore Center, but it told me that I don't have any restore points. It must have been wiped out or something. So, as I'm not really too good in all this, I'm not sure if I should follow the steps you explained me. Any advise?
 

My Computer

Hello richc46!
Thanks for your advise as well. I already have installed Malwarebytes and it runs and runs forever. I currently have AVG Internet Security Business Edition 2012, that's why it wouldn't let me install Microsoft Security Essentials. Now, if I uninstall AVG and install Microsoft Security Essentials instead, will that be enough protection? Or should I consider exchanging Microsoft Security Essentials later on with AVG again?
 

My Computer

Try initiating System Restore in Safe Mode with Networking, it will tell you there if there are restore points. If there aren't any then follow the suggestion to run Malwarebytes in that mode after updating it. In that mode there shouldn't be anything to stop Malwarebytes or delay it.
 

My Computer

System One

  • Operating System
    Win 10 Pro x64 x 2
    Manufacturer/Model
    Alienware ALX x58
    CPU
    Intel® Core™ i7-975 Extreme O/C to 4.02 GHz, 8MB Cache
    Motherboard
    Asus® P6T Deluxe V2 X58 LGA1366
    Memory
    24GB Corsair Vengeance DDR3 SDRAM at 1600MHz - 6 x 4096MB
    Graphics Card(s)
    1792 MB NVIDIA® GeForce® GTX 295 Dual Core
    Sound Card
    Onboard Soundmax® High-Definition 7.1 Performance Audio
    Monitor(s) Displays
    Samsung XL2370 HD LED backlit 23" W/S 2ms response time
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 x 500gb SATA II
    1 x 1TB SATA II
    1 external eSATA LaCie 3TB
    (Non-RAID)
    PSU
    Alienware® 1200 Watt Multi-GPU
    Case
    Unique
    Cooling
    4 case fans @ CPU water cooling.
    Internet Speed
    1gb/s up and down
Hello richc46!
Thanks for your advise as well. I already have installed Malwarebytes and it runs and runs forever. I currently have AVG Internet Security Business Edition 2012, that's why it wouldn't let me install Microsoft Security Essentials. Now, if I uninstall AVG and install Microsoft Security Essentials instead, will that be enough protection? Or should I consider exchanging Microsoft Security Essentials later on with AVG again?

I, plus most of the knowledgeable members here, use only Malwarebytes (free version) and Microsoft Security Essentials; it is definately enough. You do realize that no matter what you use common sense is essential. Stay away from the sites that we all know are trouble, such as porn and downloads that are too good to be true. Stay away from free stuff like icons etc. too.
Also, Defender is included with Security Essentials.
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
Hello!
Ok,... so I ran Malwarebytes the Microsoft Safety Scanner, Microsoft Security Essentials and ComboFix in Safe Mode with Networking. It cleaned everything out and the latest scan of Malwarebytes didn't find anything. Now, I tried to turn Windows Firewall and the Windows Security Center on, and it still gives me the same errors. Does that mean that some important files got damaged? If yes, how can I fix them?
 

My Computer

You used combofix? That should only be used by someone highly trained in it's use otheriwse it can severely damage a system. I think that you have some corruption which could have been caused by combofix or by the virus. Try SFC: http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html

Not to contradict the others but I wouldn't try a restore point when you have a known virus attack because a virus could be hiding in those files. If you are sure that your system is clean IMO you should dump the restore points and create a new one. http://www.vistax64.com/tutorials/76332-system-restore-point-create.html In the window shown if you uncheck the box and hit apply the restore points will be deleted but don't forget to turn it back on.
 

My Computers

System One System Two

  • Operating System
    Windows 8.1 Industry Pro x64
    Manufacturer/Model
    HP Pavillion Elite HPE-250f
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF
    Screen Resolution
    1920x1080 &1680x1050
    Hard Drives
    1 TB x2
    Other Info
    https://www.cnet.com/products/hp-pavilion-elite-hpe-250f/
  • Operating System
    Windows 2012 R2 Data center/Linux Mint
    Manufacturer/Model
    Dell Poweredge T140
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 360 GB x2
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
Hello townsbg!
I have never used ComboFix before. I found a Guide on how to remove Malware and simply followed it.

Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware - Page 2

After all that it told me that I have a corrupt file and that I can find it in C:/Windows/Logs/CBS/CBS.log But I don't have access to open that file. How can I find out now which file is corrupt and how can I fix it?
After all I was able to turn my Security Center back on. Now, Windows Firewall I still can't turn on, nor can I run the Windows Updates as they fail. All the scans show that they didn't find anything infected on my computer and I have no more issues with Pop-Ups, but yet, my computer is very slow. What should I do next to get my computer back to running normal? And is there any other Anti Virus out there, that is recommended? We spend lots of time browsing on the internet and I'm afraid that Microsoft Security Essentials and Malwarebytes isn't enough. I had AVG Internet Security Business Edition 2012 installed and never had a problem before. But now I keep reading about the AVG Antivirus Virus!
 

My Computer

You need to use the Elevated Command prompt as indicated in the SFC tutorial.
 

My Computer

System One

  • Manufacturer/Model
    Emachine ET 1161-05
    CPU
    AMD Athlon 64 LE-1640
    Motherboard
    eMachines MCP61PM-GM (Socket AM2 )
    Memory
    2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
    Graphics Card(s)
    Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
    Screen Resolution
    1280x768 pixels
    Hard Drives
    ST316081 5AS SCSI Disk Device
    PSU
    MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
    Case
    Tower
    Cooling
    Fan Speed 1247 RPM
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    PS/2 Compatible Mouse
    Internet Speed
    http://www.speedtest.net/result/1538974261.png
You used combofix? That should only be used by someone highly trained in it's use otheriwse it can severely damage a system. I think that you have some corruption which could have been caused by combofix or by the virus. Try SFC: http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html

Not to contradict the others but I wouldn't try a restore point when you have a known virus attack because a virus could be hiding in those files. If you are sure that your system is clean IMO you should dump the restore points and create a new one. http://www.vistax64.com/tutorials/76332-system-restore-point-create.html In the window shown if you uncheck the box and hit apply the restore points will be deleted but don't forget to turn it back on.


I agree with all of this. I would never use a restore point on an infected computer.
Delete all old restore points and start fresh, but only after you fix the problem with security.
With luck the SFC scan will fix things for you.
Don't forget the restart after running sfc as sometimes it is unable to repair files that are in use.
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics Card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD
    1 x 120GB Hitachi 5400rmp
    1 x 650GB Western Digital Elements 5400rpm
    1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset.
    Only ever used a laptop.
    Also use USB Freeview TV Card
    Lenovo Docking Station
    External Speakers
    Other bits a pieces as needed

My Computers

System One System Two

  • Operating System
    Windows 8.1 Industry Pro x64
    Manufacturer/Model
    HP Pavillion Elite HPE-250f
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF
    Screen Resolution
    1920x1080 &1680x1050
    Hard Drives
    1 TB x2
    Other Info
    https://www.cnet.com/products/hp-pavilion-elite-hpe-250f/
  • Operating System
    Windows 2012 R2 Data center/Linux Mint
    Manufacturer/Model
    Dell Poweredge T140
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 360 GB x2
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
System restore has the potential to hold viruses that you just removed. Depending on the date of the restore point and the date you contracted a virus. After removing the malware the system restore points need to be cleared, then create a new clean restore point.
 

My Computer

Yes, it stands to reason after using System Restore to get rid of an infection that one should temporarily disable System Restore to clean the infected restore point. Sorry I should have spelled that out although it should be pretty obvious I would have thought.

Anyway, the thread is a year old. But good that you pointed that out, thanks.
 

My Computer

System One

  • Operating System
    Win 10 Pro x64 x 2
    Manufacturer/Model
    Alienware ALX x58
    CPU
    Intel® Core™ i7-975 Extreme O/C to 4.02 GHz, 8MB Cache
    Motherboard
    Asus® P6T Deluxe V2 X58 LGA1366
    Memory
    24GB Corsair Vengeance DDR3 SDRAM at 1600MHz - 6 x 4096MB
    Graphics Card(s)
    1792 MB NVIDIA® GeForce® GTX 295 Dual Core
    Sound Card
    Onboard Soundmax® High-Definition 7.1 Performance Audio
    Monitor(s) Displays
    Samsung XL2370 HD LED backlit 23" W/S 2ms response time
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 x 500gb SATA II
    1 x 1TB SATA II
    1 external eSATA LaCie 3TB
    (Non-RAID)
    PSU
    Alienware® 1200 Watt Multi-GPU
    Case
    Unique
    Cooling
    4 case fans @ CPU water cooling.
    Internet Speed
    1gb/s up and down
Back
Top