Security Center, firewall, and system restore disappeared or disabled after Virus

novajg

New Member
My computer running vista recently caught the windows vista 2012 antivirus virus. After I cleaned my system using malware bytes and a tutorial online I couldn't do a system restore, find my security center or firewall under services.msc. Is there any way I can restore these?? Any help would be very much appreciated as I need this computer to be safe again. Thank you in advance!
 

My Computer

My Computer

System One

  • Manufacturer/Model
    Emachine ET 1161-05
    CPU
    AMD Athlon 64 LE-1640
    Motherboard
    eMachines MCP61PM-GM (Socket AM2 )
    Memory
    2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
    Graphics Card(s)
    Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
    Sound Card
    Realtek High Definition Audio
    Monitor(s) Displays
    Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
    Screen Resolution
    1280x768 pixels
    Hard Drives
    ST316081 5AS SCSI Disk Device
    PSU
    MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
    Case
    Tower
    Cooling
    Fan Speed 1247 RPM
    Keyboard
    Standard PS/2 Keyboard
    Mouse
    PS/2 Compatible Mouse
    Internet Speed
    http://www.speedtest.net/result/1538974261.png
If you are still needing assistance, please refer to the following removal guide as outlined below. This is to insure no steps have been skipped.

NOTE: DO NOT do any cleaning until instructed to do so, Do to the nature of this Malware, System Files could by accident be deleted

Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.


Step 1.
This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes.

FixNCR.reg

Once that file is downloaded, Double-click on the FixNCR.reg file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step

Step 2.
Now we must first end the processes that belong to Win 7 Antispyware 2012 & Vista Antivirus 2012 and clean up some Registry settings so they do not interfere with the cleaning procedure. To do this, please download RKill to your desktop from the following link.

RKill Download Link

Once it is downloaded, double-click on the iExplore.exe icon in order to automatically attempt to stop any processes associated with Win 7 Antispyware 2012 & Vista Antivirus 2012 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Win 7 Antispyware 2012 & Vista Antivirus 2012 when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Win 7 Antispyware 2012 & Vista Antivirus 2012 . So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. If you continue having problems running RKill, you can download the other renamed versions of RKill from the rkill download page. All of the files are renamed copies of RKill, which you can try instead.

  • Do not turn off computer until after running Malwarebytes when using rkill or the process will have started again and you will have to start over.
  • Vista and Windows 7 users, right click and click run as administrator.
  • Keep running Rkill until no malicious processes are detected
Step 3.

There have been reports of this infection being bundled with the TDSS rootkit infection. To be safe you should also run a program that can be used to scan for this infection. Please follow the steps in the following guide:


How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
If TDSSKiller requires you to reboot, please allow it to do so.



Step 4.
Lets run another scan with Malwarebytes' (Mbam), Updating first to the latest database(if posible, if not continue)

  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • If it asks for a Restart DO SO, Very Important
  • PLease post this log in your next reply
Step 5.
Now please download SUPERAntiSpyware and save to Desktop



  • Double-click the icon on your desktop named SUPERAntiSpyware.exe. This will start the installation. Keep following the prompts in order to continue with the installation process.
  • Please select your language you want the program to use and then press the OK
  • You will now be prompted to update the SUPERAntiSpyware definitions. Please press the Yes button to allow the program to download and install the latest updates
  • After the definitions are updated, the welcome screen for SUPERAntiSpyware will appear.
  • When you get to the screen asking if you would like to send the diagnostics, you can choose to allow it to or not. Either choice will have no affect on the effectiveness of its malware scan. When you get to the last screen, click on the Finish button.
  • You will now be prompted if you would like SAS to protect your home page. If you select the Protect Home page option, SUPERAntiSpyware will alert you if another program is trying to change your browser’s home page. Click Yes
  • Then you will be at the main screen for SUPERAntiSpyware. Click the Preferences button, then Scanning Control tab, and put a checkmark in the following options
    • Close browsers before scanning.
    • Scan for tracking cookies.
  • Now press the Close button to go back to the main screen.
  • Click on the Scan your Computer… button to begin the scanning process. You should select the Perform Complete Scan option and then press the Next button to start scanning your computer.
  • When the scan is finished a screen will appear showing the summary of what was detected. You should click on the OK button to close the summary screen box and continue with the removal process.
  • You should now click on the Next button to remove all the listed malware. If it displays a message stating that it needs to reboot, please press the Yes button to allow it to do so. VERY IMPORTANT to DO
  • Click the Repair Tab after the restart if any issues still remain and SAS will atempt to fix them. Please check all boxes and then click Repair Selected Items
Step 5.


Download DDS and save it to your desktop
Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt file will open.
Click Yes at the next prompt for Optional Scan.


  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your new topic that you will create: DDS.txt and Attach.txt
  • YOu may attach these 2 logs


~~~~~~~~~~~~~~~~~~~~~
LOgs to reply with:

  • Mbam Log (Copy & Paste)
  • DDS.txt
  • Attach.txt


dFi3y.jpg
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Dell Studio XPS 435T 12gig's ram, 2000 gig's HD
I had the same problem after following all the procedures in this thread to remove the Vista Security 2011 Virus. All was repaired but the Security Center.
I used a registry fix at the link below that restored the Security Center and solved my problem.
Be sure to read the entire thread and save your registry before attempting to run the fix. Windows Security Center Service has been removed - Microsoft Answers

This resolved issues with bfe, security center, firewall, defender, and network discovery.
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron 1721
    CPU
    AMD Athlon 64 X2 Dual-Core TK-55 1.80 GHz
    Memory
    2 GB
Back
Top