Member Panel

I'm putting this in Windows Errors instead of one of the Security places because I think I have my viruses cleaned off, and now just have to deal with the aftermath. Symantec and AdAware both now come up clean, and I intend to look at the other software options you offer on this site to see if they come up clean as well.

When my computer first got infected, windows Security Center popped up and told me that I had an infection. My desktop was replaced with a black background that also said I was infected. AdAware found viruses with TAC ratings of 7-10 (uh-oh!) a few of which I remember the names of (unfortunately the screen blanked shortly afterwards and I did not get them all). The two with the highest TAC ratings were "MATRISHASYOU" and "MATRIXHASYOU". Well, these sounded nasty and, sure enough, they are backdoors that allow access to passwords and stuff.

I should mention here, as I did in my introduction thread, that this was, really, my own fault. I just got this computer a few weeks ago, and I was in the process of putting on my lovely ZoneAlarm 3rd party firewall. Which, of coruse, meant disabling the Windows firewall. So, I did that, and then walked away from the computer for a bit to answer the phone. I come back later, completely forgetting what I was up to, and start surfing the net. Which, all in all, was not the best plan in the world.

Anyway, I start clearing out infected files, and then restart my computer. I couldn't get on because every time we got to login, I got a BSOD that told me the logon process ended unexpectedly, and gave an error code 0XC0000142. Fortunately, I was able to get in using Safemode, and run the virus scans in order to clear out the bad stuff. Upon restarting I again ran virus and adware scans and they both came up clean twice. I think I am now running alright again, but there is one victim I can't resuscitate... windows Security Center. I get the error message "The security center is currently unavailable because the 'Security Center' service has not started or was stopped. Close this window, restart the computer (or start the Security Center service) and then open the Security Center again.

I searched for this error on Google and found that most people said to go to services.msc under the Run command, and reactivate Security Center from the list. Only problem is, it isn't there. Repeat: Security Center is NOT on the list of services when I open services.msc.
The other bothersome bit is that most users on the forums where this very question is posed say that the user will have to reinstall Windows. Please don't tell me that. Please. I am going to be royally ****** if that is the case. There must be a simpler fix, a way to reinstall the Security Center or find it on the list if it is hidden without reformatting my hard drive, losing all my settings and file structures and everything.

Anyway, thanks for the assistance in advance... I DO hope you can help me. You all seem to know your stuff here, so I'm confident someone will have the answer.

well, reinstalling the security center generally means reinstalling the OS. Reinstalling the OS is not that big a deal, provided you have the OEM disk, and you can do so without losing any data save drivers. However, I would HIGHLY recommend following the prework link in my signature and following the prompts, ending with the HJT log, as if your security center is still not showing up, the chances are rather high that something is blocking it from doing so. When you post your hjt log, I will most likely be requesting that this be moved to the security forum so you can get some expert assistance there; I'm betting that something is still blocking your security center. If not, great, we'll cross that bridge when we come to it, but I want to make totally sure you are clean.

Thanks,

v

Thanks a million, Valis, that's a logical starting place. I'll get right on it, and post the log ASAP. Lovve the Edgar Allen Poe lookalike avatar, by the way

heh....thanks, it's 'borrowed' from a comic strip called 'red meat'.....rather eccentric strip, and birds of a feather, after all.....

looking forward to seeing how the hjt looks after you get the prework done...

v

About to run HJT right now, but here's AVG's report in the meantime. It didn't find anything, so we'll see what HJT finds. Autoprotect on Symantec is continuing to pop up at odd intervals reporting that is has removed a .dll file (maindll.dll) and is attributing it to "Backdoor.Trojan" but another scan reveals that there is nothing there. This site says:
Still, I wonder how Symantec could delete the trojan but the .dll would continue to show up time and time again? We'll see what HJT says.

Anyway, AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:56:38 PM 2/3/2007
+ Scan result:

Nothing found.

::Report end

Edit: If I had any inkling that the entire time HJT would have taken to run was 47 seconds, I would have just waited. Anyway, find the HJT log attached

yeah, you are infected. Let me contact a moderator to get this moved to the security forum. You've got at least two infections, and I quit looking after that, but we'll get someone in security to fix you up straight away.

Again, I'm going to request a mod move this to security.

v

Alex, a Security analyst will assist you with this problem as soon as possible. please bear with us for a short while. Thank you.