Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Unable to fix Action Center notifications after virus Win64/Sirefef.B

25 Mar 2012   #1

Windows 7 Home Premium 64 bit
 
 
Unable to fix Action Center notifications after virus Win64/Sirefef.B

Stupidly, I managed to get the Win64/Sirefef.B virus onto my PC.
Thankfully my virus scanner caught it before it could do any serious damage, but it's still left me with a few problems. Notably, the following:
  • Security Center service was removed (I've since fixed this)
  • Windows Firewall service was removed (I've since fixed this)
  • The Action Center tray notification icon (white flag) no longer appears.

It's the final item that I've still not managed to restore.
Ironically, from searching various forums, there appear to be more posts wanted to remove it than restore it, but I quite like having it there. If something disables my firewall, I want to know about it ASAP, and that's what it does.

Things I already know
I no longer have the virus, I'm 99% certain of that, I just need to get the Action Center tray notifications back.
It's NOT been blocked by a group policy setting, it simply isn't running at all.
I've checked against a working PC, and that has ActionCenter.dll and ActionCenter.dll.mui loaded by Explorer.exe. No process on my PC has these items loaded.

Things I've already tried
The group policy settings.
Turning on the Action Center system icon (I can't, it's greyed out).
The ActionCenter.dll and ActionCenter.dll.mui files do exist on my PC, for whatever reason, explorer.exe just isn't attempting to load them.

So, can anyone offer any suggestions? I'm prepared to try anything except reinstalling Windows. I know this would work, but it's way more trouble than I want to go to. It was take me weeks to re-configure everything.

Thanks for any help you can give!

Cheers

Scott

My System SpecsSystem Spec
.

25 Mar 2012   #2

Windows 8.1 Pro x64
 
 

Hi Scott, Welcome to Seven Forums.

I'm not entirely sure what the resolution to this is off the top of my head but just a quick question... where/how did you try to do the following?

Quote   Quote: Originally Posted by MenaceF1 View Post
Turning on the Action Center system icon (I can't, it's greyed out).
Regards,
JDobbsy1987
My System SpecsSystem Spec
25 Mar 2012   #3

Windows 7 Home Premium 64 bit
 
 

Hi,

I right clicked the < icon in the tray area, and selected properties.
I'm given a list of System Icons, such as Clock, Volume, Power, and Action Center.
Power and Action Center are greyed out.
For Power, fair enough, I'm running a desktop.
But Action Center should allow me to turn it on/off, but I can't as it's greyed out.

I don't believe it's because the option to enable it is disabled somewhere.
I believe it's because the Action Center functionality isn't running.

Does that help?
My System SpecsSystem Spec
.


25 Mar 2012   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Have you looked here? System Icons - Enable or Disable
My System SpecsSystem Spec
25 Mar 2012   #5

Windows 7 Home Premium 64 bit
 
 

Yes, that's the "Group Policy settings" that I've already tried. It's not a policy setting problem, the libraries themselves aren't being loaded into Explorer.exe.
My System SpecsSystem Spec
25 Mar 2012   #6

Windows 7 Home Premium 64 bit
 
 

SOLVED

Ok, I've managed to solve my own post, I'll give the details here anyway as it may benefit anyone else with a similar problem.

The virus had removed the following registry Key (amongst others):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""

This starts the whole ball rolling for enabling the Action Center notifications.
When Explorer.exe starts, it looks for this key, and that it what then tells it to load ActionCenter.dll, and monitor for whatever messages it chooses to give.

Hope this is of use for someone else.

How did I find this out?
If anyone's interesting in more detail about how I managed to work this out, I decided to observe what the virus does in a controlled environment. So I created a virtual machine running Windows 7, and deliberately infected it with the same virus while running a tool called "Process Monitor" that tells me every file it creates or deletes, and crucially, every registry key it modifies or deletes.

This is how I discovered that it deleted that key, and I joined the dots up from there.

Many thanks for all those who tried to help, I hope my reply is useful!

I believe I'm supposed to mark this thread as solved?
I'll try to work out how to do that shortly.

Regards

MenaceF1
My System SpecsSystem Spec
25 Mar 2012   #7

Windows 8.1 Pro x64
 
 

I'm glad you managed to fix it and thanks for posting it back.

Good work resolving it
My System SpecsSystem Spec
25 Mar 2012   #8

win 7 X64 Ultimate SP1
 
 
Solution

Excellent detective work, Menace.
My System SpecsSystem Spec
25 Mar 2012   #9

Windows 7 Ultimate x64
 
 

Great job figuring this out MenaceF1!! Persistence is the key to success, eh?

Now when someone does a search they have a better chance of finding the answer.

I'm curious as to whether you've also gotten the ability to mess with the visibility of the power icon. I think you should have that ability, too, as the two desktops I've got here let me manipulate the power icon visibility options. They are connected to UPSs though, maybe that has something to do with it.
My System SpecsSystem Spec
26 Mar 2012   #10

Windows 7 Home Premium 64 bit
 
 

Yes, I don't think there's anything sinister about the Power icon being greyed out on my PC. I believe windows will only enable it if it detects a device driver for a battery, UPS or similar. Same goes for the volume icon, if you don't have any audio hardware, that's greyed out too.
My System SpecsSystem Spec
Reply

 Unable to fix Action Center notifications after virus Win64/Sirefef.B





Thread Tools



Similar help and support threads for2: Unable to fix Action Center notifications after virus Win64/Sirefef.B
Thread Forum
Solved RPC Virus message in Action Center, though the virus seems to be gone? System Security
trojan virus sirefef removal System Security
Trojan win64/ sirefef.b and .J System Security
Action Center Virus System Security
Disable Action Center notifications General Discussion
Action Center notifications w no icon Customization
Action Center saying no virus protection (have KIS) Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:14 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33