Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Random Adobe update led to Microsoft SE disabled; infected?!

09 Jul 2012   #31
DustSailor

Microsoft Windows 8.1 Pro 64-bit
 
 

If you don't feel comfortable doing the repair install or don't have the right CDthen you can wait for someone else to jump in here with their own advice. Aside from what is below, I have come to my limit. You can try searching for the error you receive at this link or on google: Microsoft Fix it Solution Center: troubleshooting software issues

Make sure once again that you update antivirus software, and scan again (full) for any additional bugs. Let us know if you find any. Very sad the fix-it tool didn't work.

Also update windows! Windows update provides numerous security patches that are critical to have installed.

Can you turn on these services: 1.Security Center (Start, set to automatic[delayed start]) and 2.Windows Firewall (Start, set to automatic).

To get there, type "Services.MSC" without quotes in the start menu search bar. Click the program that pops up. Search through the alphabetized list but don't change anything else. Double-click the item to change it's properties.


My System SpecsSystem Spec
.
09 Jul 2012   #32
DustSailor

Microsoft Windows 8.1 Pro 64-bit
 
 

*Above post updated, please re-read it if you have already.

Found some good posts for you to read up on to see if they help with your problem. Be careful, as some posts may apply specifically to a single user rather than for everyone (Start with the link in Bold, and please run that tool):
My System SpecsSystem Spec
09 Jul 2012   #33
BinkerNate

Windows 7
 
 

Okay, thanks.

I think it is SP1, going by what CCleaner says. Though, I just wanted to ask if I was right and it wasn't just something CCleaner had in its window.

I always update my virus scanners, the three I have (Malwarebytes, MSE, and SUPEAntiSupyware). Malwarebytes hasn't found anything at all, and I've been doing virus scans from both that and MSE all day today. So, I guess I'm okay.

I've also checked Windows Update, and I'am up to date.

Quote:
Can you turn on these services: 1.Security Center (Start, set to automatic[delayed start]) and 2.Windows Firewall (Start, set to automatic).
They don't even appear on the list at all. The only thing with Security in the name is Security Accounts Manager, and that's okay.

The first link posted, and bolded; that was the fix it I used earlier. I did it again, with no luck.

I'll check around, but if anything, I'll ask the others who helped me here and/or you if I find something and I want to ask first before I try it out. Perhaps I could call someone at Windows or Microsoft, like Microsoft Consumer Security Support Center. BTW, what do you, or anyone watching, think of using any of these?

Method 3 from this:
http://support.microsoft.com/kb/2530126
Or ESET Scanner:
ESET :: Get a FREE Online Virus Scan

Let me know. Thanks
My System SpecsSystem Spec
.

09 Jul 2012   #34
DustSailor

Microsoft Windows 8.1 Pro 64-bit
 
 

Sure, do them both. Don't think "Method 3" will work for you though, and it is looking more and more like a repair install is your only option. Might as well try it though. If a complete reinstall is an option, consider it (for perfect cleanliness and a fresh beginning).

If you have the CD, you can tell me what it says on it and I can tell you if you can use it to reinstall or repair windows. You might have recovery disks on hand somewhere that can come in handy if you don't have a full retail disk.
My System SpecsSystem Spec
09 Jul 2012   #35
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

ESET is well regarded - it won't hurt to give that a try.

Regards,
Golden
My System SpecsSystem Spec
09 Jul 2012   #36
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Hit the Windows Flag key and the Pause key and Windows will tell you if SP-1 is installed
My System SpecsSystem Spec
09 Jul 2012   #37
BinkerNate

Windows 7
 
 

I do have SP1, but as for the disc, I don't have it nor seem to find it.

Anyway, an important update: it seemed like ESET didn't do anything, saying that I wa cleaned, until later on when I checked services.msc again out of random, and there it is: Windows Firewall. I checked it, and it looks like it isn't on (Start type is automatic) and when I clicked "Start", it stated that it couldn't, and I should check System Event Log, if this is non-Microsoft, contact vendor on service specific error 5.

Okay, it's back (I guess thanks to ESET), but can't turn it on. What should I do now?
My System SpecsSystem Spec
09 Jul 2012   #38
DustSailor

Microsoft Windows 8.1 Pro 64-bit
 
 

look through your event viewer and tell what it says. In it, go to Custom Views>Administrative Events
My System SpecsSystem Spec
09 Jul 2012   #39
BinkerNate

Windows 7
 
 

Yeah, I found it and was checking it before you posted, Dustsailor.

Anyway, I was looking at System and going back to when it all started. It all started on 7/6 at 2:46am with Adobe, which I quickly stopped at the same time. Malwarebytes found Sirefef.P at 3:08am, where at the same time, the following occured: Microsoft Antimalware (Malwarebytes?) was disabled; so was Defender (I guess I already had it), IP Helper, Security Center, IP Helper then just stopped, Firewall was disabled then stopped, Security Center stopped, etc.

Then at Admins, I'm just going to list the things that happened after 3:08am when the trojan was first found by Malwarebytes. Some of what I will list might seem important, even some probably aren't, but just in case. I don't know, I can't remember what and when on that day.

3:10am:
The Computer Browser service terminated with the following error:
The specified service does not exist as an installed service.
The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
\SystemRoot\SysWow64\DRIVERS\ithsgt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
The ithsgt service failed to start due to the following error:
This driver has been blocked from loading
\SystemRoot\SysWow64\DRIVERS\lilsgt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
The lilsgt service failed to start due to the following error:
This driver has been blocked from loading
The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

3:24am:
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

4:50am:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-274942078-2301801399-3379666533-1000:
Process 592 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-274942078-2301801399-3379666533-1000

That appeared again at 4:57am, and 5:00am

Again, might be nothing since we took care of alot of things since then, but just in case.

Also, I went to Security and searched Firewall, and the Firewall Driver was started successfully at 1:00pm today; that was when I turned on my computer. ??? After reading that, I went to services.msc and it's the same. There, but not on. What's stopping it from turning on?
My System SpecsSystem Spec
09 Jul 2012   #40
DustSailor

Microsoft Windows 8.1 Pro 64-bit
 
 

A repair install.


But seriously, you've done an sfc scan which didn't fix anything. You might try sfc again, but without some kind of CD, you're looking at downloading an ISO and doing a complete reinstall. The virus corrupted a lot of stuff that you will need. I don't know how to fix it manually, and I doubt it is that easy. Might have to come to terms with saving your work and doing a clean install: Clean Install Windows 7 - created by Brink

Best of luck to ya though, mate. If you want to download the ISO, i need this info:
Do you have 32bit or 64 bit windows. If I had to guess, I'd think it was 64... am I right?
My System SpecsSystem Spec
Reply

 Random Adobe update led to Microsoft SE disabled; infected?!




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
BSOD random (Chrome , Adobe softwares , Microsoft office , COD bo2)
hey there.. so for the last 9 months my computer is literally making me suffer with these multiple almost daily BSODs , first i thought it was my GPU causing the problem but after i updated all the drivers including the GPU nothing changed . and the same error message keep showing up . the...
BSOD Help and Support
If you disabled Microsoft virtual adapter does this increase wireless+
I would like to know if its a fact that disabling Microsoft virtual adapter increases Wireless performance in terms of signal + speed. The second question is would it also increase faster start up time in windows 7 from cold boot since it has DHCP has to assign a IP address for it?
General Discussion
Adobe Reader disabled
Greetings, How can I DISABLE Abode Reader from automatic updating please? Thanks for showing me.
Software
Microsoft wants to put infected PCs in rubber room.
Source - Microsoft wants to put infected PCs in rubber room ? The Register
News
Microsoft: Some Office 2010 torrents infected
Microsoft advises staying clear of some Office 2010 torrents. The torrents distributed by some members of this site have been checked by me personally and did not contain any malware, worms or virus's I wanted to post quickly to acknowledge the information that you have seen today around bits...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:20.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App