Windows 7: Windows Security Center can't be started because of virus/malware

Started Windows Firewall - no problem



"I'm confused enough with what I do!"

You have been excellent!!!! and it seems like you know what you're doing
Maybe I'll try the Craphic Cards forum if the screen drive problem continues.

Is my computer OK now (regarding the virus/malware), or do you think there's something left??

Crumble,

Thank you for the kind words.
I am retired, and enjoy doing this kind of stuff. No expert here, though.

There is one more scan we should do to make sure the malware is gone...

Please go to Post #2, and Posts #14 and 17 where Pauly and UsernameIssues suggest using Windows Defender Offline (WDO).

When done with the scan, its log file is stored in an MPLog-MM/DD/YYYY-HH/MM/SS .txt file in the folder
below:
C:\Windows\Windows Defender Offline\Support

Please make sure you post the MPLog in your reply.

Great
I just need to find an empty CD - I'll try to get it done soon

Whenever you are ready.

Some computers do not automatically start from removable media (CD/DVD or USB flash drive).
If yours does not, restart, and look for how to enter the BIOS Setup Utility at the bottom of the first screen that comes up.

Most PCs use F2, F10, ESC, or DEL key to begin the BIOS Setup.

Once in, look for a tab in the BIOS Setup Utility that is labeled Boot (or Boot Order, or something similar).
Use the arrows to go to the Boot order.

Locate the CD (DVD, or USB flash drive) in the Boot list.
Use the arrows to move the drive up so that it appears first in the Boot list.
Press: Enter
Press F10 to save your changes and to exit the BIOS Setup Utility.
Select Yes in the confirmation window.
Then, allow the PC to boot from the CD.


~~~~
Here are some of the screens you are presented with when running WDO after you create the media (CD/DVD, USB flash drive), and then boot your computer from the media:

http://blogs.technet.com/b/security/...r-offline.aspx

http://ask-leo.com/windows_defender_offline_scan_your_computer_for_malware_without_booting_windows.html

When the program opens, it runs a scan.

If WDO finds malware, see if you can use the option to Quarantine, so we can see a report before getting rid of anything.

Do not expect any problems, however, we do not want to remove anything like the following:

boot:\\.\PHYSICALDRIVE0\PARTITION0 (Type 27)

Removing this entry impacts your Master Boot Record and/or Partition Table, and you may end up not being able to boot.

I'm back
The CD with the WDO didn't start automatically and I was able to enter the BIOS setup. But in the setup mode all the letters were grey and impossible to click on. So I tried to click the button that said "unlock" and it asked for the admin password. I entered the password I use to log on my PC as I thought this was the right password and I am the administrator. Even so I got the message "you have entered the wrong password". Now I don't know what to do! Hope you can help

The easiest thing would be to ask the school that you got the laptop from if they would remove the BIOS password for you.

Sorry, had I known that there was a BIOS password involved, I wouldn't have suggested WDO.

There are infections that can hide themselves for the Windows operating system. They do that by starting before the Windows operating system starts. The recovery mode that you used to run some scans from is still a Windows operating system (I think) and thus infections can hide from it and any scans started from it. The safest scans are made when you know that nothing loaded from the suspect hard drive.

I could be wrong - so to any member reading this: feel free to correct me.

To my understanding...

...the RE is separate from the Operating System, and the System Recovery Options / Command Prompt performs actions without being in Windows.

If a User is infected with malware, the Recovery Environment is a well recognized asset among the malware removal community to clean rootkits or malware, as they will not be started in this environment.

There are tools we can use in the RE that can spot a hidden Rootkit in a flash.

Anyone, please correct me if I am wrong.

Crumble,

I hate to see this...

Unfortunately, it is not.

As UsernameIssues suggests, contact the school. If they do not want to remove the BIOS password, at least they should know what it is.

They can also set the PC to boot from CD as first option.

I agree that RE "is a well recognized asset among the malware removal community to clean rootkits or malware".

"...as they will not be started in this environment." This is the part that I'm wondering about.

Does the RE use the same Windows APIs? I think so.
Can an infection load before the RE? I'm not sure.

If both are yes, then any scan run from the RE is flawed - if that RE was loaded from the suspect hard drive.

If the RE is loaded from a clean DVD, then scans run on top of it are as good as they can be.


To put it another way:

Can an infection load before one sees this screen?

...or just after that screen and before the RE - if that RE was loaded from the suspect hard drive?

I don't know (nor can I find an article that describes) how alureon (or the like) loads from its active partition before Windows loads... but that seems to be what alureon does. My fear is that alureon could load before (and thus hide from) RE - if that RE was loaded from the suspect hard drive.

I don't want to hijack the thread while someone educates me - feel free to send me a PM.