Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 UAC disables itself Read for more.


05 Feb 2010   #1

Windows XP SP 2/ Windows 7 Build 7100
 
 
Windows 7 UAC disables itself Read for more.

Hello.

I need your help, i am running Windows 7 RC Build 7100.

and my UAC keeps disabling it self. Now i recently got a Virus names msa.exe which i removed Via MBAM and double checked the Regrestry keys and found nothing related to that. I also scanned my E drive (Windows 7 C Drive) with AVG using Slow scan and found nothing harmful.

Help please.

I honestly doubt it is a Hardware related problem.

My System SpecsSystem Spec
.

06 Feb 2010   #2

 

Quote   Quote: Originally Posted by Snagg57 View Post
Hello.

I need your help, i am running Windows 7 RC Build 7100.

and my UAC keeps disabling it self. Now i recently got a Virus names msa.exe which i removed Via MBAM and double checked the Regrestry keys and found nothing related to that. I also scanned my E drive (Windows 7 C Drive) with AVG using Slow scan and found nothing harmful.

Help please.

I honestly doubt it is a Hardware related problem.
Its physically impossible for hardware or a hardware related problem to disable UAC

Install MSE and do a full system scan, It should identify and remove any viruses it finds (MSE has the best detection rate atm) http://www.microsoft.com/Security_Essentials/

You can also use System Restore for restoring Windows back before you obtained this infection, It might also be wise to replace your RC 7100 version before it expires shortly

Steven
My System SpecsSystem Spec
06 Feb 2010   #3

Windows XP SP 2/ Windows 7 Build 7100
 
 

kk MSE said something about a Trojan which i cannot find.

Alureon.A Was the thing i found.
My System SpecsSystem Spec
.


06 Feb 2010   #4

 

Quote   Quote: Originally Posted by Snagg57 View Post
kk MSE said something about a Trojan which i cannot find.

Alureon.A Was the thing i found.
Did you follow the MSE prompt and clean the infection?
My System SpecsSystem Spec
06 Feb 2010   #5
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Information about Alureon.A
http://www.microsoft.com/security/po...32%2FAlureon.A

Aliases
  • Win32/Olmarik!generic (CA)
  • Rootkit.Win32.TDSS.u (Kaspersky)
  • W32/TDSS.drv.gen4.A (Norman)
  • Mal/TDSSPack-V (Sophos)
TDSS is a Rootkit

msa.exe

http://www.bleepingcomputer.com/star...exe-23769.html
My System SpecsSystem Spec
07 Feb 2010   #6

Windows XP SP 2/ Windows 7 Build 7100
 
 

Found the culprit.

Atapi.sys in Windows System32 folder.

Some one upload Atapi.sys for me so i can replace?


And MSE didn't work it daid it killed it but it came back >.>
My System SpecsSystem Spec
07 Feb 2010   #7
jav

Windows 7 Ultimate x86 SP1
 
 

Quote   Quote: Originally Posted by Jacee View Post
Information about Alureon.A
Encyclopedia entry: Virus:Win32/Alureon.A - Learn more about malware - Microsoft Malware Protection Center

Aliases
  • Win32/Olmarik!generic (CA)
  • Rootkit.Win32.TDSS.u (Kaspersky)
  • W32/TDSS.drv.gen4.A (Norman)
  • Mal/TDSSPack-V (Sophos)
TDSS is a Rootkit

msa.exe

Antivirus - MSA.exe - Program Information
Quote   Quote: Originally Posted by Snagg57 View Post
Found the culprit.

Atapi.sys in Windows System32 folder.

Some one upload Atapi.sys for me so i can replace?


And MSE didn't work it daid it killed it but it came back >.>
Ouch....
ok, it's TDSS rootkit family.
Currently most advanced and the fastestes developing rootkit on the wild.
New version is coming our almost everyday, so amost no AV can catch it's newer versions currently.

Right now it's more famous with the name TDL 3 (it's third generation of TDSS rootkits)




ok, download:Hitman Pro 3 - SurfRight (they claim that they can remove TDL...)

Quote   Quote: Originally Posted by http://www.wilderssecurity.com/showpost.php?p=1617595&postcount=918
This build is all about removing the latest TDL3.24 rootkit that is spreading like fire! In the last weeks we cured over 13.000+ computers. Most of these computers were having an up-date AV installed that should have prevented infection.

If you search in the last week for 'google redirect virus' you'll see how big this is.

If you are browsing the internet and you are directed to different sites than expected, your PC is probably infected with this highly advanced and evolving rootkit.

Hitman Pro 3.5.4 build 87 can cure all current variants, up to version 3.24.
and run scan with it.
Post screenshot.
Then you can activate 30 day trial to remove infections.

more info on TDL rootkit: Sysinternals Forums - Rootkit TDL 3 - Page 1

Quote   Quote: Originally Posted by http://www.drweb.com/static/BackDoor.Tdss.565_(aka%20TDL3)_en.pdf
Now the installation continues in the kernel mode. The rootkit searches through the
stack of devices responsible for interaction with the system disk to determine the driver it is going to infect, its future victim. The choice depends on the hardware configuration. If the system disk uses the IDE interface, it will pick out atapi.sys, in other cases it can be iastor.sys. There are rootkits that infect file system and network drivers or even the system kernel to ensure their automatic launch (BackDoor.Bulknet.415(Virus.Win32.Protector.a/W32/Cutwail.a!rootkit), Win32.Ntldrbot (Virus.Win32.Rustock.a/Backdoor:WinNT/Rustock.D), Trojan.Spambot.2436 (Trojan-Dropper.Win32.Agent.bwg/TR/Drop.Agent.BWG.1) and others) and this instance is not an exception.....
more analyses of TDL 3 by Dr.web: http://www.drweb.com/static/BackDoor...20TDL3)_en.pdf
My System SpecsSystem Spec
07 Feb 2010   #8

Windows 7 x64
 
 

Quote   Quote: Originally Posted by Snagg57 View Post
kk MSE said something about a Trojan which i cannot find.

Alureon.A Was the thing i found.
.
I recommend scanning with Hitman Pro. It will give you a 30 day fully functional trial period after you install it.
My System SpecsSystem Spec
Reply

 Windows 7 UAC disables itself Read for more.




Thread Tools



Similar help and support threads for2: Windows 7 UAC disables itself Read for more.
Thread Forum
Aero Disables itself randomly on windows 7? General Discussion
windows sometimes disables my laptop speakers Sound & Audio
SFC /scannow Disables Windows mail Browsers & Mail
Windows 7 SP1 Disables Happauge HVR-950 TV Tuner Windows Updates & Activation
Windows update disables two monitors! Graphic Cards
Safari browser disables taskbar and windows Browsers & Mail
Windows areo automatically disables itself Customization

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:49 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33