Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows 7 UAC disables itself Read for more.

05 Feb 2010   #1
Snagg57

Windows XP SP 2/ Windows 7 Build 7100
 
 
Windows 7 UAC disables itself Read for more.

Hello.

I need your help, i am running Windows 7 RC Build 7100.

and my UAC keeps disabling it self. Now i recently got a Virus names msa.exe which i removed Via MBAM and double checked the Regrestry keys and found nothing related to that. I also scanned my E drive (Windows 7 C Drive) with AVG using Slow scan and found nothing harmful.

Help please.

I honestly doubt it is a Hardware related problem.


My System SpecsSystem Spec
.

06 Feb 2010   #2
dmex

 

Quote   Quote: Originally Posted by Snagg57 View Post
Hello.

I need your help, i am running Windows 7 RC Build 7100.

and my UAC keeps disabling it self. Now i recently got a Virus names msa.exe which i removed Via MBAM and double checked the Regrestry keys and found nothing related to that. I also scanned my E drive (Windows 7 C Drive) with AVG using Slow scan and found nothing harmful.

Help please.

I honestly doubt it is a Hardware related problem.
Its physically impossible for hardware or a hardware related problem to disable UAC

Install MSE and do a full system scan, It should identify and remove any viruses it finds (MSE has the best detection rate atm) http://www.microsoft.com/Security_Essentials/

You can also use System Restore for restoring Windows back before you obtained this infection, It might also be wise to replace your RC 7100 version before it expires shortly

Steven
My System SpecsSystem Spec
06 Feb 2010   #3
Snagg57

Windows XP SP 2/ Windows 7 Build 7100
 
 

kk MSE said something about a Trojan which i cannot find.

Alureon.A Was the thing i found.
My System SpecsSystem Spec
.


06 Feb 2010   #4
dmex

 

Quote   Quote: Originally Posted by Snagg57 View Post
kk MSE said something about a Trojan which i cannot find.

Alureon.A Was the thing i found.
Did you follow the MSE prompt and clean the infection?
My System SpecsSystem Spec
06 Feb 2010   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Information about Alureon.A
http://www.microsoft.com/security/po...32%2FAlureon.A

Aliases
  • Win32/Olmarik!generic (CA)
  • Rootkit.Win32.TDSS.u (Kaspersky)
  • W32/TDSS.drv.gen4.A (Norman)
  • Mal/TDSSPack-V (Sophos)
TDSS is a Rootkit

msa.exe

http://www.bleepingcomputer.com/star...exe-23769.html
My System SpecsSystem Spec
07 Feb 2010   #6
Snagg57

Windows XP SP 2/ Windows 7 Build 7100
 
 

Found the culprit.

Atapi.sys in Windows System32 folder.

Some one upload Atapi.sys for me so i can replace?


And MSE didn't work it daid it killed it but it came back >.>
My System SpecsSystem Spec
07 Feb 2010   #7
jav

Windows 7 Ultimate x86 SP1
 
 

Quote   Quote: Originally Posted by Jacee View Post
Information about Alureon.A
Encyclopedia entry: Virus:Win32/Alureon.A - Learn more about malware - Microsoft Malware Protection Center

Aliases
  • Win32/Olmarik!generic (CA)
  • Rootkit.Win32.TDSS.u (Kaspersky)
  • W32/TDSS.drv.gen4.A (Norman)
  • Mal/TDSSPack-V (Sophos)
TDSS is a Rootkit

msa.exe

Antivirus - MSA.exe - Program Information
Quote   Quote: Originally Posted by Snagg57 View Post
Found the culprit.

Atapi.sys in Windows System32 folder.

Some one upload Atapi.sys for me so i can replace?


And MSE didn't work it daid it killed it but it came back >.>
Ouch....
ok, it's TDSS rootkit family.
Currently most advanced and the fastestes developing rootkit on the wild.
New version is coming our almost everyday, so amost no AV can catch it's newer versions currently.

Right now it's more famous with the name TDL 3 (it's third generation of TDSS rootkits)




ok, download:Hitman Pro 3 - SurfRight (they claim that they can remove TDL...)

Quote   Quote: Originally Posted by http://www.wilderssecurity.com/showpost.php?p=1617595&postcount=918
This build is all about removing the latest TDL3.24 rootkit that is spreading like fire! In the last weeks we cured over 13.000+ computers. Most of these computers were having an up-date AV installed that should have prevented infection.

If you search in the last week for 'google redirect virus' you'll see how big this is.

If you are browsing the internet and you are directed to different sites than expected, your PC is probably infected with this highly advanced and evolving rootkit.

Hitman Pro 3.5.4 build 87 can cure all current variants, up to version 3.24.
and run scan with it.
Post screenshot.
Then you can activate 30 day trial to remove infections.

more info on TDL rootkit: Sysinternals Forums - Rootkit TDL 3 - Page 1

Quote   Quote: Originally Posted by http://www.drweb.com/static/BackDoor.Tdss.565_(aka%20TDL3)_en.pdf
Now the installation continues in the kernel mode. The rootkit searches through the
stack of devices responsible for interaction with the system disk to determine the driver it is going to infect, its future victim. The choice depends on the hardware configuration. If the system disk uses the IDE interface, it will pick out atapi.sys, in other cases it can be iastor.sys. There are rootkits that infect file system and network drivers or even the system kernel to ensure their automatic launch (BackDoor.Bulknet.415(Virus.Win32.Protector.a/W32/Cutwail.a!rootkit), Win32.Ntldrbot (Virus.Win32.Rustock.a/Backdoor:WinNT/Rustock.D), Trojan.Spambot.2436 (Trojan-Dropper.Win32.Agent.bwg/TR/Drop.Agent.BWG.1) and others) and this instance is not an exception.....
more analyses of TDL 3 by Dr.web: http://www.drweb.com/static/BackDoor...20TDL3)_en.pdf
My System SpecsSystem Spec
07 Feb 2010   #8
Victek

Windows 7 x64
 
 

Quote   Quote: Originally Posted by Snagg57 View Post
kk MSE said something about a Trojan which i cannot find.

Alureon.A Was the thing i found.
.
I recommend scanning with Hitman Pro. It will give you a 30 day fully functional trial period after you install it.
My System SpecsSystem Spec
Reply

 Windows 7 UAC disables itself Read for more.




Thread Tools





Similar help and support threads
Thread Forum
Aero Disables itself randomly on windows 7?
Im not sure if its a major cause for concern... But I have noticed that Aero will disable itself very randomly.... like weeks apart randomly. After about 10 minutes or so Aero will re-enable itself. The only connection I have came up with is that firefox "with a youtube playing" is running when it...
General Discussion
windows sometimes disables my laptop speakers
HI , i have a weird problem my windows sometimes disables my laptop speakers , i just trurn the laptop on , and find no sound then i right click the sound icon < volume control options and i find the speakers unchecked it only gets fixed by restarting after checking the speakers can someone tell...
Sound & Audio
SFC /scannow Disables Windows mail
I used the tutorial to activate Windows mail on Win7 and it works great until I run sfc /scannow, then it wont open. Winmail.exe is running in the Task manager. I have two Win Mail programs 32 bit and 64 bit. Running IE8. Reentering the downloaded reg or changing the msoe.dll, no joy. I'm...
Browsers & Mail
Windows 7 SP1 Disables Happauge HVR-950 TV Tuner
For the first 2 days after I installed Windows 7 SP1 while the Service Pack Upgrade Files were still on my HDD everything was fine, but as soon as I used Disk Cleanup to remove the 920 MB of Service Pack Upgrade Files my Happauge HVR-950Q TV Tuner which HP sells for the computers they make had been...
Windows Updates & Activation
Windows update disables two monitors!
Hey all I've just upgraded my edit suite (custom built) to Windows 7 from XP and to start off with everything was fine. The edit suite itself while on XP ran on 4 monitors (3 LCD and one HDTV) for when I was editing video for work. Upon launching 7 I had all the monitors come up immediately -...
Graphic Cards
Windows areo automatically disables itself
Hay peeps, I am having a problem with the windows areo thingy, when I put my computer to 'sleep' the areo theme changes to basic on wake up and I can not figure out for the life of me how to stop it . My graphics drivers are fully updated too :) the only way I can get it back is by...
Customization

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:13.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App