Unable to fix Action Center notifications after virus Win64/Sirefef.B

Page 1 of 3 123 LastLast

  1. Posts : 5
    Windows 7 Home Premium 64 bit
       #1

    Unable to fix Action Center notifications after virus Win64/Sirefef.B


    Stupidly, I managed to get the Win64/Sirefef.B virus onto my PC.
    Thankfully my virus scanner caught it before it could do any serious damage, but it's still left me with a few problems. Notably, the following:

    • Security Center service was removed (I've since fixed this)
    • Windows Firewall service was removed (I've since fixed this)
    • The Action Center tray notification icon (white flag) no longer appears.


    It's the final item that I've still not managed to restore.
    Ironically, from searching various forums, there appear to be more posts wanted to remove it than restore it, but I quite like having it there. If something disables my firewall, I want to know about it ASAP, and that's what it does.

    Things I already know
    I no longer have the virus, I'm 99% certain of that, I just need to get the Action Center tray notifications back.
    It's NOT been blocked by a group policy setting, it simply isn't running at all.
    I've checked against a working PC, and that has ActionCenter.dll and ActionCenter.dll.mui loaded by Explorer.exe. No process on my PC has these items loaded.

    Things I've already tried
    The group policy settings.
    Turning on the Action Center system icon (I can't, it's greyed out).
    The ActionCenter.dll and ActionCenter.dll.mui files do exist on my PC, for whatever reason, explorer.exe just isn't attempting to load them.

    So, can anyone offer any suggestions? I'm prepared to try anything except reinstalling Windows. I know this would work, but it's way more trouble than I want to go to. It was take me weeks to re-configure everything.

    Thanks for any help you can give!

    Cheers

    Scott
      My Computer


  2. Posts : 2,177
    Windows 8.1 Pro x64
       #2

    Hi Scott, Welcome to Seven Forums.

    I'm not entirely sure what the resolution to this is off the top of my head but just a quick question... where/how did you try to do the following?

    MenaceF1 said:
    Turning on the Action Center system icon (I can't, it's greyed out).
    Regards,
    JDobbsy1987
      My Computer


  3. Posts : 5
    Windows 7 Home Premium 64 bit
    Thread Starter
       #3

    Hi,

    I right clicked the < icon in the tray area, and selected properties.
    I'm given a list of System Icons, such as Clock, Volume, Power, and Action Center.
    Power and Action Center are greyed out.
    For Power, fair enough, I'm running a desktop.
    But Action Center should allow me to turn it on/off, but I can't as it's greyed out.

    I don't believe it's because the option to enable it is disabled somewhere.
    I believe it's because the Action Center functionality isn't running.

    Does that help?
      My Computer


  4. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #4

    Have you looked here? System Icons - Enable or Disable
      My Computer


  5. Posts : 5
    Windows 7 Home Premium 64 bit
    Thread Starter
       #5

    Yes, that's the "Group Policy settings" that I've already tried. It's not a policy setting problem, the libraries themselves aren't being loaded into Explorer.exe.
      My Computer


  6. Posts : 5
    Windows 7 Home Premium 64 bit
    Thread Starter
       #6

    SOLVED

    Ok, I've managed to solve my own post, I'll give the details here anyway as it may benefit anyone else with a similar problem.

    The virus had removed the following registry Key (amongst others):
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
    "AutoStart"=""

    This starts the whole ball rolling for enabling the Action Center notifications.
    When Explorer.exe starts, it looks for this key, and that it what then tells it to load ActionCenter.dll, and monitor for whatever messages it chooses to give.

    Hope this is of use for someone else.

    How did I find this out?
    If anyone's interesting in more detail about how I managed to work this out, I decided to observe what the virus does in a controlled environment. So I created a virtual machine running Windows 7, and deliberately infected it with the same virus while running a tool called "Process Monitor" that tells me every file it creates or deletes, and crucially, every registry key it modifies or deletes.

    This is how I discovered that it deleted that key, and I joined the dots up from there.

    Many thanks for all those who tried to help, I hope my reply is useful!

    I believe I'm supposed to mark this thread as solved?
    I'll try to work out how to do that shortly.

    Regards

    MenaceF1
      My Computer


  7. Posts : 2,177
    Windows 8.1 Pro x64
       #7

    I'm glad you managed to fix it and thanks for posting it back.

    Good work resolving it
      My Computer


  8. Posts : 1,965
    win 7 X64 Ultimate SP1
       #8

    Solution


    Excellent detective work, Menace.
      My Computer


  9. Posts : 2,171
    Windows 7 Ultimate x64
       #9

    Great job figuring this out MenaceF1!! Persistence is the key to success, eh?

    Now when someone does a search they have a better chance of finding the answer.

    I'm curious as to whether you've also gotten the ability to mess with the visibility of the power icon. I think you should have that ability, too, as the two desktops I've got here let me manipulate the power icon visibility options. They are connected to UPSs though, maybe that has something to do with it.
      My Computer


  10. Posts : 5
    Windows 7 Home Premium 64 bit
    Thread Starter
       #10

    Yes, I don't think there's anything sinister about the Power icon being greyed out on my PC. I believe windows will only enable it if it detects a device driver for a battery, UPS or similar. Same goes for the volume icon, if you don't have any audio hardware, that's greyed out too.
      My Computer


 
Page 1 of 3 123 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:05.
Find Us