Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Excessive amount of Microsoft Security Audits

18 Jul 2018   #1
tidybear12

Windows 7 Home x64
 
 
Excessive amount of Microsoft Security Audits

I don't know if this is normal but to me it seems extreme to have security audits every couple of hours or so sometimes, but definitely at least half a dozen. And it uses every single identity that's listed in the Permissions. It logs in under their credentials. Afterwards it destroys the logs. This means I don't know what it is looking at, what it is repairing if anything, if there is something on my machine I should worry about, or whether this isn't Microsoft at all. I have no clue, but I feel somewhat violated by this and I would like to stop it.



I logged in as an administrator and wasn't able to change the permissions to zero. I should say rather, they were reinstated by the next time I looked, like, 10 minutes later.


Anyone here knows what that's all about? Until recently I never even looked at event logs.


My System SpecsSystem Spec
.
19 Jul 2018   #2
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

This is not Microsoft, it is either a hacker or some malware.

I suggest that you immediately disconnect your computer from the internet, and make it so it cannot connect to the internet. This means that you should turn off your wifi adapter (there should be a switch on the laptop for this), and you should unplug any Ethernet cable that is connected to your laptop. And just to make sure, disable Bluetooth as well.

You should now go to another computer and create a scanning CD (antivirus). Put it in your laptop, and boot to it. This will allow you to do a pre-Windows scan. A good scanner to start with is Windows Defender Offline. Go to the following website to download it:

https://support.microsoft.com/en-us/...-protect-my-pc

Be sure to select the 64-bit version, so that it will match your computer. Create a CD from the download; then boot the infected computer with the CD. This will put you into the Windows Defender Offline environment. Do a full scan. It will take a good while, so be patient.

WDO may be enough to get rid of the malware. But there are other programs you can use as well, in case WDO didn't get the job done. The following link will give you more information:

https://www.lifewire.com/free-bootab...-tools-2625785
My System SpecsSystem Spec
19 Jul 2018   #3
tidybear12

Windows 7 Home x64
 
 

Gulp.


Bit of a problem here: this is my only computer that currently works, and others' computers in the house are on the same network so doesn't that mean they might also be infected?


These fake audits have been going on for months, so .......


Needless to say, I have antivirus software, including MBAM that I paid for. Which never has found a single thing, by the way.


I'm speechless and really don't know what to do. Getting a download from somebody else's machine only invites trouble since there is a good chance that I'll be introducing something else to my computer that will only make things worse.


Thanks, anyway. I appreciate that you answered even though the news is bad. Sooooo many people have read about my complaints about these audits, here and elsewhere, and nobody ever seemed alarmed. Also online, I have read concerns by other users and they always get placated and directed to webpages for IT personnel.


Thanks for the link to Lifewire.
My System SpecsSystem Spec
.

19 Jul 2018   #4
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

Go to the computer that you think is the safest, that is, that you get online the least with, or that you go only to known safe websites. Use that computer to create your Windows Defender Offline disk. You will probably be fine if you make the disk on that computer.

I have seen malware that acts like you have described. I'm confident that you will clear this up by using one or more of the scanners which are listed on the Lifewire site. I would start with Windows Defender Offline, and I would then use Trend Micro or Bitdefender (or both). (You will probably have to download and install a trial version of Trend Micro in order to get their offline scanner.)

Some of these pre-Windows scanners actually create you a Linux Live disk with their anti-virus product included. In my opinion this is a good, safe way to do this sort of scan.
My System SpecsSystem Spec
19 Jul 2018   #5
tidybear12

Windows 7 Home x64
 
 

I will report back on this.

You say some create a Linux Live disk at the same time. Does this mean I can install Linux with it in a partition?? Space permitted. Which would probably be too small. I have almost no space in the recovery drive. Not in C drive either. Every couple of weeks or so I run out of space in C drive for no apparent reason.


By the way - ALARMING!!! I just found in one of my most used email clients this: Cc suckxcc v. Zsvwut x x szb ccy (0/0)
It's in the left column among the Folders, right under Spam. I know for a fact it wasn't there yesterday.

The app for this email is installed on my phone and it's there as well, but on the bottom. Do you think it's related to what we're discussing or something else?
My System SpecsSystem Spec
19 Jul 2018   #6
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

You can go to any of the Linux sites (I recommend Linux Mint: http://www.linuxmint.com) and download one of the install files, then create an install DVD from that file. Then boot the computer with the DVD in the drive, and it will run Linux from the DVD, without installing anything on your hard drive.

But the first thing you need to do is a full scan with one or more of the pre-Windows scanner programs.
My System SpecsSystem Spec
20 Jul 2018   #7
tidybear12

Windows 7 Home x64
 
 

So it turns out that all our computers have these "audits." (One of them dating all the way back to May 2014!)



I ended up creating a Windows Defender disk on my own and ran a deep scan which took all night and found exactly nothing.


While I am convinced at this point that this is some kind of malware, it looks like it's running circles around itself. is there a way to check what, if anything, it actually does besides "scanning?"


(Also, Mrjimphelps, do you know any tricks on how to get to the boot menu when, say you installed Linux over Windows and then forgot your password? That's the case with the Toshiba notebook I mentioned earlier. Am I now doing what they advise for a Windows machine to get to the BIOS - F12, F2, the opinions vary - or am I supposed to do something different because this is now Linux, whether I can log in or not? I tried F12 etc, but nothing works.



Thanks, as always.
My System SpecsSystem Spec
23 Jul 2018   #8
mrjimphelps

Linux Mint 18.2 xfce 64-bit (VMWare host) / Windows 8.1 Pro 32-bit (VMWare guest)
 
 

Windows Defender Offline may find something, but not tell you it found something. The reason I know this is because this has happened to me. After running it, even though it told me nothing (as if it didn't do a thing), the situation had improved -- the problem had disappeared.

The keystrokes to get into the BIOS, or to get a boot menu (allowing you to choose which device to boot from), do not change when you install a different OS, such as Linux. Those keystrokes access things before the OS has a chance to load.

Perhaps your CMOS battery is dead or low, preventing you from being able to get into the BIOS by hitting the normal keystroke. Test the CMOS battery; change it if necessary. Of course, some computers don't have CMOS batteries these days; or the CMOS battery is soldered onto the motherboard. Hopefully this is not the case with you. But Toshiba is notorious for soldering the CMOS battery onto the motherboard, making it very difficult if not impossible to change the battery. This is one of the key reasons I will never buy a Toshiba laptop.

The problem of not being able to get into the BIOS may not be because of a dead CMOS battery; therefore, if you can't change the battery, don't worry about it, because that may not be the cause of this problem. But most of the time, changing the CMOS battery is very simple and cheap, and so it is something you should try, because it is easy and cheap to change the battery in most cases.
My System SpecsSystem Spec
Reply

 Excessive amount of Microsoft Security Audits




Thread Tools




Similar help and support threads
Thread Forum
Is Microsoft Security Essentials and Windows Firewall enough Security?
Is the above enough security or should I be going for an anti-virus program as well?
System Security
Microsoft Security Advisory 973882, Microsoft Security
More...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:16.
Twitter Facebook Google+