Windows 7 UAC disables itself Read for more.


  1. Snagg57
    Posts : 3
    Windows XP SP 2/ Windows 7 Build 7100
       New #1

    Windows 7 UAC disables itself Read for more.


    Hello.

    I need your help, i am running Windows 7 RC Build 7100.

    and my UAC keeps disabling it self. Now i recently got a Virus names msa.exe which i removed Via MBAM and double checked the Regrestry keys and found nothing related to that. I also scanned my E drive (Windows 7 C Drive) with AVG using Slow scan and found nothing harmful.

    Help please.

    I honestly doubt it is a Hardware related problem.
      My Computer
    Quote Quote

  3. dmex
    Posts : 1,289
       New #2

    Snagg57 said:
    Hello.

    I need your help, i am running Windows 7 RC Build 7100.

    and my UAC keeps disabling it self. Now i recently got a Virus names msa.exe which i removed Via MBAM and double checked the Regrestry keys and found nothing related to that. I also scanned my E drive (Windows 7 C Drive) with AVG using Slow scan and found nothing harmful.

    Help please.

    I honestly doubt it is a Hardware related problem.
    Its physically impossible for hardware or a hardware related problem to disable UAC

    Install MSE and do a full system scan, It should identify and remove any viruses it finds (MSE has the best detection rate atm) http://www.microsoft.com/Security_Essentials/

    You can also use System Restore for restoring Windows back before you obtained this infection, It might also be wise to replace your RC 7100 version before it expires shortly

    Steven
      My Computer
    Quote Quote

  4. Snagg57
    Posts : 3
    Windows XP SP 2/ Windows 7 Build 7100
    Thread Starter
       New #3

    kk MSE said something about a Trojan which i cannot find.

    Alureon.A Was the thing i found.
      My Computer
    Quote Quote

  6. dmex
    Posts : 1,289
       New #4

    Snagg57 said:
    kk MSE said something about a Trojan which i cannot find.

    Alureon.A Was the thing i found.
    Did you follow the MSE prompt and clean the infection?
      My Computer
    Quote Quote

  7. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #5

    Information about Alureon.A
    http://www.microsoft.com/security/po...32%2FAlureon.A

    Aliases

    • Win32/Olmarik!generic (CA)
    • Rootkit.Win32.TDSS.u (Kaspersky)
    • W32/TDSS.drv.gen4.A (Norman)
    • Mal/TDSSPack-V (Sophos)
    TDSS is a Rootkit

    msa.exe

    http://www.bleepingcomputer.com/star...exe-23769.html
      My Computer
    Quote Quote

  8. Snagg57
    Posts : 3
    Windows XP SP 2/ Windows 7 Build 7100
    Thread Starter
       New #6

    Found the culprit.

    Atapi.sys in Windows System32 folder.

    Some one upload Atapi.sys for me so i can replace?


    And MSE didn't work it daid it killed it but it came back >.>
      My Computer
    Quote Quote

  10. jav
    Posts : 713
    Windows 7 Ultimate x86 SP1
       New #7

    Jacee said:
    Information about Alureon.A
    Encyclopedia entry: Virus:Win32/Alureon.A - Learn more about malware - Microsoft Malware Protection Center

    Aliases

    • Win32/Olmarik!generic (CA)
    • Rootkit.Win32.TDSS.u (Kaspersky)
    • W32/TDSS.drv.gen4.A (Norman)
    • Mal/TDSSPack-V (Sophos)
    TDSS is a Rootkit

    msa.exe

    Antivirus - MSA.exe - Program Information
    Snagg57 said:
    Found the culprit.

    Atapi.sys in Windows System32 folder.

    Some one upload Atapi.sys for me so i can replace?


    And MSE didn't work it daid it killed it but it came back >.>
    Ouch....
    ok, it's TDSS rootkit family.
    Currently most advanced and the fastestes developing rootkit on the wild.
    New version is coming our almost everyday, so amost no AV can catch it's newer versions currently.

    Right now it's more famous with the name TDL 3 (it's third generation of TDSS rootkits)




    ok, download:Hitman Pro 3 - SurfRight (they claim that they can remove TDL...)

    http://www.wilderssecurity.com/showpost.php?p=1617595&postcount=918 said:
    This build is all about removing the latest TDL3.24 rootkit that is spreading like fire! In the last weeks we cured over 13.000+ computers. Most of these computers were having an up-date AV installed that should have prevented infection.

    If you search in the last week for 'google redirect virus' you'll see how big this is.

    If you are browsing the internet and you are directed to different sites than expected, your PC is probably infected with this highly advanced and evolving rootkit.

    Hitman Pro 3.5.4 build 87 can cure all current variants, up to version 3.24.
    and run scan with it.
    Post screenshot.
    Then you can activate 30 day trial to remove infections.

    more info on TDL rootkit: Sysinternals Forums - Rootkit TDL 3 - Page 1

    http://www.drweb.com/static/BackDoor.Tdss.565_(aka%20TDL3)_en.pdf said:
    Now the installation continues in the kernel mode. The rootkit searches through the
    stack of devices responsible for interaction with the system disk to determine the driver it is going to infect, its future victim. The choice depends on the hardware configuration. If the system disk uses the IDE interface, it will pick out atapi.sys, in other cases it can be iastor.sys. There are rootkits that infect file system and network drivers or even the system kernel to ensure their automatic launch (BackDoor.Bulknet.415(Virus.Win32.Protector.a/W32/Cutwail.a!rootkit), Win32.Ntldrbot (Virus.Win32.Rustock.a/Backdoor:WinNT/Rustock.D), Trojan.Spambot.2436 (Trojan-Dropper.Win32.Agent.bwg/TR/Drop.Agent.BWG.1) and others) and this instance is not an exception.....
    more analyses of TDL 3 by Dr.web: http://www.drweb.com/static/BackDoor...20TDL3)_en.pdf
      My Computer
    Quote Quote

  11. Victek
    Posts : 587
    Windows 7 x64
       New #8

    Snagg57 said:
    kk MSE said something about a Trojan which i cannot find.

    Alureon.A Was the thing i found.
    .
    I recommend scanning with Hitman Pro. It will give you a 30 day fully functional trial period after you install it.
      My Computer
    Quote Quote

 

  Related Discussions
Im not sure if its a major cause for concern... But I have noticed that Aero will disable itself very randomly.... like weeks apart randomly. After about 10 minutes or so Aero will re-enable itself. The only connection I have came up with is that firefox "with a youtube playing" is running when it...
HI , i have a weird problem my windows sometimes disables my laptop speakers , i just trurn the laptop on , and find no sound then i right click the sound icon < volume control options and i find the speakers unchecked it only gets fixed by restarting after checking the speakers can someone tell...
I used the tutorial to activate Windows mail on Win7 and it works great until I run sfc /scannow, then it wont open. Winmail.exe is running in the Task manager. I have two Win Mail programs 32 bit and 64 bit. Running IE8. Reentering the downloaded reg or changing the msoe.dll, no joy. I'm...
Windows 7 SP1 Disables Happauge HVR-950 TV Tuner
in Windows Updates & Activation

For the first 2 days after I installed Windows 7 SP1 while the Service Pack Upgrade Files were still on my HDD everything was fine, but as soon as I used Disk Cleanup to remove the 920 MB of Service Pack Upgrade Files my Happauge HVR-950Q TV Tuner which HP sells for the computers they make had been...
Hay peeps, I am having a problem with the windows areo thingy, when I put my computer to 'sleep' the areo theme changes to basic on wake up and I can not figure out for the life of me how to stop it . My graphics drivers are fully updated too :) the only way I can get it back is by...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:54.
Find Us