Windows 7 UAC disables itself Read for more.

S

Snagg57

New member
Local time
11:20 AM
Messages
3
Hello.

I need your help, i am running Windows 7 RC Build 7100.

and my UAC keeps disabling it self. Now i recently got a Virus names msa.exe which i removed Via MBAM and double checked the Regrestry keys and found nothing related to that. I also scanned my E drive (Windows 7 C Drive) with AVG using Slow scan and found nothing harmful.

Help please.

I honestly doubt it is a Hardware related problem.
 

My Computer

OS
Windows XP SP 2/ Windows 7 Build 7100
Snagg57 said:
Hello.

I need your help, i am running Windows 7 RC Build 7100.

and my UAC keeps disabling it self. Now i recently got a Virus names msa.exe which i removed Via MBAM and double checked the Regrestry keys and found nothing related to that. I also scanned my E drive (Windows 7 C Drive) with AVG using Slow scan and found nothing harmful.

Help please.

I honestly doubt it is a Hardware related problem.
Click to expand...

Its physically impossible for hardware or a hardware related problem to disable UAC ;)

Install MSE and do a full system scan, It should identify and remove any viruses it finds (MSE has the best detection rate atm) http://www.microsoft.com/Security_Essentials/

You can also use System Restore for restoring Windows back before you obtained this infection, It might also be wise to replace your RC 7100 version before it expires shortly ;)

Steven
 
kk MSE said something about a Trojan which i cannot find.

Alureon.A Was the thing i found.
 

My Computer

OS
Windows XP SP 2/ Windows 7 Build 7100

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
Found the culprit.

Atapi.sys in Windows System32 folder.

Some one upload Atapi.sys for me so i can replace?


And MSE didn't work it daid it killed it but it came back >.>
 

My Computer

OS
Windows XP SP 2/ Windows 7 Build 7100
Jacee said:
Information about Alureon.A
Encyclopedia entry: Virus:Win32/Alureon.A - Learn more about malware - Microsoft Malware Protection Center

Aliases

  • Win32/Olmarik!generic (CA)
  • Rootkit.Win32.TDSS.u (Kaspersky)
  • W32/TDSS.drv.gen4.A (Norman)
  • Mal/TDSSPack-V (Sophos)
TDSS is a Rootkit :mad:

msa.exe

Antivirus - MSA.exe - Program Information
Click to expand...

Snagg57 said:
Found the culprit.

Atapi.sys in Windows System32 folder.

Some one upload Atapi.sys for me so i can replace?


And MSE didn't work it daid it killed it but it came back >.>
Click to expand...

Ouch....
ok, it's TDSS rootkit family.
Currently most advanced and the fastestes developing rootkit on the wild.
New version is coming our almost everyday, so amost no AV can catch it's newer versions currently. :confused:

Right now it's more famous with the name TDL 3 :what: (it's third generation of TDSS rootkits)




ok, download:Hitman Pro 3 - SurfRight (they claim that they can remove TDL...)

http://www.wilderssecurity.com/showpost.php?p=1617595&postcount=918 said:
This build is all about removing the latest TDL3.24 rootkit that is spreading like fire! In the last weeks we cured over 13.000+ computers. Most of these computers were having an up-date AV installed that should have prevented infection.

If you search in the last week for 'google redirect virus' you'll see how big this is.

If you are browsing the internet and you are directed to different sites than expected, your PC is probably infected with this highly advanced and evolving rootkit.

Hitman Pro 3.5.4 build 87 can cure all current variants, up to version 3.24.
Click to expand...
and run scan with it.
Post screenshot.
Then you can activate 30 day trial to remove infections.

more info on TDL rootkit: Sysinternals Forums - Rootkit TDL 3 - Page 1

http://www.drweb.com/static/BackDoor.Tdss.565_(aka%20TDL3)_en.pdf said:
Now the installation continues in the kernel mode. The rootkit searches through the
stack of devices responsible for interaction with the system disk to determine the driver it is going to infect, its future victim. The choice depends on the hardware configuration. If the system disk uses the IDE interface, it will pick out atapi.sys, in other cases it can be iastor.sys. There are rootkits that infect file system and network drivers or even the system kernel to ensure their automatic launch (BackDoor.Bulknet.415(Virus.Win32.Protector.a/W32/Cutwail.a!rootkit), Win32.Ntldrbot (Virus.Win32.Rustock.a/Backdoor:WinNT/Rustock.D), Trojan.Spambot.2436 (Trojan-Dropper.Win32.Agent.bwg/TR/Drop.Agent.BWG.1) and others) and this instance is not an exception.....
Click to expand...
more analyses of TDL 3 by Dr.web: http://www.drweb.com/static/BackDoor.Tdss.565_(aka TDL3)_en.pdf
 

My Computer

OS
Windows 7 Ultimate x86 SP1
Snagg57 said:
kk MSE said something about a Trojan which i cannot find.

Alureon.A Was the thing i found.
Click to expand...
.
I recommend scanning with Hitman Pro. It will give you a 30 day fully functional trial period after you install it.
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 x64
CPU
Intel Core2 Extreme Q6850 3.00GHz
Motherboard
EVGA 132-CK-NF79
Memory
8 GB
Graphics Card(s)
Radeon R7 260X
Sound Card
Xonar DS
Hard Drives
Hitachi Deskstar 1 tb
You must log in or register to reply here.
Back
Top