Microsoft Security Center Warning

[AJ]

Archived from groups: microsoft.public.win2000.security (More info?)

Every half hour or so I'm getting a 'Windows Security
Center' message popping up saying: 'Warning: Windows
Firewall detected suspicious network activity on your
computer. Do you want to download certified software?' I'm
also periodically told to briefly wait while a plugin is
being added. So, looks like my computer's picked up some
sort of bug. I cleaned up all my temp files and have run a
virus scan, with no problems detected. I also did a
search and found a file named 'security' (C:\WINNT\system32
\config) which was installed just before I started
experiencing the problems. I tried unsuccessfully to
delete this file, even in safe mode, but keep getting
a 'sharing violation' message. Does anyone have a
suggestion as to how I can eliminate this problem, or is
the 'Windows Security Center' popup legitimate? I created
a hijack log and submitted it to SWI forums, but no one
has responded. Thanks for help. (I mistakenly posted
this message at the General forum site, so please don't
holler at me for double posting--my error!)

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

The file you mentioned in system32\config
is a part of the registry.

You should examine your machine for spyware
using a couple of the tools publicly available
and check what it set to run at login/startup,
again with public tools or msconfig.
--
Roger Abell

"AJ" <anonymous@discussions.microsoft.com> wrote in message
news:6ebb01c4ce2a$1a183980$a401280a@phx.gbl...
> Every half hour or so I'm getting a 'Windows Security
> Center' message popping up saying: 'Warning: Windows
> Firewall detected suspicious network activity on your
> computer. Do you want to download certified software?' I'm
> also periodically told to briefly wait while a plugin is
> being added. So, looks like my computer's picked up some
> sort of bug. I cleaned up all my temp files and have run a
> virus scan, with no problems detected. I also did a
> search and found a file named 'security' (C:\WINNT\system32
> \config) which was installed just before I started
> experiencing the problems. I tried unsuccessfully to
> delete this file, even in safe mode, but keep getting
> a 'sharing violation' message. Does anyone have a
> suggestion as to how I can eliminate this problem, or is
> the 'Windows Security Center' popup legitimate? I created
> a hijack log and submitted it to SWI forums, but no one
> has responded. Thanks for help. (I mistakenly posted
> this message at the General forum site, so please don't
> holler at me for double posting--my error!)
>

 

[AJ]

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks for the response. I've followed your advice, run
every spyware program I can get my hands on, but I still
keep having the problems. I ran msconfig to see what's in
startup and though I recognize most, there are some
programs I don't know. How can I figure this out from
here?


>-----Original Message-----
>The file you mentioned in system32\config
>is a part of the registry.
>
>You should examine your machine for spyware
>using a couple of the tools publicly available
>and check what it set to run at login/startup,
>again with public tools or msconfig.
>--
>Roger Abell
>
>"AJ" <anonymous@discussions.microsoft.com> wrote in
message
>news:6ebb01c4ce2a$1a183980$a401280a@phx.gbl...
>> Every half hour or so I'm getting a 'Windows Security
>> Center' message popping up saying: 'Warning: Windows
>> Firewall detected suspicious network activity on your
>> computer. Do you want to download certified software?'
I'm
>> also periodically told to briefly wait while a plugin is
>> being added. So, looks like my computer's picked up some
>> sort of bug. I cleaned up all my temp files and have
run a
>> virus scan, with no problems detected. I also did a
>> search and found a file named 'security'
(C:\WINNT\system32
>> \config) which was installed just before I started
>> experiencing the problems. I tried unsuccessfully to
>> delete this file, even in safe mode, but keep getting
>> a 'sharing violation' message. Does anyone have a
>> suggestion as to how I can eliminate this problem, or is
>> the 'Windows Security Center' popup legitimate? I
created
>> a hijack log and submitted it to SWI forums, but no one
>> has responded. Thanks for help. (I mistakenly posted
>> this message at the General forum site, so please don't
>> holler at me for double posting--my error!)
>>
>
>
>.
>

 

[Biggins]

Archived from groups: microsoft.public.win2000.security (More info?)

I have the same issue. Running Spybot, Adaware, AVG and nothing. I
went through the registry and noticed an entry for Wintools. The
executable was WintoolsA.exe located in the C:\Program Files\Common
Files\WinTools folder. I'm pretty sure this is the culpret. The fun
part is trying to get rid of it. Most of these programs autogenerate
after you've wiped them from the reg.

I'll keep you posted if this fixes the problem. Check your reg also.
It should be in HKeyLM\Software\Microsoft\Windows\CurrentVersion\Run

I know that is not a windows app so it would be quite strange if you
also had it in there.

 

[Biggins]

Archived from groups: microsoft.public.win2000.security (More info?)

I found an entry in my reg for a Wintoolsa.exe running at start up.
Check out HKeyLM\Software\Microsoft\Windows\CurrentVersion\Run and see
if you have an entry to a C:\Program Files\Common
Files\WinTools\WintToolsA.exe

I think this is the culprit.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I had the same problem with auto-generating malware called rasfont.exe and
bkinst.exe both interchanged when I was deleting them. Deleting the registry
entry at Run and RunOnce key also regenerated the entry. After fighting it
for couple of days I figured out that the only way to get rid of it is to
delete it simultaneously (both executable and registry entry/s (which is
quite tough even if there was a 2 sec delay between the regenerations).
Eventually it worked... Not sure if it will work in your case but worth to
try - may be it will be easier by writing a script..

Leon

"biggins@twcny.rr.com" wrote:

> I found an entry in my reg for a Wintoolsa.exe running at start up.
> Check out HKeyLM\Software\Microsoft\Windows\CurrentVersion\Run and see
> if you have an entry to a C:\Program Files\Common
> Files\WinTools\WintToolsA.exe
>
> I think this is the culprit.
>
>