Vista Anti-Spyware hostile takeover

Corrine · May 21, 2011, 01:17:45 AM

Good job!

At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the backslash). When the scan is complete, shutdown/restart the computer.

Please let me know if System File Checker reported any errors or if you are still receiving that message about the startup programs.

Daisy · May 21, 2011, 01:28:01 AM

When I type in sfc /scannow, here is the message I get:

You must be an administrator running a console session in order to use the sfc utility.

Corrine · May 21, 2011, 01:59:08 PM

Then, let's run sfc as Administrator. Select Programs > Accessories. Right-click Command Prompt and select to Run as Administrator. Then try sfc /scannow.

Daisy · May 22, 2011, 02:43:19 AM

I ran System File Checker. Here are the results:

Verification 100% complete.

Windows Resource Protection found corrupt files but was unable to fix some of them.

Details are included in the CBS.Log windir/Logs/CBS/CBS.log. For example C:/Windows/Logs/CBS/CBS.log

I shut down and started up again, and the blocked start-up window still pops up.

Do I need to undo anything (administrator setting)?

Corrine · May 22, 2011, 05:33:46 PM

QuoteWindows Resource Protection found corrupt files but was unable to fix some of them.

Ok, note that some of the corrupt files were fixed but not all. Let's see if System File Checker can accomplish additional repairs.

Run sfc as Administrator. Select Programs > Accessories. Right-click Command Prompt and select to Run as Administrator. Then run sfc /scannow again.

Note any message as before. Then shut down/restart and run System File Checker one more time.

Please let me know the results.

Daisy · May 22, 2011, 07:36:42 PM

Hi--

I ran SFC again and got same message..."but was unable to fix some of them." I shut down computer, started again. Ran the SFC scan again, got same message box.

Please know that I have not disabled anything for the scans--Microsoft Sec. Ess. or Malawarebytes.

Are you totally frustrated with this? Losing enthusiasm?

Susan

Daisy · May 22, 2011, 07:56:49 PM

Oh, and I'm still getting the blocked software warning.

Corrine, when I do get that warning, it displays some other choices one of which is "Run blocked program," an when I click that Malawarebytes is the only choice. There is another window which I have tried to attach. Would there be any instructions there which would help?

Corrine · May 22, 2011, 08:38:21 PM

Hi, Susan. No, I'm neither frustrated nor losing enthusiasm.

The other window you attached is the from the Windows Help & Support and explains how to run the blocked program.

Unless you have paid for the licensed version of Malwarebytes, you do not need it to run at startup. So, let's try removing it from startup as indicated in the help page.

Do this only if you have the free version of MBAM:

To disable a program or a service during the Windows Vista startup process, follow these steps:

-- Click the Blocked startup programs icon that is in the notification area.
-- Click Show or remove blocked startup programs. This starts Software Explorer in Windows Defender.
-- Locate, and then click to select the startup program or the startup service that is in Software Explorer.
-- Click Disable, and then click Yes in the confirmation dialog box.

ONLY In the event you have the paid/licensed version of MBAM, do the following:

-- Click the Blocked startup programs icon that is in the notification area.
-- Point to Run blocked program, and then click the program or the service in the list that you want to start.
-- If you are prompted for an administrator password or confirmation, type the password, or click Continue.

Let me know, please. :)

Daisy · May 22, 2011, 10:20:20 PM

I believe I have the free/trial version of MBAM but I wish I could see those words when I open it. I don't remember buying it, and they are encouraging me to do so on the opening page, comparing free vs. paid with a purchase button.

To go on, every time I open the list of blocked programs, I get a request for permission to continue from "User Account Control," so I just click continue.

When I have the Blocked Startup Programs window open, I do not know how to access Windows Defender or Software Explorer. If I go to the "Services" tab there, I see Windows Defender. It is checked as "stopped." Also at the bottom of the window it says Note that some secure Microsoft services may not be disabled.

When I go to Windows Defender through the orb, it says WD is off. I can click to turn it on.

Corrine · May 22, 2011, 10:42:51 PM

No, you do not want to turn on Windows Defender. It was turned off when you installed Microsoft Security Essentials. MSE includes the anti-spyware engine from Windows Defender.

If you purchased MBAM, you would not see anything encouraging you to purchase a license. So, you can go ahead and follow the steps to disable.

As to "User Account Control", referred to by the initials UAC, that is good. The point of a UAC prompt is to provide permission to make system changes. YOU are taking an action so YOU are approving the UAC prompt. Should you not be making changes to your computer (installing software, security updates, or changes like now), then instead of allowing, you will cancel.

What is "Software Explorer"?

Let's make just one change and see what happens. Make the change for MBAM.

Daisy · May 22, 2011, 11:09:47 PM

To disable a program or a service during the Windows Vista startup process, follow these steps:

Click the Blocked startup programs icon that is in the notification area. OK--DONE
Click Show or remove blocked startup programs. OK--DONE
This starts Software Explorer in Windows Defender. WHERE? SHOULD I SEE A WINDOW? HOW DO I GET THERE?
Locate, and then click to select the startup program or the startup service that is in Software Explorer. I'M LOST. I'M LOOKING FOR MALAWAREBYTES?

FYI--when I go to the list of blocked programs and uncheck Malawarebytes, the "Enable All" buttons becomes active.

Corrine · May 22, 2011, 11:30:28 PM

Well, no wonder you are confused! I did a quick search at Microsoft to find the instructions you had in the Help topic so I could paste them here. That topic must have been written prior to MSE and makes no sense in this situation. (it was from http://support.microsoft.com/kb/930367). So forget what I posted above.

As to unchecking MBAM and the "Enable All" button no longer being grayed out, that is before the change all the programs listed were checked load at start up. I don't have programs like Adobe or Java or iTunes (if I used it) checked since they can be accessed quickly enough when needed.

Actually, I control start up programs with WinPatrol, but we'll talk about that later.

Corrine · May 22, 2011, 11:34:27 PM

After disabling MBAM, what happens when you do a shutdown/restart? If there is a different message shown, please make a copy.

Daisy · May 22, 2011, 11:45:06 PM

Do you mean uncheck MBAM in the System Configuration/Blocked Programs window, then check "Apply", shut down, then start up?

Do that?

Corrine · May 22, 2011, 11:51:00 PM

Yup! You got it.

As I recall, I thought MBAM was listed as a program blocked at start up. Since it is checked, I was hoping removing it from start up would solve the problem.

P.S. Are you having fun yet?