Author Topic: Disabled Security Center Defender & avast!(Using Vista), Hacked?  (Read 8179 times)

0 Members and 1 Guest are viewing this topic.

Offline USMC77

  • Newbie
  • *
  • Posts: 5
Alright so I can't turn avast! on; when I try it says "The Operation could not be completed". Also my vista security center(Malware protection section)has just suddenly shut off, when I try turning it on it says "Security Center can't turn on Windows Defender. Please try again later. Worried I might have been hacked or something. Any help you could give me would be much appreciated.

Also not very computer savvy so if possible dial down on the computer lingo(makes fixing it a little easier/faster).

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1366
  • Soli Deo Gloria
    • EC-Council
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #1 on: October 28, 2009, 07:13:35 AM »
Hi USMC

1. Please check whether you can open task manager / system configuration (by type: "msconfig") / Registry (by type : "regedit")
2. If possible to open regedit or system configuration or task manager, be sure to check your task manager from unknown process or your system configuration at Start up Tab to make sure there is no unknown application run when you start up your windows or check at your registry : HKLM - SOFTWARE - Microsoft - Windows - Current Version (Please check is there others running application that you are not recognize it)
3. Beside that you can scan your system with HijackThis tool, and then you could submit to hijackthis.de
4. Another option you can repair your avast antivirus at: Program File - Control Panel - Add/Remove Program - choose avast, then Repair
5. If avast could work again, then you can run boot time scan or if avast didn't work please try to run it on safe mode

Please go to check your system first.
Yanto Chiang | IT Security Consultants | John 3:30 He must increase, but I must decrease.

Offline USMC77

  • Newbie
  • *
  • Posts: 5
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #2 on: October 28, 2009, 11:16:43 PM »
Alright so I can open task manager / system configuration / Registry. While looking through the Registry I found the following(these are the ones I am suspicious of) "DIFx, DIFxApp, DPX, FakeDefaultUserProfile, Hints, HotStart, and Telephony". Also tried to use the HijackThis Tool but an error pop-up came up when I tried to run it, it said "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."(In the admin on my network). It also slowed everything down ALOT when I tried running it again. So then I tried to remove it, then a pop-up came up and said "You do not have sufficient access to uninstall HijackThis 2.0.2. Please contact your administrator"(which i am).
Repaired avast!(or atleast it said I did), except now theres no little icon in bottum right corner of the screen in the little toolbar thing, also when I try openning it from its shortcut nothing happens.
Any more help you could give me would be much appreciated.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #3 on: October 28, 2009, 11:39:50 PM »
sounds like a trojan...can you download and run MalwareByte ?
http://www.malwarebytes.org/mbam-download.php
I fear you wouldn't even be able to install it...
w7 - ais7

Offline USMC77

  • Newbie
  • *
  • Posts: 5
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #4 on: October 29, 2009, 12:02:16 AM »
Well I got it installed and was about to start a scan when the program just closed. Then when I tried to re-open it the same thing happened as with the HijackThis program. Everything slowed down insanely, and then a pop-up appeared that said that I dont have permission to do this blah, blah, blah. I think it's pretty safe to say that ive been quite effectively hacked.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #5 on: October 29, 2009, 12:08:36 AM »
unless you'd rather reinstall the OS (what I would do) it's gonna be a rather long and complicated procedure to get you out of this...well from what I've seen in other similar cases on the forums. But there are some specialists here that will most likely pop in in this thread soon or later.
 The other thing with reinstalling is that you might have infections in non-system partitions...and you have to check that too...are you browsing here with the PC having these issues you're talking about? just wondering if it's still able to access the web normally...
w7 - ais7

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #6 on: October 29, 2009, 12:15:24 AM »
@USMC77

Sorry you were hacked:
Malware Removal Guides and Self Help Guides
http://www.malwarebytes.org/forums/index.php?showforum=39

I'm infected - What do I do now?, Please follow these instructions to clean your system

NOTE: If Malwarebytes won't run or HijackThis won't run please still create a new post in the Malware Removal - HijackThis Logs forum and explain what happens.

http://www.malwarebytes.org/forums/index.php?showtopic=9573
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #7 on: October 29, 2009, 12:17:35 AM »
@ USMC77: could you try to create a new Windows account with admin privileges ?
w7 - ais7

Offline USMC77

  • Newbie
  • *
  • Posts: 5
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #8 on: October 29, 2009, 01:31:36 AM »
Ill try creating another user account, but whats OS? Operating System? So basically if creating another account doesnt work, how would I go about re-installing the OS? And yes with I am using the hacked account and I can still access the internet.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 80432
  • No support PMs thanks
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #9 on: October 29, 2009, 01:44:02 AM »
First check out this as it could be a new varient, see below.

-- CoolWebSearch Varient
When you try to use MBAM and it immediately shuts down upon opening and/or
try to use HJT and it also immediately shuts down upon opening;
this is being cause by a Coolwebsearch Trojan (CWS) variant.

To solve this problem: Download the CoolWWWSearch.SmartKiller removal tool :
http://www.safer-networking.org/files/delcwssk.zip
After running that HJT and MBAM should be functioning again,
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 18.7.2354/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1366
  • Soli Deo Gloria
    • EC-Council
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #10 on: October 29, 2009, 03:38:10 AM »
Alright so I can open task manager / system configuration / Registry. While looking through the Registry I found the following(these are the ones I am suspicious of) "DIFx, DIFxApp, DPX, FakeDefaultUserProfile, Hints, HotStart, and Telephony". Also tried to use the HijackThis Tool but an error pop-up came up when I tried to run it, it said "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."(In the admin on my network). It also slowed everything down ALOT when I tried running it again. So then I tried to remove it, then a pop-up came up and said "You do not have sufficient access to uninstall HijackThis 2.0.2. Please contact your administrator"(which i am).
Repaired avast!(or atleast it said I did), except now theres no little icon in bottum right corner of the screen in the little toolbar thing, also when I try openning it from its shortcut nothing happens.
Any more help you could give me would be much appreciated.

Hi USMC,

It was looked you attacked by malware which trying to block you from security tools usage or update.
Do you able to access to avast dot com or kaspersky dot com or any webpage related with security products?

Do you found any suspicious file exe either at your task manager or system configuration (Start up Tab)?

Have you try to run avast scan at safe mode?



Yanto Chiang | IT Security Consultants | John 3:30 He must increase, but I must decrease.

Offline USMC77

  • Newbie
  • *
  • Posts: 5
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #11 on: October 29, 2009, 04:31:00 AM »
I am able to access avast.com, kaspersky.com, etc.
A few suspicious .exe files I found in task manager were, "msa.exe  : Description-msa.exe, Size-0Bytes, No previous versions, product name, product version, Copyright, date modified, file description, language."  then another file with everything the same as msa.exe except its called a.exe.
And under the services tab i have absolutely no idea what to look for theres so many.

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1366
  • Soli Deo Gloria
    • EC-Council
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #12 on: October 29, 2009, 04:38:09 AM »
Hi USMC,

If you sure that file .exe is not your application wanted to run on your system, you could to terminated them.

And this way you can also implemented at System Configuration which listed at there.


But i more prefer to run boot time scan or scan by avast at safe mode.

And then you could also download antirootkit tool to scan is there any root kit stay at your system, you can go to : http://www.antirootkit.com/software/index.htm

Yanto Chiang | IT Security Consultants | John 3:30 He must increase, but I must decrease.

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9443
Re: Disabled Security Center Defender & avast!(Using Vista), Hacked?
« Reply #13 on: October 29, 2009, 11:29:07 AM »
if  creating a new account in Windows works, and you regain normal access to everything, you might not have to reinstall Windows, but just delete the first account from there, do scans with anti-malware products as suggested etc...
w7 - ais7