winxp Unable to start Microsoft Security Essentials

[it_freakDude]

I have an old Dell Dimension 5150 PC running on Windows XP Home Edition Service Pack 3 (With the latest patches).

Unfortunately, my siblings downloaded a malware into the system while surfing the net, the trojan was called "Windows Web Combat" and it basically crippled the system.

A call to Microsoft Technical Support and they recommended me to use Microsoft Safety Scanner to scan & remove the trojan. I did that and the trojan was removed.

However the trojan disabled the installed anti-virus, Micrsoft Security Essentials & since then im unable to start it up. I have tried reinstalling, cleaning up the registry but to no avail.

How can this problem be solved?

PS: Im thinking of reformatting the system, but kinda lazy due to the amount of data needed to be backed up and due to the amount of patches and software needed to be reinstalled.

[Roger H. Veteran]

One thing you can try is to change the filename of the AV as Explorer.exe (i think or iexplorer.exe) as viruses look for the filename and kill it whenever it's started but they will leave explorer alone in the running task list.

Moved to Software Discussion & Support

[it_freakDude]

Well the trojan has been removed (I think) but am still unable to start the AV.

[LittleNeutrino Veteran]

Better safe than sorry to reformat. Once infected always infected.

[c.grz]

Have you tried to re-install Security Essentials?

You can also try installing and running Malwarebytes or your spyware scanner of choice.

[it_freakDude]

Have you tried to re-install Security Essentials?

Yes I have, many times

[Roger H. Veteran]

Did you try renaming the file as i mentioned? The problem with getting infected with a trojan isn't the trojan per say, it's what a trojan brings into your PC AFTER it's gotten control. So even if you removed the trojan that doesn't mean all the other infections are gone. You might not be able to run AVs because you are STILL infected so try the rename trick.

If so then format time!

[it_freakDude]

Did you try renaming the file as i mentioned? The problem with getting infected with a trojan isn't the trojan per say, it's what a trojan brings into your PC AFTER it's gotten control. So even if you removed the trojan that doesn't mean all the other infections are gone. You might not be able to run AVs because you are STILL infected so try the rename trick. If so then format time!

So in the case of MSE, which file should i rename?

Btw Security Centre doesnt say anything when Security Essentials is installed

[+Warwagon MVC]

The issue is the malware probably added image execution entries into the registry, thus black listing 1000's of popular exe files. The registry is rarely cleaned via rescue CD / USB scanners.

I would recommend installing malwarebytes, renaming mbam to mbam1 in the C:\Program Files (x86) (or just program files if on a 32bit system) \Malwarebytes' Anti-Malware directory and do a quickscan.

At the very end of the quick scan it should detect all the image execution entries, and give you the option to remove them. Hitman pro would probably also detect them. Once removed, reboot the system and security essentials should start just fine.

[it_freakDude]

The issue is the malware probably added image execution entries into the registry, thus black listing 1000's of popular exe files. The registry is rarely cleaned via rescue CD / USB scanners. I would recommend installing malwarebytes, renaming mbam to mbam1 in the C:\Program Files (x86) (or just program files if on a 32bit system) \Malwarebytes' Anti-Malware directory and do a quickscan. At the very end of the quick scan it should detect all the image execution entries, and give you the option to remove them. Hitman pro would probably also detect them. Once removed, reboot the system and security essentials should start just fine.

Alright, I will try using MBAM to scan for the remnants of the trojan tomorrow.

[Roger H. Veteran]

So in the case of MSE, which file should i rename?

Btw Security Centre doesnt say anything when Security Essentials is installed

Whatever the main file name is - just right click the icon in start menu or desktop and see which file i points to (i forget now that's why). Same as Warwagon is saying, mbam to mbam1 or username.exe or whatever you want, just as long as it's not the normal one.

[+Warwagon MVC]

Whatever the main file name is - just right click the icon in start menu or desktop and see which file i points to (i forget now that's why). Same as Warwagon is saying, mbam to mbam1 or username.exe or whatever you want, just as long as it's not the normal one.

Correct. Although I would highly recommend getting the image execution thing cleaned up first. Who knows what other exe security essentials invokes that are also blocked.

[Dot Matrix]

I agree with the re-install. I personally wouldn't trust that PC ever again no matter how many scanners I ran.

[+BudMan MVC]

I have to agree, unless it was some very minor adware sort of thing my feelings on the matter are reflected with this famous quote

Nuke it From Orbit, it is the Only way to be Sure!

[Jombi]

I had the exact same virus. It uninstalled so many different services that I couldn't start taskmanager or any antivirus. I reverted to a backup and scanned the **** out of my machine. Still have no idea how it got there.

[it_freakDude]

I scanned my Dell using MBAM, I wanst able to launch it at first but i renamed mbam.exe to mbam123.exe and it was able to launch.

mbam-log-2012-09-01 (15-54-26).txt

[it_freakDude]

Successfully removed those threats and now MSE works fine :)

[Crisp]

Had the exact same problem on a family members computer last week, apart from it being Windows 7. Did a system restore to the last date it had available and all seems to be working.

I guess it's quicker to do than to format.

[+Warwagon MVC]

Successfully removed those threats and now MSE works fine :)

What do I win? :D

[it_freakDude]

What do I win? :D

Thanks for ur genius advice :D

[nub]

Had the exact same problem on a family members computer last week, apart from it being Windows 7. Did a system restore to the last date it had available and all seems to be working.

I guess it's quicker to do than to format.

I think more people should be aware of this option.