Win XP SP2 Security Center says my PC may be vulnerable

[Guest]

Hi, I'm running Win XP SP 2.

I get a pop up message in my system tray that states my system may be
vulnerable and that my firewall is turned off, click here to turn on, when
clicked on it takes me to the security center within XP.

The problem is that my firewall is always turned on when I get to the
security center. Win XP firewall is always on. Automatic updates is always
on, and my Trend Micro Virus is always on and running. I also have installed
Webroot spy sweeper which is always on, although this is not displayed in the
security center. I have performed multiple updates for the virus and spyware
sweeper to make sure they are up to date, as well as having swept the system
with both programs to determine if any malware or spyware or trojan is
running, but the only thing that is found are some cookies by the spyware
sweeper.

The only possible explanation that I can think of is that Trend Micro makes
an internet security suite which contains a firewall program. Although I do
not own this and only have the virus software, the Trend Micro program for
the virus software has the Firewall buttons on it, but they are grayed out to
where they can not be selected. Presumably , when you upgrade for around $25
to the security suite or buy it outright, the option would be enabled to
select. Is it possible that Win XP is reading the availability of the
firewall software and that it is not enabled within Trend Micro and reporting
that?

Thanks for any help

 

[Jim]

Hi, I'm running Win XP SP 2.

I get a pop up message in my system tray that states my system may be
vulnerable and that my firewall is turned off, click here to turn on, when
clicked on it takes me to the security center within XP.

It always says that during startup because that is the truth. It always
send you to the security center. Later on, the firewall engages and all is
well.
Jim

 

[Guest]

It continually pops up through out the day while the PC is on, though...is
that normal as well?

The PC stays on around 16 hours a day....I'd say the message pops up once
every hour or so...it's hard to say b/c it dissapears after a few seconds,
whether you click on it or not.

 

[Jim]

It continually pops up through out the day while the PC is on, though...is
that normal as well?

No, that is not normal. I would suspect malware somewhere on the computer.
It is time for you to download David Lippman's Multi_Av package.
Jim

 

[All Things Mopar]

Today =?Utf-8?B?d3Jzd2xkbw==?= commented courteously on the
subject at hand

Hi, I'm running Win XP SP 2.

I get a pop up message in my system tray that states my
system may be vulnerable and that my firewall is turned
off, click here to turn on, when clicked on it takes me to
the security center within XP.

The problem is that my firewall is always turned on when I
get to the security center. Win XP firewall is always on.
Automatic updates is always on,

you're inviting a visit from Murphy if you let Bill the Gates
install his crap without your knowledge. Keep in mind that
"Microsoft security", broadly, is a classic oxymoron like
"military intelligence" and "postal service". I /never/
install updates until I've lurked here and other places for
awhile to see what problems the early upgraders are seeing.
Also, I only install one or two at a time. Finally, I set my
own RPs, I don't rely on Bill "protecting" me.

and my Trend Micro Virus is

always on and running. I also have installed Webroot spy
sweeper which is always on, although this is not displayed
in the security center. I have performed multiple updates
for the virus and spyware sweeper to make sure they are up
to date, as well as having swept the system with both
programs to determine if any malware or spyware or trojan
is running, but the only thing that is found are some
cookies by the spyware sweeper.

I don't think that SP2 is even vaguely aware of anything non-M
$ you have. If it is, it'll probably complain. Call me a cynic
if you like; I am. But, I don't believe in giving Murphy an
even break and I don't fix things that aren't broken. So,
while I have virus "auto protect" on, I do /not/ run spyware
scans continuously nor full-system malware scans. Ditto for
scheduled defrags. The time when something is going to go bump
in the night and take you down is /literally/ in the middle of
the night. You won't see it until you look the next morning
and go WTF happened to my PC, it worked OK last night?

More important, though, make damn sure that you don't have
multiple utilities trying to do the same thing, like firewall,
virus, trojan, spyware, et al. They'll trip over themselves,
flag false positives and get confused enough to miss real
threats. Buy what you think does what you want, and uninstall
everything else.

 

[Guest]

I never call myself an expert, as there's always a "bigger fish" and I can
always learn more. However, I'll try to help you out a bit. I do this stuff
for a living and it can be rather frustrating at times. In fact, yesterday,
I worked on a Windows XP Home PC and saw that they were full of spyware that
was pulling down viruses for me - how nice of it! I cleaned up most of that
and saw that something was still running and it was shutting down several
services (SECURITY CENTER and WINDOWS FIREWALL/ICS). To top that off, this
program was turning off the warning system designed to tell you these
services aren't running! This was some evil stuff! By the time I got most
of this to stop, it was too late anyway - the damage was done. These
services would run but the firewall never worked again. I had to back up the
data, wipe the drive & reload Windows XP Home.

I've heard of the various software packages you're suing and feel that they
are OK. However, the only one I have ever used was SpySweeper. The SECURITY
CENTER will only report if there's a firewall working, if antivirus has been
installed and if AUTOMATIC UPDATES are turned on. Anti-spyware tools
(SpySweeper, Ad-Aware, Spybot, SpywareBlaster, ect) will not be "inventoried"
and won't register in SECURITY CENTER. Some developers (Symantec/Norton,
McAfee, TrendMicro, ect) may make software that will override the SECURITY
CENTER so their software suite will do all the reporting. This just "shuts
down" SECURITY CENTER and all reporting is done through the suite.

Were you, at some point, using a suite that may have done this or shut down
one of the services? What version of Windows XP are you using - XP Home, XP
Pro or some other variant of XP? If you're using something other than XP
Home, are you on a domain (used in large offices) or otherwise not an
ADMINISTRATOR? Are you running some other firewall app (ZoneAlrm, ect) that
you might not know about? Although MS worked together with many software
developers, some may not have what it takes to keep the SECURITY CENTER from
nagging. I'm sure this is why they "replace it" with their own suite.

Like I said, I might not be able to give you the answer but I may be able to
help you find it by providing more info for others who read these posts.

3-11-06
0845 EST
Tome

 

[Guest]

Thanks for the help so far Jim, Mopar, and Tome.

To answer Jim:

I will download and try the aforementioned virus software...perhaps spy
sweeper is unable to detect or remove what I have.

To answer Mopar:

I am unaware if two programs are trying to do the same thing and therefore
tripping over each other. I wouldn't believe that the Trend Anti Virus and
Spy sweeper are conflicting, but I will try diabling Trend AV and see if I
notice a difference.

To answer Tome:

It is Win XP Home edition. No other firewalls (hardware or software) have
been installed or used on the PC, no other suites have been used which would
have disabled the XP firewall in the security center.

Thank you for the help so far, I will report back once Lippman's AV has been
run.

 

[Guest]

No, that is not normal. I would suspect malware somewhere on the computer.
It is time for you to download David Lippman's Multi_Av package.
Jim

Jim,

I downloaded the Multi_Av package, rebooted my PC in safe mode, and began to
run the Sophos part of the package. After nine hours, I shut it down....it
had not completed the sophos part of the scan yet. Should it take that long?
For reference, the PC is an AMD Athlon 3500, 1 Gig of RAM.

I went to bed when it started on my itunes folder (the file types it was
scanning was *.m4a, which are music files I believe, so I assume it was in my
itunes, there shouldn't be any music files anywhere else on my PC) and it was
still working on that when I got up, which is when I shut it down. It
reported the time of operation as a little over nine hours, that there had
been two errors, and that no viruses were found. It was continuing to scan
files, the program never stopped scanning or locked up, it was just taking
forever, and since it was only on part 1 of it's 4 parts ( sophos, McAfee,
Kapersky, Trend) I figured it would take several days to complete the entire
thing, I stopped it.

I don't know if it's relevant or not, but there is just under 60 Gig of
music in itunes.

At any rate, could you advise me on this program. Should it take that long,
should I just let it run and do it's thing. Do I really need to scan in safe
mode?

Thanks,
Waldo

 

[Guest]

No, that is not normal. I would suspect malware somewhere on the computer.
It is time for you to download David Lippman's Multi_Av package.
Jim

Jim,

I downloaded the Multi_Av package, rebooted my PC in safe mode, and began to
run the Sophos part of the package. After nine hours, I shut it down....it
had not completed the sophos part of the scan yet. Should it take that long?
For reference, the PC is an AMD Athlon 3500, 1 Gig of RAM.

I went to bed when it started on my itunes folder (the file types it was
scanning was *.m4a, which are music files I believe, so I assume it was in my
itunes, there shouldn't be any music files anywhere else on my PC) and it was
still working on that when I got up, which is when I shut it down. It
reported the time of operation as a little over nine hours, that there had
been two errors, and that no viruses were found. It was continuing to scan
files, the program never stopped scanning or locked up, it was just taking
forever, and since it was only on part 1 of it's 4 parts ( sophos, McAfee,
Kapersky, Trend) I figured it would take several days to complete the entire
thing, I stopped it.

I don't know if it's relevant or not, but there is just under 60 Gig of
music in itunes.

At any rate, could you advise me on this program. Should it take that long,
should I just let it run and do it's thing? Do I really need to scan in safe
mode?

Thanks,
Waldo