Windows 7 security center

I have a laptop here that was infected with a fake antivirus. I got that
cleaned up with MalwareBytes. I've also run SuperAntispyware and am getting
a clean bill of health in each of the two user accounts. However I'm
getting a message in the Action Center that the Windows Security Center
service can't be started. However, when I go to services, neither "Windows
Security Center" nor just "Security Center" is in the list of services.

I've Googled till I'm blue in the face. Plenty of people have had the
problem but no one seems to have cured it.

This is Windows 7 Home Premium 32 bit.

Can anyone help?


--
--- Long live Fat32! ---

On Tue, 17 May 2011 15:35:38 -0500, Menno Hershberger wrote:
>
> I have a laptop here that was infected with a fake antivirus. I got that
> cleaned up with MalwareBytes. I've also run SuperAntispyware and am getting
> a clean bill of health in each of the two user accounts. However I'm
> getting a message in the Action Center that the Windows Security Center
> service can't be started. However, when I go to services, neither "Windows
> Security Center" nor just "Security Center" is in the list of services.
>
> I've Googled till I'm blue in the face. Plenty of people have had the
> problem but no one seems to have cured it.
>
> This is Windows 7 Home Premium 32 bit.
>
> Can anyone help?

Does this help:

http://www.howtogeek.com/howto/8693/...irus-live-and-
other-roguefake-antivirus-malware/

or this:

http://www.howtogeek.com/howto/9505/...rity-tool-and-
other-roguefake-antivirus-malware/

Actuaally there's a whole series of "how to remove", depending on
which fake antivirus you had, which you didn't tell us. Try this
search in Google:

site:howtogeek.com "fake antivirus"

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://OakRoadSystems.com
Shikata ga nai...

On 5/17/2011 4:35 PM, Menno Hershberger wrote:
> I have a laptop here that was infected with a fake antivirus. I got that
> cleaned up with MalwareBytes. I've also run SuperAntispyware and am getting
> a clean bill of health in each of the two user accounts. However I'm
> getting a message in the Action Center that the Windows Security Center
> service can't be started. However, when I go to services, neither "Windows
> Security Center" nor just "Security Center" is in the list of services.
>
> I've Googled till I'm blue in the face. Plenty of people have had the
> problem but no one seems to have cured it.
>
> This is Windows 7 Home Premium 32 bit.
>
> Can anyone help?
>

Well, the Security Center service is there on my machine.

<copied from service desc.>

The WSCSVC (Windows Security Center) service monitors and reports
security health settings on the computer.
The health settings include firewall (on/off), antivirus (on/off/out of
date), antispyware (on/off/out of date),
Windows Update (automatically/manually download and install updates),
User Account Control (on/off), and Internet settings (recommended/not
recommended).
The service provides COM APIs for independent software vendors to
register and record the state of their
products to the Security Center service. The Action Center (AC) UI uses
the service to provide systray alerts
and a graphical view of the security health states in the AC control panel.
Network Access Protection (NAP) uses the service to report the security
health states
of clients to the NAP Network Policy Server to make network quarantine
decisions.
The service also has a public API that allows external consumers to
programmatically retrieve
the aggregated security health state of the system.

<end copy>

Menno Hershberger wrote:
> I have a laptop here that was infected with a fake antivirus. I got that
> cleaned up with MalwareBytes. I've also run SuperAntispyware and am getting
> a clean bill of health in each of the two user accounts. However I'm
> getting a message in the Action Center that the Windows Security Center
> service can't be started. However, when I go to services, neither "Windows
> Security Center" nor just "Security Center" is in the list of services.
>
> I've Googled till I'm blue in the face. Plenty of people have had the
> problem but no one seems to have cured it.
>
> This is Windows 7 Home Premium 32 bit.
>
> Can anyone help?
>
>

http://www.blackviper.com/wiki/Security_Center

If the service was running, then perhaps "wscui.cpl" would
start the control panel for it. I can also see wscsvc.dll and
wscapi.dll, which might be components (I have an image of my
laptop mounted in WinXP VirtualPC 2007 right now so I can look
for files).

And this article, shows some of the registry settings the service
might be using. The service has dependencies, but I would still
expect it to appear in the Services thing. If it isn't, then perhaps
some part of the registry got zapped (or something unregistered ?).

http://www.vistax64.com/vista-securi...t-started.html

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc

... %SystemRoot%\\System32\\wscsvc.dll

That thread is about Vista, but I'd still expect to see something
similar in Windows 7.

HTH,
Paul

Stan Brown <> wrote in
news::

> On Tue, 17 May 2011 15:35:38 -0500, Menno Hershberger wrote:
>>
>> I have a laptop here that was infected with a fake antivirus. I got
>> that cleaned up with MalwareBytes. I've also run SuperAntispyware and
>> am getting a clean bill of health in each of the two user accounts.
>> However I'm getting a message in the Action Center that the Windows
>> Security Center service can't be started. However, when I go to
>> services, neither "Windows Security Center" nor just "Security
>> Center" is in the list of services.
>>
>> I've Googled till I'm blue in the face. Plenty of people have had the
>> problem but no one seems to have cured it.
>>
>> This is Windows 7 Home Premium 32 bit.
>>
>> Can anyone help?
>
> Does this help:
>
> http://www.howtogeek.com/howto/8693/...irus-live-and-
> other-roguefake-antivirus-malware/
>
> or this:
>
> http://www.howtogeek.com/howto/9505/...rity-tool-and-
> other-roguefake-antivirus-malware/
>
> Actuaally there's a whole series of "how to remove", depending on
> which fake antivirus you had, which you didn't tell us.

I honestly don't remember. I clean these things up every day and can
usually tell by the symptoms how to attack it.
I do remember that it brought up a fake Security Center screen
The Malwarebytes log had a few instances of trojan.fakealert.gen and one
each of trojan.MSIL, trojan.Hiloti, 2 of Malware.Trace, and one
Trojan.Agent.
I did NOT have to rename mbam.exe, but after I ran Malwarebytes, I lost my
..exe file associations. Then no executable files, including Malwarebytes,
would run. Instead I'd get the window that asks what application you want
to run them with. Also a popup saying that taskmgr.exe was missing when
trying to run that.
I have a registry fix that took care of that.
I then went to Normal Mode, downloaded Superantispyware and ran it in both
accounts. It found mostly cookies and a couple of leftover files from the
trojans.
I see no evidence of rootkit. No redirects, etc. It had an expired version
of Norton Internet Security (2009) on it which I uninstalled along with the
Norton and McAfee security scans (drivebys). Also got rid of Registry
Mechanic. Then I installed the free version of Avira and ran it. It got 25
hits; a lot of them in the Google Chrome folder. GoogleUpdater.exe was
infected. I had already uninstalled Google Chrome but obviously the folder
remained. All the Google update BS is gone now too.
And everything appears to be running smoothly.

Now... how do I get the Security Center back? As I said before (I think)
the service is not listed in Services. Everything I Google for tells me to
go into services and set it to automatic and start it. But it is NOT THERE
to start. Now sure as hell, someone will reply to this and tell me to go
into services and turn it on! :-)

--
--- Long live Fat32! ---

Paul wrote:
> Menno Hershberger wrote:
>> I have a laptop here that was infected with a fake antivirus. I got
>> that cleaned up with MalwareBytes. I've also run SuperAntispyware and
>> am getting a clean bill of health in each of the two user accounts.
>> However I'm getting a message in the Action Center that the Windows
>> Security Center service can't be started. However, when I go to
>> services, neither "Windows Security Center" nor just "Security Center"
>> is in the list of services.
>>
>> I've Googled till I'm blue in the face. Plenty of people have had the
>> problem but no one seems to have cured it.
>>
>> This is Windows 7 Home Premium 32 bit.
>>
>> Can anyone help?
>>
>>
>
> http://www.blackviper.com/wiki/Security_Center
>
> If the service was running, then perhaps "wscui.cpl" would
> start the control panel for it. I can also see wscsvc.dll and
> wscapi.dll, which might be components (I have an image of my
> laptop mounted in WinXP VirtualPC 2007 right now so I can look
> for files).
>
> And this article, shows some of the registry settings the service
> might be using. The service has dependencies, but I would still
> expect it to appear in the Services thing. If it isn't, then perhaps
> some part of the registry got zapped (or something unregistered ?).
>
> http://www.vistax64.com/vista-securi...t-started.html
>
>
> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc
>
> ... %SystemRoot%\\System32\\wscsvc.dll
>
> That thread is about Vista, but I'd still expect to see something
> similar in Windows 7.
>
> HTH,
> Paul

Some other ideas.

http://forums.guru3d.com/showthread.php?t=259951

regsvr32 /s wscsvc.dll

Or perhaps, running System File Checker (SFC).

http://support.microsoft.com/kb/310747
http://www.pcug.org.au/boesen/SFC/SFC.htm
http://www.updatexp.com/scannow-sfc.html

HTH,
Paul

Paul wrote:
> Paul wrote:
>> Menno Hershberger wrote:
>>> I have a laptop here that was infected with a fake antivirus. I got
>>> that cleaned up with MalwareBytes. I've also run SuperAntispyware and
>>> am getting a clean bill of health in each of the two user accounts.
>>> However I'm getting a message in the Action Center that the Windows
>>> Security Center service can't be started. However, when I go to
>>> services, neither "Windows Security Center" nor just "Security
>>> Center" is in the list of services.
>>>
>>> I've Googled till I'm blue in the face. Plenty of people have had the
>>> problem but no one seems to have cured it.
>>>
>>> This is Windows 7 Home Premium 32 bit.
>>>
>>> Can anyone help?
>>>
>>>
>>
>> http://www.blackviper.com/wiki/Security_Center
>>
>> If the service was running, then perhaps "wscui.cpl" would
>> start the control panel for it. I can also see wscsvc.dll and
>> wscapi.dll, which might be components (I have an image of my
>> laptop mounted in WinXP VirtualPC 2007 right now so I can look
>> for files).
>>
>> And this article, shows some of the registry settings the service
>> might be using. The service has dependencies, but I would still
>> expect it to appear in the Services thing. If it isn't, then perhaps
>> some part of the registry got zapped (or something unregistered ?).
>>
>> http://www.vistax64.com/vista-securi...t-started.html
>>
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc
>>
>> ... %SystemRoot%\\System32\\wscsvc.dll
>>
>> That thread is about Vista, but I'd still expect to see something
>> similar in Windows 7.
>>
>> HTH,
>> Paul
>
> Some other ideas.
>
> http://forums.guru3d.com/showthread.php?t=259951
>
> regsvr32 /s wscsvc.dll
>
> Or perhaps, running System File Checker (SFC).
>
> http://support.microsoft.com/kb/310747
> http://www.pcug.org.au/boesen/SFC/SFC.htm
> http://www.updatexp.com/scannow-sfc.html
>
> HTH,
> Paul

Hmmm. But that's for WinXP :-(

Paul

Paul <> wrote in news:iqv11a$1db$:

> Menno Hershberger wrote:
>> I have a laptop here that was infected with a fake antivirus. I got
>> that cleaned up with MalwareBytes. I've also run SuperAntispyware and
>> am getting a clean bill of health in each of the two user accounts.
>> However I'm getting a message in the Action Center that the Windows
>> Security Center service can't be started. However, when I go to
>> services, neither "Windows Security Center" nor just "Security
>> Center" is in the list of services.
>>
>> I've Googled till I'm blue in the face. Plenty of people have had the
>> problem but no one seems to have cured it.
>>
>> This is Windows 7 Home Premium 32 bit.
>>
>> Can anyone help?
>>
>>
>
> http://www.blackviper.com/wiki/Security_Center
>
> If the service was running, then perhaps "wscui.cpl" would
> start the control panel for it. I can also see wscsvc.dll and
> wscapi.dll, which might be components (I have an image of my
> laptop mounted in WinXP VirtualPC 2007 right now so I can look
> for files).
>
> And this article, shows some of the registry settings the service
> might be using. The service has dependencies, but I would still
> expect it to appear in the Services thing. If it isn't, then perhaps
> some part of the registry got zapped (or something unregistered ?).

That's what I'm thinking. I have had experience in XP with the Windows
Update service being missing and the fix for that was a batch file with a
string of "regsvr32 xxxxx.dll /s" entries. Some were "/i /s"

>
> http://www.vistax64.com/vista-securi...rvice-cannot-s
> tarted.html
>
> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc
>
> ... %SystemRoot%\\System32\\wscsvc.dll
>
> That thread is about Vista, but I'd still expect to see something
> similar in Windows 7.

I ran the reg file a guy posted in there. No help. I set a restore point
before I did it and restored it back since it didn't work.

Thanks. I'll keep plugging away. There *has* to be an answer... :-)

--
--- Long live Fat32! ---

Paul <> wrote in news:iqv7vi$3ch$:

> Paul wrote:
>> Menno Hershberger wrote:
>>> I have a laptop here that was infected with a fake antivirus. I got
>>> that cleaned up with MalwareBytes. I've also run SuperAntispyware
>>> and am getting a clean bill of health in each of the two user
>>> accounts. However I'm getting a message in the Action Center that
>>> the Windows Security Center service can't be started. However, when
>>> I go to services, neither "Windows Security Center" nor just
>>> "Security Center" is in the list of services.
>>>
>>> I've Googled till I'm blue in the face. Plenty of people have had
>>> the problem but no one seems to have cured it.
>>>
>>> This is Windows 7 Home Premium 32 bit.
>>>
>>> Can anyone help?
>>>
>>>
>>
>> http://www.blackviper.com/wiki/Security_Center
>>
>> If the service was running, then perhaps "wscui.cpl" would
>> start the control panel for it. I can also see wscsvc.dll and
>> wscapi.dll, which might be components (I have an image of my
>> laptop mounted in WinXP VirtualPC 2007 right now so I can look
>> for files).
>>
>> And this article, shows some of the registry settings the service
>> might be using. The service has dependencies, but I would still
>> expect it to appear in the Services thing. If it isn't, then perhaps
>> some part of the registry got zapped (or something unregistered ?).
>>
>> http://www.vistax64.com/vista-securi...ervice-cannot-
>> started.html
>>
>>
>> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc
>>
>> ... %SystemRoot%\\System32\\wscsvc.dll
>>
>> That thread is about Vista, but I'd still expect to see something
>> similar in Windows 7.
>>
>> HTH,
>> Paul
>
> Some other ideas.
>
> http://forums.guru3d.com/showthread.php?t=259951
>
> regsvr32 /s wscsvc.dll
>
> Or perhaps, running System File Checker (SFC).
>
> http://support.microsoft.com/kb/310747
> http://www.pcug.org.au/boesen/SFC/SFC.htm
> http://www.updatexp.com/scannow-sfc.html

Oops... that's all XP stuff.

--
--- Long live Fat32! ---

Paul <> wrote in news:iqv83j$3ch$:

> Paul wrote:
>> Paul wrote:
>>> Menno Hershberger wrote:
>>>> I have a laptop here that was infected with a fake antivirus. I got
>>>> that cleaned up with MalwareBytes. I've also run SuperAntispyware
>>>> and am getting a clean bill of health in each of the two user
>>>> accounts. However I'm getting a message in the Action Center that
>>>> the Windows Security Center service can't be started. However, when
>>>> I go to services, neither "Windows Security Center" nor just
>>>> "Security Center" is in the list of services.
>>>>
>>>> I've Googled till I'm blue in the face. Plenty of people have had
>>>> the problem but no one seems to have cured it.
>>>>
>>>> This is Windows 7 Home Premium 32 bit.
>>>>
>>>> Can anyone help?
>>>>
>>>>
>>>
>>> http://www.blackviper.com/wiki/Security_Center
>>>
>>> If the service was running, then perhaps "wscui.cpl" would
>>> start the control panel for it. I can also see wscsvc.dll and
>>> wscapi.dll, which might be components (I have an image of my
>>> laptop mounted in WinXP VirtualPC 2007 right now so I can look
>>> for files).
>>>
>>> And this article, shows some of the registry settings the service
>>> might be using. The service has dependencies, but I would still
>>> expect it to appear in the Services thing. If it isn't, then perhaps
>>> some part of the registry got zapped (or something unregistered ?).
>>>
>>> http://www.vistax64.com/vista-securi...service-cannot
>>> -started.html
>>>
>>>
>>> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc
>>>
>>> ... %SystemRoot%\\System32\\wscsvc.dll
>>>
>>> That thread is about Vista, but I'd still expect to see something
>>> similar in Windows 7.
>>>
>>> HTH,
>>> Paul
>>
>> Some other ideas.
>>
>> http://forums.guru3d.com/showthread.php?t=259951
>>
>> regsvr32 /s wscsvc.dll
>>
>> Or perhaps, running System File Checker (SFC).
>>
>> http://support.microsoft.com/kb/310747
>> http://www.pcug.org.au/boesen/SFC/SFC.htm
>> http://www.updatexp.com/scannow-sfc.html
>>
>> HTH,
>> Paul
>
> Hmmm. But that's for WinXP :-(

Hehe... you're about 5 minutes ahead of me. I just replied to that.
I even ran the regsvr32 file. No error. No confirmation. It just went
back to the prompt. :-)


--
--- Long live Fat32! ---