Windows 7 security center

M

Menno Hershberger

I have a laptop here that was infected with a fake antivirus. I got that
cleaned up with MalwareBytes. I've also run SuperAntispyware and am getting
a clean bill of health in each of the two user accounts. However I'm
getting a message in the Action Center that the Windows Security Center
service can't be started. However, when I go to services, neither "Windows
Security Center" nor just "Security Center" is in the list of services.

I've Googled till I'm blue in the face. Plenty of people have had the
problem but no one seems to have cured it.

This is Windows 7 Home Premium 32 bit.

Can anyone help?
 
S

Stan Brown

I have a laptop here that was infected with a fake antivirus. I got that
cleaned up with MalwareBytes. I've also run SuperAntispyware and am getting
a clean bill of health in each of the two user accounts. However I'm
getting a message in the Action Center that the Windows Security Center
service can't be started. However, when I go to services, neither "Windows
Security Center" nor just "Security Center" is in the list of services.

I've Googled till I'm blue in the face. Plenty of people have had the
problem but no one seems to have cured it.

This is Windows 7 Home Premium 32 bit.

Can anyone help?
Click to expand...
Does this help:

http://www.howtogeek.com/howto/8693/how-to-remove-antivirus-live-and-
other-roguefake-antivirus-malware/

or this:

http://www.howtogeek.com/howto/9505/how-to-remove-security-tool-and-
other-roguefake-antivirus-malware/

Actuaally there's a whole series of "how to remove", depending on
which fake antivirus you had, which you didn't tell us. Try this
search in Google:

site:howtogeek.com "fake antivirus"
 
B

Big Steel

I have a laptop here that was infected with a fake antivirus. I got that
cleaned up with MalwareBytes. I've also run SuperAntispyware and am getting
a clean bill of health in each of the two user accounts. However I'm
getting a message in the Action Center that the Windows Security Center
service can't be started. However, when I go to services, neither "Windows
Security Center" nor just "Security Center" is in the list of services.

I've Googled till I'm blue in the face. Plenty of people have had the
problem but no one seems to have cured it.

This is Windows 7 Home Premium 32 bit.

Can anyone help?
Click to expand...
Well, the Security Center service is there on my machine.

<copied from service desc.>

The WSCSVC (Windows Security Center) service monitors and reports
security health settings on the computer.
The health settings include firewall (on/off), antivirus (on/off/out of
date), antispyware (on/off/out of date),
Windows Update (automatically/manually download and install updates),
User Account Control (on/off), and Internet settings (recommended/not
recommended).
The service provides COM APIs for independent software vendors to
register and record the state of their
products to the Security Center service. The Action Center (AC) UI uses
the service to provide systray alerts
and a graphical view of the security health states in the AC control panel.
Network Access Protection (NAP) uses the service to report the security
health states
of clients to the NAP Network Policy Server to make network quarantine
decisions.
The service also has a public API that allows external consumers to
programmatically retrieve
the aggregated security health state of the system.

<end copy>
 
P

Paul

Menno said:
I have a laptop here that was infected with a fake antivirus. I got that
cleaned up with MalwareBytes. I've also run SuperAntispyware and am getting
a clean bill of health in each of the two user accounts. However I'm
getting a message in the Action Center that the Windows Security Center
service can't be started. However, when I go to services, neither "Windows
Security Center" nor just "Security Center" is in the list of services.

I've Googled till I'm blue in the face. Plenty of people have had the
problem but no one seems to have cured it.

This is Windows 7 Home Premium 32 bit.

Can anyone help?
Click to expand...
http://www.blackviper.com/wiki/Security_Center

If the service was running, then perhaps "wscui.cpl" would
start the control panel for it. I can also see wscsvc.dll and
wscapi.dll, which might be components (I have an image of my
laptop mounted in WinXP VirtualPC 2007 right now so I can look
for files).

And this article, shows some of the registry settings the service
might be using. The service has dependencies, but I would still
expect it to appear in the Services thing. If it isn't, then perhaps
some part of the registry got zapped (or something unregistered ?).

http://www.vistax64.com/vista-security/250736-security-service-cannot-started.html

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc

... %SystemRoot%\\System32\\wscsvc.dll

That thread is about Vista, but I'd still expect to see something
similar in Windows 7.

HTH,
Paul
 
M

Menno Hershberger

Does this help:

http://www.howtogeek.com/howto/8693/how-to-remove-antivirus-live-and-
other-roguefake-antivirus-malware/

or this:

http://www.howtogeek.com/howto/9505/how-to-remove-security-tool-and-
other-roguefake-antivirus-malware/

Actuaally there's a whole series of "how to remove", depending on
which fake antivirus you had, which you didn't tell us.
Click to expand...
I honestly don't remember. I clean these things up every day and can
usually tell by the symptoms how to attack it.
I do remember that it brought up a fake Security Center screen
The Malwarebytes log had a few instances of trojan.fakealert.gen and one
each of trojan.MSIL, trojan.Hiloti, 2 of Malware.Trace, and one
Trojan.Agent.
I did NOT have to rename mbam.exe, but after I ran Malwarebytes, I lost my
..exe file associations. Then no executable files, including Malwarebytes,
would run. Instead I'd get the window that asks what application you want
to run them with. Also a popup saying that taskmgr.exe was missing when
trying to run that.
I have a registry fix that took care of that.
I then went to Normal Mode, downloaded Superantispyware and ran it in both
accounts. It found mostly cookies and a couple of leftover files from the
trojans.
I see no evidence of rootkit. No redirects, etc. It had an expired version
of Norton Internet Security (2009) on it which I uninstalled along with the
Norton and McAfee security scans (drivebys). Also got rid of Registry
Mechanic. Then I installed the free version of Avira and ran it. It got 25
hits; a lot of them in the Google Chrome folder. GoogleUpdater.exe was
infected. I had already uninstalled Google Chrome but obviously the folder
remained. All the Google update BS is gone now too.
And everything appears to be running smoothly.

Now... how do I get the Security Center back? As I said before (I think)
the service is not listed in Services. Everything I Google for tells me to
go into services and set it to automatic and start it. But it is NOT THERE
to start. Now sure as hell, someone will reply to this and tell me to go
into services and turn it on! :)
 
P

Paul

Paul said:
http://www.blackviper.com/wiki/Security_Center

If the service was running, then perhaps "wscui.cpl" would
start the control panel for it. I can also see wscsvc.dll and
wscapi.dll, which might be components (I have an image of my
laptop mounted in WinXP VirtualPC 2007 right now so I can look
for files).

And this article, shows some of the registry settings the service
might be using. The service has dependencies, but I would still
expect it to appear in the Services thing. If it isn't, then perhaps
some part of the registry got zapped (or something unregistered ?).

http://www.vistax64.com/vista-security/250736-security-service-cannot-started.html


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc

... %SystemRoot%\\System32\\wscsvc.dll

That thread is about Vista, but I'd still expect to see something
similar in Windows 7.

HTH,
Paul
Click to expand...
Some other ideas.

http://forums.guru3d.com/showthread.php?t=259951

regsvr32 /s wscsvc.dll

Or perhaps, running System File Checker (SFC).

http://support.microsoft.com/kb/310747
http://www.pcug.org.au/boesen/SFC/SFC.htm
http://www.updatexp.com/scannow-sfc.html

HTH,
Paul
 
M

Menno Hershberger

Paul said:
http://www.blackviper.com/wiki/Security_Center

If the service was running, then perhaps "wscui.cpl" would
start the control panel for it. I can also see wscsvc.dll and
wscapi.dll, which might be components (I have an image of my
laptop mounted in WinXP VirtualPC 2007 right now so I can look
for files).

And this article, shows some of the registry settings the service
might be using. The service has dependencies, but I would still
expect it to appear in the Services thing. If it isn't, then perhaps
some part of the registry got zapped (or something unregistered ?).
Click to expand...
That's what I'm thinking. I have had experience in XP with the Windows
Update service being missing and the fix for that was a batch file with a
string of "regsvr32 xxxxx.dll /s" entries. Some were "/i /s"
http://www.vistax64.com/vista-security/250736-security-service-cannot-s
tarted.html

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc

... %SystemRoot%\\System32\\wscsvc.dll

That thread is about Vista, but I'd still expect to see something
similar in Windows 7.
Click to expand...
I ran the reg file a guy posted in there. No help. I set a restore point
before I did it and restored it back since it didn't work.

Thanks. I'll keep plugging away. There *has* to be an answer... :)
 
M

Menno Hershberger

Paul said:
Hmmm. But that's for WinXP :-(
Click to expand...
Hehe... you're about 5 minutes ahead of me. I just replied to that.
I even ran the regsvr32 file. No error. No confirmation. It just went
back to the prompt. :)
 
B

Big Steel

On 5/17/2011 10:04 PM, Menno Hershberger wrote:

<snipped>

If the service is not listed on the Services screen, then something
uninstalled it.

You can take the below route. It's for Vista, but I suspect it would be
the same for Win 7 too.

http://www.ehow.com/how_5992714_install-windows-security-center.html

If the service was uninstalled and that's the only way a service will
not be listed in the Services screen is something uninstalled it, how do
you know that something else is not on the machine hidden deep and
fooling everything trying to find it?

You may want to go this route and just flatten the hard drive.

http://technet.microsoft.com/en-us/library/cc512587.aspx
 
M

Menno Hershberger

On 5/17/2011 10:04 PM, Menno Hershberger wrote:

<snipped>

If the service is not listed on the Services screen, then something
uninstalled it.

You can take the below route. It's for Vista, but I suspect it would be
the same for Win 7 too.
Click to expand...
On that page it states: "Windows 7 removed the Security Center
functionality. However, users of this operating system can get an all in
one virus protection solution in Windows Security Essentials."

I just noticed that Service pack 1 is not installed. I'm getting that right
now. Maybe if I'm lucky, that'll take care of it
http://www.ehow.com/how_5992714_install-windows-security-center.html

If the service was uninstalled and that's the only way a service will
not be listed in the Services screen is something uninstalled it, how do
you know that something else is not on the machine hidden deep and
fooling everything trying to find it?
Click to expand...
I don't, but I'm not going to do anything radical at this point. This guy
has a lot of paid for software that would have to be reinstalled. Hard
telling if he has all the installation media and the corresponding license
information. I already have his data backed up, but he keeps all that
pretty well backed up himself.
You may want to go this route and just flatten the hard drive.
Click to expand...
I really don't *want* to if I can help it.
 
B

Big Steel

On that page it states: "Windows 7 removed the Security Center
functionality. However, users of this operating system can get an all in
one virus protection solution in Windows Security Essentials."

I just noticed that Service pack 1 is not installed. I'm getting that right
now. Maybe if I'm lucky, that'll take care of it


I don't, but I'm not going to do anything radical at this point. This guy
has a lot of paid for software that would have to be reinstalled. Hard
telling if he has all the installation media and the corresponding license
information. I already have his data backed up, but he keeps all that
pretty well backed up himself.


I really don't *want* to if I can help it.
Click to expand...
Yeah, I read the part about SC not being on Win 7, but it's on my Win 7
Ultimate desktop machine. I also have Security Essentials installed. If
SC was not there when I first installed Win 7, which I never noticed,
then something installed it either the SP or a Windows Update.
 
P

Paul

Menno said:
On that page it states: "Windows 7 removed the Security Center
functionality. However, users of this operating system can get an all in
one virus protection solution in Windows Security Essentials."

I just noticed that Service pack 1 is not installed. I'm getting that right
now. Maybe if I'm lucky, that'll take care of it


I don't, but I'm not going to do anything radical at this point. This guy
has a lot of paid for software that would have to be reinstalled. Hard
telling if he has all the installation media and the corresponding license
information. I already have his data backed up, but he keeps all that
pretty well backed up himself.


I really don't *want* to if I can help it.
Click to expand...
I found a reference here, to someone with a similar problem.

http://www.bleepingcomputer.com/forums/topic394213.html

The first step, was to reinstall the service. All in one
line, into an elevated command prompt (cmd.exe)

sc create wscsvc type= share start= delayed-auto error= normal
binPath= "C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted"
depend= RpcSc/WinMgmt obj= "NT AUTHORITY\LocalService" DisplayName= "Security Center"

Then, they do some registry work, to correct a dependency.

Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc

In the right pane, look for DependOnService.

as the malware apparently messed up something.

http://answers.microsoft.com/en-us/...-cant-be/d8250e7a-ee3c-4302-8ca6-9e2a10262feb

At the end of the thread, one other user commented that combofix
fixed something for him. Normally, it's not recommended to run
combofix, without help from someone. (Sounds like a job
for a backup, then try it :) )

So it's apparently messy.

Paul
 
M

Menno Hershberger

Yeah, I read the part about SC not being on Win 7, but it's on my Win
7 Ultimate desktop machine. I also have Security Essentials installed.
If SC was not there when I first installed Win 7, which I never
noticed, then something installed it either the SP or a Windows
Update.
Click to expand...
I uninstalled Avira, installed MSE and the Alert Center message about the
Security Center went away. When the customer has picked up his computer I
explained to him the possibilty that something may still be lurking. But
at this point everything seems to be OK. He wasn't crazy about the idea
of wiping either.
 
M

Menno Hershberger

Paul said:
I found a reference here, to someone with a similar problem.

http://www.bleepingcomputer.com/forums/topic394213.html

The first step, was to reinstall the service. All in one
line, into an elevated command prompt (cmd.exe)

sc create wscsvc type= share start= delayed-auto error= normal
binPath= "C:\Windows\System32\svchost.exe -k
LocalServiceNetworkRestricted" depend= RpcSc/WinMgmt obj= "NT
AUTHORITY\LocalService" DisplayName= "Security Center"

Then, they do some registry work, to correct a dependency.

Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc

In the right pane, look for DependOnService.

as the malware apparently messed up something.

http://answers.microsoft.com/en-us/windows/forum/windows_7-security/the
-windows-security-center-service-cant-be/d8250e7a-ee3c-4302-8ca6-9e2a10
262feb

At the end of the thread, one other user commented that combofix
fixed something for him. Normally, it's not recommended to run
combofix, without help from someone. (Sounds like a job
for a backup, then try it :) )

So it's apparently messy.
Click to expand...
I usually clone the hard drive before I do anything too radical. I have
used ComboFix quite a bit and have had about a 90% success rate. It's a
very aggressive tool. So far I've only totally trashed one machine with
it... :)
 
B

Big Steel

I uninstalled Avira, installed MSE and the Alert Center message about the
Security Center went away. When the customer has picked up his computer I
explained to him the possibilty that something may still be lurking. But
at this point everything seems to be OK. He wasn't crazy about the idea
of wiping either.
Click to expand...
You should tell your customer to stop pointing and clicking on
everything under the Sun.
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SOLVED Windows 7 Ultimate blue security strip on retail COA authentic? 5
SOLVED Turn on Windows Security Center Service 6
Microsoft tells Windows 7 users to uninstall faulty security update 4
How to disable Windows 7 Enterprise 64-bit security/login screens? 7
Kaspersky internet security 2012 cause multiple BSOD on windows 7 6
windows 7 continuing 'security warning' 2
SOLVED error; windows security center service 3
Windows Security Center 4

Top