PDA

View Full Version : AntiVirusDisableNotify?, I was HIT!


spungywungy
01-23-2008, 07:33 PM
Back in November Spybot found this key & others in the registry, but after having to reformat they were there AGAIN cause HP puts them IN!!!!!

People- the feds contracts with HP to put these in so we can get SPIED ON REMOTELY. :eek: How do I know HP contracts with the feds & the feds had them put these keys in to disable peoples computers? Because after reformatting I IMMEDIATELY looked for them in the registry and there they were thought I had NOT used the PC yet nor had I even got onto the web yet so infected again it was NOT, yet the keys were there ANYWAY! So, ONLY the feds could've had HP put it in at the factory were my recovery disks were made-HP and the feds did it. Also not good, a hacker who writes a good program can get in your computers easily using these fed's registry entries.

I created some registry keys myself which have disabled them suckers, so far so good.

When these keys were found, you can Goggle them, it was used by a new spyware that go into a bunch of people's computers (Google has about 10,000 results on these things).

The keys are in Security Center and these keys are :
LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
AntiVirusDisableNotify
AntiVirusOverride
FirewallDisableNotify
FirewallOverride
UpdatesDisableNotify

And another key called "Monitoring" in "Security Center" which disable these AntiVirus & Firewall products :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall

More in the next post, this is a bit LONGGGGGG......LOL.
spungywungy
01-23-2008, 07:48 PM
Here are the reg keys I created to disable that thing I mentioned above :

1st, I renamed "Security Center" to "DisableSecurity Center"
2nd, I created 2 new reg keys which are DWORD values "DisableSecurityCenter" and make it a "1". The 2nd is "FirewallDeleteRule" and make it a "1".
3rd, I went to LOCAL_MACHINE\SOFTWARE\Microsoft & highlighted Microsoft & made a new key to the right of Microsoft called "Security Center" and left it as a "0".
4th, taking the same Microsoft key above highlighted right-click it & choose "new" & then choose "key" & name it "Security Center ON", then highlight this new key and on the right of the window make a DWORD value called "DisableSecurityCenter" and make it a "1".

Done. If you have something to add, please do. The more secure my PC is the better.
coz
01-23-2008, 08:02 PM
Not to be rude or anything but I think you probably just made yourself a little less secure by modifying your registry. The keys you mentioned look like their used by the security center to sort of interface with AVs. The keys are on my machine also and I don't have a HP. Also I believe their on every Windows XP and greater.

Trust me if you were infected with some form of malware that the feds came up with you probably wouldn't even see the registry values and in most cases you would never know what the keys were if you did find them. Not to mention registry keys are a means to find a value, which a program uses just like a variable but users can also change it. Therefor all registry keys/values have at least one program associated with them otherwise they are useless. I'm sure you already know most of this but I'm in a chatty mood. So even by changing the keys and values there would still be malware running on your computer. In most cases it would probably just recreate the keys as it spread or was executed.