View Single Post
  #1 (permalink)  
Old April 14, 2011, 07:07 AM
frontier204 frontier204 is offline
Hall Of Fame
F@H
 
Join Date: Nov 2008
Location: Ottawa, ON
Posts: 1,353

My System Specs

Unhappy [Likely not virus?] MSE, Windows Defender, Firewall close immediately on startup

Hi all,

I'm having an issue with the Windows / MS security programs / Microsoft Security Essentials (MSE) on my temporary main rig (Athlon XP 5200+ OC / 4GB / Windows Vista Business x64 SP2). I'm typing this post from my laptop with the Kaspersky noted below...

Here's the symptoms:
  • If I start Windows Defender service through Admin. Tools, I get the message "The Windows Defender service on Local Computer started and then stopped."
  • Microsoft Security Essentials, Windows Firewall, and Windows Defender windows close within 1 second of me opening them
  • The closing of the above windows appears as if I pressed ALT+F4 on the window, with no warning or error. Note the Aero "fade out" animation plays when these windows close - again as if I ALT+F4'd the window
  • EDIT: The "Windows Firewall with Advanced Security" doesn't close and is functional. Maybe it's because you need a UAC prompt to access it?
  • When MSE gets closed as described above, its task bar icon disappears as well
  • I pulled all three HDDs from the system and scanned them with Kaspersky on my laptop. NO DETECTIONS
  • I swapped out MSE for McAfee AntiVirus Plus, and if I don't set my firewall settings to "stealth", I get the following "open" ports...
  • EDIT: McAfee didn't detect anything when run locally on the problem computer
Code:
Starting Nmap 5.00 ( http://nmap.org ) at 2011-04-14 09:46 EDT
Interesting ports on 172.XX.XX.XX:
Not shown: 993 filtered ports
PORT      STATE SERVICE
6646/tcp  open  unknown
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49157/tcp open  unknown
49160/tcp open  unknown
MAC Address: 00:XX:XX:XX:XX:XX (Asustek Computer)
Note if I tell the firewall to be "stealth mode", no ports are detected open by Nmap. I currently have my network set to "Public" profile on that computer.

This all started yesterday... I shut down my PC at noon that day, and all of this started when I came back at around 6:30 PM to start it up again. Note I noticed these symptoms BEFORE installing the slew of Patch Tuesday updates. All PCs in my house are set to auto-update, so it's not like I'm running ancient anti-viruses.

On the problem PC described, my most recent program installs are the following:
  • National Instruments LabVIEW 8.2 Runtime
  • CrystalDiskMark, from zip file
  • Civilizations IV +expansions, Dragon Age Origins; both from Steam backups on my home server
  • -- home server is running OpenSUSE and has bittorrent (Openoffice and Linux distros), port forwarded, and SVN open to my LAN and my school by IP whitelist only
The problem PC has no servers running, but it does run Folding@Home + BOINC 24/7.

What I'd like to know, is that do you think this is a glitch from some failed update or overclock, or is it some virus that's eluded MSE and Kaspersky? I'm not at risk of data loss and I have an DBAN disk + image backup ready to be applied in that order if you have reason to believe the PC is compromised.

Edit 2: The dialog boxes I mentioned above work normally when TrayIt! is not running... bug?
__________________
"The computer programmer says they should drive the car around the block and see if the tire fixes itself." [src]

Last edited by frontier204; April 14, 2011 at 10:46 AM. Reason: Update
Reply With Quote