Greetings, SiamSter !

Check in the Windows Security Center that antivirus is ON.  If so, the error is on Spybot. This was due to a Spybot update in late July. Hopefully, they will fix it soon.

Cheers!

No the spyware turns this off everytime i boot up

So you have a virus or spyware that turns off your antivirus.  If you can turn on your anti-virus and run a scan to remove the virus or spyware.

Check for virus and adware

Housecall Online Scan
http://housecall.antivirus.com
or
Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
or
Adaware
http://www.lavasoftusa.com/software/adaware/
or
CoolWebShredder
http://www.spychecker.com/program/coolwebshredder.html
or
Ewido
http://www.ewido.net/en/

3. If still no joy, download HijackThis

http://www.hijackthis.de/

Run the program and you will find many entries. Most are OK. Post the log at the Hijackthis link above and click Analyze, Save.  Post a link to the saved list here.

ive got kaspersky antivirus, ill run a scan and let u know

Remember, anti-virus scanner will identify trojans, but do not remove them.  You need the Adware scanners to remove them.

well ive only got spybot and kaspersky

spybot should get rid of it

If you do not use the Windows Firewall or ICS --
1/ You can go into:  Start|Control Panel|Administrative Tools|Services|
2/ Find this service --> Windows Firewall/Internet Connection Sharing(ICS)
3/ Right-click & select properties -
4/ On General Screen set --> Startup Type: Manual -
5/ Click --> Stop <-- to stop the Service
6/ Verify Service Status: Stopped

SpyBot should be happy again.

I do use windows firewall

What is the result of the scan with  spybot and kaspersky?

 If no joy, download HijackThis

http://www.hijackthis.de/

Run the program and you will find many entries. Most are OK. Post the log at the Hijackthis forum and click Analyze, Save.  Post a link to the saved list here.

If you are comfortable with editing the registry - you can make turn off the security center overide of your AV.
[std disclainer - register mis-edits can make system unuseable - get a registry backup!!!]
-------------------------------------

This may help -- reset the Regisry setting for AV overide.

dword: 0= No; 1=Yes

Windows Security Center.AntiVirusOverride: Settings (Registry change, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:1

Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

Once reset & Spybot finds no other errors, immunise & you should be ok.

Ive ran kaspersky antivrus scan and picked up nothing at all

Ran spybot immediately after and it picked it up again, i fixed it, removed it and then rebooted.

and its back!

I have this on my PC & Laptop and now i cant update my antivirus on my laptop either!

#kbbcnet

Ive never edited the registry before, can it be explained in simpler steps?

Cheers,

Chris

Chris,

Try http://www.trendmicro.com  Follow the link to free online scan.

run msconfig and uncheck items that you do not recognize from the startup process so they will not start.

Your system is likely compromised, the overide setting in the security center is the least important.  If it spread to your laptop by means of shared data or through the network, you need to eliminate spyware/worm/virus.

Check EE for dealing with this type of situation.

Make sure you run spyware on the system when it is booted in safe mode.

well dont know what trend micro is all about, i just downloaded it, mozzila just saved it to disc, now how do i find it ?

Ive just switched from IE to Mozzilla and it would only let me save it to disc, now how can i locate trend micro to run the scan?

IE would always let you save it in a folder, then set up and run the program ???

Sorry if i sound grumpy :)

Chris

Its ok ive found trendmicro, ill run the scan now

trendmicro found 1 adware and deleted it,

i restarted then its back, the little red windows security and the balloon is popped up in the bottom right corner,oh ive done this so many times now,

i need to delete this little bug permanentley somehow!

somebody help me!

If you already ran Spybot with updated definition, and did not get rid of the spyware, run a Hijackthis log.  

Chris,

There is much you are not telling us.  You must disable the System restore. right click on my computer and select properties.

Using mozilla, download adaware.

Boot the system in safe mode. disable system restore.
Run spybot and adaware.
run msconfig.
limit or eliminate the entries of programs that startup that are unfamiliar.

As I indicated, the issue with the deactivation is a symptom of an issue on the system it is not the cause.  Once you locate the source/cause, resolving the overide will be simple in comparison.

Run Ewido to get rid of the trojan

http://www.ewido.net/en/

If no joy, run HijackThis and post the analyzed log.

http://hijackthis.de/

<<Ive never edited the registry before, can it be explained in simpler steps?>>
Yes once you fill comforable with this process -- proceed to the *procedure step at end.

Regedit is dynamic - any/all changes are immeditate.  It has no go back/undo button.
The main thing to avoid is miskeys & the delete key - "no are you sure" prompts!!!
If you do miskey or if in doubt/confused - select cancel &/or try the <>ESC<> key.

Having said that - you can change any setting & back again!  :)
**The point is Document every step & change you make.
**Store changes in a text file in the event, you want to put the settings back as they were before you made a change.
The register has a similar look & feel of Windows Explorer.

If you choose to proceed the info is below & it is two very simple chagnes which should give you no grief & can easily be changed back -- if you do not get the results you want!

*** Although this procedure is non intrusive -- hacking around in your registry can
*** render your Windows Operating System unusable - as in crashed/trashed!!!!!!
----------------------------

**Beginners Guides: The Registry: Backups, Repairs, and Protection.
http://www.pcstats.com/articleview.cfm?articleid=263&page=1 
-----------------------------

1/ Get a backup Restore Point:
Backing up the Windows XP registry

Microsoft Windows XP includes a new feature known as system restore. This great new feature enables a user to backup and restore their important system files from an earlier day. By default this feature automatically creates a backup of the system each day. If you wish to create a restore point of your system follow the below steps.

1/ Click Start, Programs, Accessories, System Tools, System Restore
2/ Select the option to Create a restore point
3/ Click next and follow the remainder steps.
4/ Restoring the Windows XP registry
5/ To restore the system back to an earlier point follow the below steps.
6/ Click Start, Programs, Accessories, System Tools, System Restore
7/ Select the Restore my computer to an earlier time option and click next
8/ Select the day and the restore point you wish to restore and click next.
----------------------------

<< I use spybot search and destroy and it keeps picking up this one below:
<< windows security center antivirus override
<< I remove it, then when i reboot the computer it comes back again!
<< How can i remove this little devil permanently?
<<
*Procedure: Reset the Regisry setting for AV overide as below change dword value.

1/ Go to Start|Run|Regedit.exe - click ok  <-- Registry Editor Explorer loads
2/ My Computer|HKEY_LOCAL_MACHINE|SOFTWARE|Microsoft|Security Center
3/ Traverse the left window pane down to Security Center & highlight
4/ In right window pane - Double-click dword value --> AntiVirusOverride
5/ Set value data: 0  <-- select ok   <-- Leave Base selection as is
      If value data is already 0 <-- select cancel
8/ Close Registry Editor Explorer.

Windows Security Center.AntiVirusOverride: Settings (Registry change, fixed)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

Scan your system here for issues.
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym

Once you are satisfied your system is as it should be with no viruse, and the like. In Spybot run "immunize" to record the settig change, otherwise you will get the pop-up.

Did this resolve the issue?

Ok cheers guys, its still on both machines, i'll try and sort it asap, let u know, chris

If you launch Security Center control panel you have three sections each with a button and Firewall at the top. If you click the associated button there (i don't know how it is called on your computer as i don't have english windows) there's that little checkbox in the new window that appears and it should say something like "I have a firewall i will monitor myself. Warning: System Windows will not monitor (....)". If this checkbox is checked, windows firewall is being set to OVERRIDDE and is told another firewall will do this job, Windows Firewall has to stay quiet. (you may tell windows you have one, even when you don't, and you can end up w/o active firewall at all). This situation results in a registry entry of
"FirewallOverride"=dword:00000001
in the key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

Now for spybot S&D - it apparently had it's security scope broadened to include a check for windows firewall and antivirus being turned off or overridden, so it says:
windows security center firewall override!=0
This means spybot detected your setting is not equal to zero (!=0 means NOT EQUAL ZERO, therefore equal to 1 and therefore OVERRIDE is ON) and issues a warning to you. I believe when you push Fix selected problems, spybot may correct this value and make it "FirewallOverride"=dword:00000000 (equal to zero, therefore firewall NOT Overridden) BUT five seconds later your windows security center will probably return this value back to it's desired state, which was set in control panel You may check if i am right by either scanning with Spybot immediately after repair or navigating to the aforementioned registry key and confirming the value of dword:00000001. If you didn't tick that earlier mentioned checkbox there and wish to use Windows Firewall, you need to uncheck that box otherwise it will remain overridden.

Override is needed if you have another firewall, either software or hardware, and do not wish to use integrated windows firewall. You can't (shouldn't) use two firewalls, they will most likely conflict and definitely make your life a pain, therefore MS allows turning your firewall off. SPybot will detect this but it doesn't mean your system is infected, it only means your firewall was set to override, not neccessarily by any malware. It's only a warning not a super-threat.

The same thing applies to antivirus, if you are running Kaspersky, you have most likely set in Security Center control panel that you have another antivirus and that you will monitor it yourself. Therefore - OVERRIDDEN integrated antivirus software, since you don't want that red shield with white cross to pop up a warning every minute from your system tray area, saying you don't have an antivirus installed even though you have Kaspersky. This produced appropriate registry entry and spybot picked it up and reminded you.

My opinion is to leave these two "errors" in spybot alone, if you have your custom firewall/antivirus, since these are only threat reminders not some trojans or the likes.

Hope I was able to help, if anything wasn't understandable then blame my poor english ;-)

Cheers

#kbbcnet


1/ Go to Start|Run|Regedit.exe - click ok  <-- Registry Editor Explorer loads
2/ My Computer|HKEY_LOCAL_MACHINE|SOFTWARE|Microsoft|Security Center
3/ Traverse the left window pane down to Security Center & highlight
4/ In right window pane - Double-click dword value --> AntiVirusOverride
5/ Set value data: 0  <-- select ok   <-- Leave Base selection as is
      If value data is already 0 <-- select cancel
8/ Close Registry Editor Explorer.

I did all of the above and the value data was set to 0 allready

Still cant fix it!

Chris

If i run a spybot scan before ive double clicked on the red windows security alert and checked the box (i have an antivirus program i will monitor myself) spybot does not pick up the override.

But if i run the scan after ive checked the box it picks it up.

Maybe this info could help!

Also can this harm my computer if i do not sort it out asap?

Chris

I suppose, SiamSter, you did not read My comment which is right above yours. The things your Spybot "picks up" are not errors, just Notifications. Leave them alone. Notification is meant to point out that Windows Firewall and/or known-to-Windows Antivirus software is off. You do not FIX these errors if you have your own firewall/antivirus respectively. Since you have some software firewall/antivirus windows just doesn't detect, You just acknowledge "That's right, i have my own firewall and/or antivirus so i set windows security center not to mind these, or one of them (i override their monitoring, because i don't want that stupid red shield in system tray)"

If you do not have your own firewall/antivirus AND your spybot notifies you that you have these two overridden, then there MIGHT be a problem, IF there's no hardware firewall or private network router with NAT on the way from internet to your computer. Again, this is not an error to be fixed by spybot, it is to be fixed by You. You can UN-tick that "I have my own antivirus" box and spybot will no longer notify you. Why? Because NOW you're non-stop notified by that stupid red shield in your system tray so spybot is satisfied. So you decide what's worse - spybot's message or that shield being red.

Why do you need notification? Because lately software companies seem to assume average user is an idiot and needs to be reminded every 5 minutes about everything.

Bottom line is if you have some firewall and antivirus and they work then ignore these two messages.

>> Also can this harm my computer if i do not sort it out asap?

If you have checked that Antivirus in On and working, the Spybot alert is a false positive.  Don't worry about it.

Ok cheers

Well i still cant remove it, if i could just stop the little red security alert from popping up every reeboot, that would be fine!

SlamSter,

The Spybot S&D warning is just that, a warning.  But the warning on ignor and you will not see it again.

http://forums.techguy.org/t386647.html

I mean the windows security alert, bottom right

There should be a setting in Spybot S&D to not show the alert.

This is from Spybot Customer Support:

Since the Detections Update from July 25, 2005, Spybot - Search & Destroy 1.4 has been detecting Security Risks (renamed to "Windows Security Center" on July 30) associated with Microsoft Security Center Registry changes. This is neither a false positive nor a bug. It is just an information.
Spybot-S&D only wants to bring to your attention that "someone" disabled one or more notifications in the Windows Security Center, e.g. the notifications that your virus protection is not active or not up-to-date. If you changed the settings yourself you can safely tell Spybot to exclude those detections from further scans.
In order to do so please right-click each in turn, then click "exclude this detection from future scans". That way, should any other part of security center settings change, Spybot will still detect those.
The same is true if you have another security solution installed (like McAfee Security Center or Norton Internet Security). These programs also disable the Windows Security Center in order to take care of things themselves. The reason why the changes are flagged by Spybot-S&D is that there are also malware programs that disable the notifications so the user doesn't take note of his security tools not being effective.

Cool, if it does'nt harm my computers i'll leave it and exclude it from spybot, cheers