I travel for my work. Some of my duties involve cleaning out junk my fellow employees manage to download and install. Unfortunately, my company is not using Comodo firewalls (political/corporate/bureaucratic). The nasties I am referring to are “Microsoft.WindowsSecurityCenter.AntiVirusOverride,” and “Microsoft.WindowsSecurityCenter.FirewallOverride.” At Market #1 one machine was infected with these. My fellow employee had downloaded MyWebSearch, MyWay.MyWebSearch, FunWebProducts, FunWeb, and CoolWebSearch (thanks a lot!). I also found, in the Recycle bin, a file called Mahjong.exe. At Market #2 I did not find any evidence of any bizarre web search toolbars, but one computer has a lot of downloaded games from this MahjongFortuna2 (and I mean A LOT–about 2.5GB’s worth). Also, at Market #2 the computer with the Mahjong stuff did not seem infected, but I had four other computers on the network with the AntiVirusOverride and FirewallOverride. I ran least a dozen AV’s, rootkit detectors, and various other common cleaning tools on all the computers. Spybot Search and Destroy was the one that uncovered this stuff.
Does any one have any information on any of this? Tomorrow I need to talk with the boss of the lady who likes to play a lot of games on company time. It would be nice to have as much knowledge as possible for this meeting.
Thanks in advance.
BTW, I like the spell checker function in the forums. I never noticed it before. One thing–better tell the spell checker that COMODO is a real word. (:WIN)
The Mahjong stuff was put on the computer by this employee’s grandchild(!). I got rid of it today without much more ado. Still concerned about the ~AntiVirusOverride and ~FirewallOverride. My company uses McAfee Small Business. Most of my fellow employees don’t know how to stop the service (nor do they know, or care, how to start it again). The only way to stop this McAfee service is through Administrative Tools, and nobody stopped the service on four computers–so something from the outside did, but what?
Hi grayhair
I am not positive on this and maybe someone else can verify or correct me if I’m wrong. I think that the “override” for antivirus and firewall that you see are a direct result of changing the settings in Windows security center to “not monitored”.
John
Thanks for the response JJasper. I can check on this, but I don’t think the individuals who use these computers are that saavy. Let’s just say they put gas into the tank and never check the oil. (:LGH) I would bet they don’t even know where the Security Center is. Also, these items Spybot S+D caught were on different computers about one hundred miles from each other. But, I will look into it, thanks.
I’m not sure those machines u mentioned have installed any firewall ? Some firewall will disable the default Windows Firewall services… Also, u mentioned only Spybot SD discovered it, u might want to read the details by expand the finding… hope that help
you can try searching or ask at spybot s&d forum for info on it
MyWebSearch, MyWay.MyWebSearch, FunWebProducts, FunWeb, and CoolWebSearch are all a pain - often installed by users looking for games etc without realizing what rubbish they are putting on their pc. I have found these on numerous work computers. Spybot is handy for removing them.
The “Microsoft.WindowsSecurityCenter.AntiVirusOverride,” and “Microsoft.WindowsSecurityCenter.FirewallOverride” are common where McAfee or Norton security software is installed, both use their own ‘security centre’ and disable the windows security centre monitoring of firewall and antivirus. This is what the entries are and whoever installed the McAfee software would not need to disable the features themselves, it would occur automatically during installatiion.
:SMLR