I was helped by Ex_Brit with a previous question regarding McAfee Internet Security updates. The advice was good and led to a safe mode System Restore date back in December 2011. This date precedes the later part of January 2012 when "Message from web site" from potentially malicious third party advertisers started appearing, with Windows Internet Security 8 Pop-up Blocker On, on the PCH games site. I then brought McAfee and Microsoft updates up to date and downloaded, for the second time, Malwarebytes Anti-Virus program. Both times I used the Malwarebytes it identified and quarantined the same problem regarding the Security Center, and the supposed bug was zapped. I was also still continuing to receive "Messages from web site" only on the PCH games site. Since I am still concerned about the need to uninstall Windows and start from scratch, I decided to investigate the findings further on a Malwarebytes forum. I provided the following two log entries:
l. Registry Data Item detected: HKLM\SOFTWARE\Microsoft\Security Center|ANTIVIRUSDISABLENOTIFY (PUM Disabled.Security) [an arrow] Bad (1) Good (0) -- Quarantined and repaired successfully.
2. Is the same except FIREWALLDISABLENOTIFY replaces ANTIVIRUSDISABLENOTIFY
One of the answers I received from the Malwarebytes forum said that McAfee disables Windows Security Center malfunctions/notification since it includes its own self-monitoring software. This makes sense to me, and if I understand correctly, the Malwarebytes scan produced two false positive results. Is this correct? If this is correct and the files have been quarantined and zapped and no longer on the computer, does this affect the ability of McAfee Internet Security to function correctly? Windows Security Center is showing that both Firewall and Virus Protection are ON and being protected by McAfee. If McAfee has been affected, I could always do a System Restore again.
Dealing with "Messages from web site" problem is a whole other subject since Malwarebytes and another free downloaded malware finder program did not produce any additional findings. I feel there may be nothing wrong with my computer, and that it is a PCH problem -- PCH is a gateway for the third party advertisers who are not paying to advertise. I wish I knew for sure. I suppose I could go to the library and use one of its computers to play Sudoku and see whether or not these messages pop-up. I have reported these incidents to PCH.
Since this is kind of lengthy, I have underlined the questions I'd like you to answer. Thands for any help you can give.
You can ignore the ANTIVIRUSDISABLENOTIFY and FIREWALLDISABLENOTIFY whichy are only cautionary messages to tell you that Windows SecurityCenter is taken over by McAfee Security. A 'PUM' is PUM potentially unwanted modification - as some spyware can also disable things.
Messages from website - is this a malware warning or actual messages? I can only assume the former and it would be controled by your browser pop-up blocker settings I guess.
I have never had this come up with malwarebytes & Mcafee installed.They have worked together fine for a few years now for me.It has never Flagged Mcafee with false positive since I have had it.I would look a bit deeper into the subject.I have seen people with those registry keys At Bleeping computer.Just my 2 cents.
Hi Peter, I was`nt Debating your answer.As you have helped many,many people here.Myself Included.I just remember seeing that somewhere. So I looked it up & noticed it on a few of the spyware forums.Bettor safe then sorry I guess.
Earthtraveler If you still continue to have Issues You may want to look at this document That I believe peter(Ex_Brit) put together.
On the bottom there is a link to HiJack this & Some other Forums that do some great free work.I`m sure they could help if you have concerns.
SUPERAnti-Spyware was the the first free program I downloaded and ran on 1/31/2012 to check for malware because of PCH third party pop-up messages. It also identified and quarantined only the same two Security Center alerts as being disabled. Since I was a long way from understanding whether or not this was good or bad, I really didn't know what to do. Because of my confusion, I tried to get these items (files or whatever you call them) released from quarantine. I think I succeeded with one, because when I downloaded and ran Malwarebytes Anti-Malware on 2/1/2012 that scan showed only the ANTIVIRUS DISABLE NOTIFY as being disabled with log results: Quarantined and repaired successfully. Since the third party messages were still popping up, I ran SUPER.... again. The results of that scan showed no Security Center alerts as being disabled; however, it did quarantine one tracking cookie and the following: Trojan.Agent/Gen-Fake Alert C:\TEMP\MALWAREBYTES' ANTI-MALWARE\CHAMELEON\WINLOGON.EXE. I researched chameleons and I thought, "Ykes!" I had SUPER... zap this item. I have since learned that Malwarebytes Chameleon is a set of new technologies to get Malwarebytes Anti-Malware up and running on a system when it is prevented from doing so by specific malware infections. After I did the System Restore, I downloaded only Malwarebytes, because I it was easier for me to understand its directions for handling quarantined items. Therefore, the Chameleon file is back in place.
The "Messages from web site" pop-up signs on PCH game site look official. The contents have varied. The original sign: "Attn: Your browser version is old. You need to urgently renew your browser." I have Windows Internet Explorer 8. Later signs advised that the drivers needed renewing. The present signs, without any action on my part, are a little different. Instead of "Message from web site" at the top of the sign shows Windows Internet Explorer. The message is: "Are you sure you want to navigate away from this page? How'd you do? If you leave this page, you'll never know! Please cancel to stay and see your tokens. Press OK to continue or Cancel to stay on the current page." The present signs almost sound reasonable. However, I am suspicious because of all the receding signs and the fact that this sign had never appeared during over a year of using the PCH game site.
Per Ex_Brit's advice regarding alerts, I don't plan to do a System Restore at this time.
I am still in a quandry as to the need for reinstalling Windows XP. Any suggestions?
Is this XP SP3 I hope? Those IE8 may be out of date notices can be ignored as you can't go any higher than that in XP. The disable notify things are false alarms so ignore them too. If you have a problem still then follow the Hijackthis instructions at the bottom of that link in post #5 above posted by newjack.
Yes, Windows SP3.
Yes, I had pretty much figured out that I could not go to a browser higher than IE 8 with Windows XP.
I will ignore disable notify things as advised.
When I did a Safe Mode System Restore, I used the instructions in DOC2168. I will access this document again for the Hyjackthis info.
Thanks to both of you for your help. This ends this particular quest unless either of you have additional comments.