There is a registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Which allows you to specify that certain programs are opened with a certain debugger. One of the customer computers had a bunch of entries, listing a bunch of security programs, with "Debugger" = "svchost.exe" values. By doing this, it prevented those programs from running, including Microsoft Security Essentails and MalwareBytes AntiMalware. I couldn't figure out why MSE wasn't running.
Spybot Search & Destroy found and fixed a few of them, I believe including the one blocking MSE. I manually unblocked AntiMalware, and AntiMalware found and fixed a bunch more.
I'm not sure which malware made all of those entries... I just think that people should be aware of this. I was not aware of it until now.
More general info:
|Response Title||Author and Date|
|I didn't find MSE or Taskmgr for Process Explorer even listed||on Jul 7|
|Re: I didn't find MSE or Taskmgr for Process Explorer even listed||on Jul 7|
|the malware is Windows... delete Windows & no more registry problems!||stosb on Jul 7|
|* you are entitled to your opinion. However, I do not share it..||on Jul 7|
|*it was a joke...||stosb on Jul 8|
|* Aye, but then you have fstab, gconf, .bashrc, dbus, modules.conf, etc. errors!||on Aug 16|
|I only found one that even had the Debugger key||on Jul 8|
|* yep... :-)||on Jul 8|