BleepingComputer.com: Security Sphere- removed but no updates or firewall

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Security Sphere- removed but no updates or firewall

#1 User is offline   columbiers 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 27-December 11

Posted 27 December 2011 - 11:57 AM

Hi
I had the Security Sphere fake antivirus problem. I am using Windows 7.

Removed it with the guide on this site using Malwarebytes and it all seems to be fine now.
BUT I cannot switch on the windows Firewall and cannot check for any windows updates. I have tried various fixes for these from the web- none have worked. It is definitely connected to the malware I had as everything was fine before. Considering a format and reinstall of Windows but asking here first in hope of a solution.

Please help!

This post has been edited by columbiers: 27 December 2011 - 11:57 AM

#2 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 27 December 2011 - 07:38 PM

Welcome aboard Posted Image

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#3 User is offline   columbiers 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 27-December 11

Posted 28 December 2011 - 03:58 AM

Thanks! Done it, got this:

Farbar Service Scanner
Ran by Mr P (administrator) on 28-12-2011 at 08:56:45
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#4 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 28 December 2011 - 11:43 AM

Quote

cannot check for any windows updates

What happens?

As for firewall, you have couple registry keys missing.
Unfortunately those keys are computer specific and they can't be transferred from another computer.

You have two options:
- reinstall Windows
- use 3rd party firewall like Comodo free firewall: http://personalfirewall.comodo.com/free-download.html
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



#5 User is offline   columbiers 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 27-December 11

Posted 28 December 2011 - 01:50 PM

Quote

What happens?




I get error 80096001. It doesn't even begin checking for updates, says an unknown error prevents it checking for updates.
Thanks for the help so far. A 3rd party firewall s not a problem for me, not being able to download updates means I'll go for a reinstall if I can't solve it.

#6 User is offline   Broni 

  • The Coolest BC Computer
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 22,167
  • Joined: 01-February 08
  • Gender:Male
  • Location:Daly City, CA

Posted 28 December 2011 - 04:12 PM

Try here: http://support.microsoft.com/kb/822798
My Website

Posted Image

My help doesn't cost a penny, but if you'd like to consider a donation, click Posted Image



Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users