Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall And Service Off By Itself...


  • Please log in to reply
5 replies to this topic

#1 Precarious Dude

Precarious Dude

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 12 August 2008 - 10:37 AM

Windows Firewall And Service Cuts Off By Itself



I've been having this problem with my firewall lately. Just started 3 days ago. The whole entire service has been shutting completely off approximatley 2:00 minutes after connecting to the internet on my wireless d-link adapter and upon boot or reboot. Now don't get me wrong, I can turn it back on. I get the message, "Windows firewall settings cannot be displayed because associated service is not running. Do you want to start windows firewall/internet connection sharing (ICS) service?", when I click the firewall icon. I click yes and it comes back on, but STILL. Its never did this before. I have to keep turning it back on every time I reboot, when it cuts off. Is this perhaps a virus, spyware attack or maybe a hack attempt or exploit? I have windows xp home edition, service pack 3, wireless connection, no other firewall but windows firewall, no anti-virus, lots of spyware programs (superantispyware, spybot search and destroy, trojan remover) which I ran over and over again but still the problem persist, and also a dell computer. Windows firewall and service doesn't shut down when i'm not connected to the internet, hmm, which is strange. I've heard of ways hackers can shut the firewall off through codes and such. I'm scared. Please help.

Edited by Precarious Dude, 12 August 2008 - 10:39 AM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:15 PM

Posted 12 August 2008 - 11:17 AM

Well...you cannot be too scared...if you don't have an antivirus program installed, IMO :thumbsup:.

My first suggestion would be to...install one, update it, and run a complete scan.

http://www.tomshardware.com/forum/135134-45-windows-firewall See 1-23-2005 comments by Malke.

Louis

#3 Precarious Dude

Precarious Dude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 12 August 2008 - 09:13 PM

Lol, sorry for being so precarious. Here are some things I failed to mention:


I tried inputting these commands into the "cmd" ms-dos mode.
For anyone having Windows Firewall problems after cleaning out spyware, here is the fix. No more installing ZoneAlarm! The system in question must be running XP with Service Pack 2.


1. Run the attached .REG file.
2. From the command prompt, enter

netsh firewall reset

3. Open Windows Firewall control panel and enable it.


Should that NOT work, this is the final thing you should try before reinstalling XP or ZoneAlarm:


1. From the command prompt, enter:

rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf

2. Restart
3. From the command prompt, enter NETSH FIREWALL RESET


Hope this helps.




One more possible fix, if you can't get the above two steps to work:

1. From the Command Prompt, enter:

netsh winsock reset

2. After receiving a confirmation, reboot
3. Check if the Windows Firewall service has started. If not, repeat the above two steps.



RESOLUTION
click Start, click Run, in the Open box, type CMD, and then click OK.
To restore the default SD for the SharedAccess service, type the following command at the command prompt, and then press ENTER:
SC sdset SharedAccess D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
Restart Windows Firewall/Inernet Service.

Firewall still shuts off... :trumpet:
Remember, it only happens a few minutes after I connect to the internet. I can be offline for hours and the firewall will never shut off.

I've tried checking the services it depends on. All of them are started.

Security Center
Event Log
Network Connections
Remote Procedure Call (RPC)
Windows Management Instrumentation

They are all started and on automatic. :flowers:

I've just installed new drivers for my d-link wireless connection to solve that problem with its compatibility with service pack 3 which is all over the web.

I formerly had a virus program but uninstalled it because it seemed to be a virus itself. I've just installed avg 8.0 free edition and am now scanning. ......................... Finished. Here are the results.


Windows\system32\svchost.exe virus
Windows\System32\svchost.exe virus
Windows\system32\proxyM.dll trojan

I hope this is the problem. :thumbsup:
The first post in this link was interesting: http://forum.pcvsconsole.com/viewthread.php?tid=8191

I tried moving svchost.exe to vault but system shut down. So I took it out.
Now what should I do?

Edited by Precarious Dude, 12 August 2008 - 11:10 PM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:15 PM

Posted 13 August 2008 - 08:59 AM

OK :thumbsup:...I'm assuming that you have removed any items picked up by AVG as questionable. I know that some persons prefer to put them in quarantine, but I really see no need for a quarantine function. IMO, an infected file is of no value to anyone who is not in the business of researching/negating such.

Once you are satisfied that your system clean...I would suggest running sfc /scannow or doing a repair install of XP. If it were me and I had been infected, I would just do a repair install of the system...based on the premise that such would restore normal system functions which may have been damaged by malware.

LEARN how to use SFC.EXE (system file checker) in this article! - http://www.updatexp.com/scannow-sfc.html

Perform a Repair Installation - http://www.microsoft.com/windowsxp/using/h...ips/doug92.mspx

TweakXP.com - How To Do a Repair Install of XP - http://www.tweakxp.com/article36955.aspx

Someone may have a better approach, but that's how I would approach it.

Louis

#5 Precarious Dude

Precarious Dude
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 13 August 2008 - 10:35 AM

Its over... The firewall stays on now. It turned out the virus was holding my original svchost.exe file hostage, renaming it to svchost(2).exe. When I deleted the first svchost.exe, which was infected, I just renamed the first back to the original. Presto, the problem was solved. I'm going to hold on to this anti-virus program now. I have alot of protections up and running now. My system tray is full of icons of protection programs, lol. :thumbsup: I refuse to leave my back open again. :flowers:

Edited by Precarious Dude, 13 August 2008 - 10:37 AM.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:15 PM

Posted 13 August 2008 - 12:15 PM

Well done :thumbsup: ,happy computing :flowers:.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users