Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 Security 2012 Stopped Firewall


  • Please log in to reply
10 replies to this topic

#1 zariarn

zariarn

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 12 December 2011 - 10:43 PM

Hello :)

I recently was infected by the evil Win Security 2012 variant malware. Got it from youtube :( I used Avast, malwarebytes, spybot, and supers antispyware to destroy the malware.(at least I think I have, lol) My Windows defender program was disabled but I was able to get it back up and running.

I got the fix for denfender here.....

http://www.sevenforums.com/system-security/161188-windows-defender-0x80070424-error-3.html


But I cannot seem to get the firewall up and running. It was missing from my service list but I was able to get it back. (unable to find link) But I cannot get it to start.


Here's the event log for the firewall service.


Log Name: System
Source: Service Control Manager
Date: 12/12/2011 9:39:23 PM
Event ID: 7024
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Beauford-PC
Description:
The Windows Firewall service terminated with service-specific error Access is denied..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2011-12-13T03:39:23.879181700Z" />
<EventRecordID>545250</EventRecordID>
<Correlation />
<Execution ProcessID="540" ThreadID="2624" />
<Channel>System</Channel>
<Computer>Beauford-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Firewall</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>



Windows 7 64 Home Premium

Thanks in advance

Edited by zariarn, 12 December 2011 - 10:44 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:33 PM

Posted 12 December 2011 - 11:00 PM

Hi

Download both the registry files

<links removed>

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service


Good luck

Edited by elise025, 17 December 2011 - 08:19 AM.
content removed


#3 zariarn

zariarn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 12 December 2011 - 11:27 PM

Hello again,

TY Narenxp for the quick reply. I did the steps according to your instructions. My firewall service still fails to start.

Something maybe worth mentioning but but my BFE-(Base Filtering Engine) service is loading and working fine. (at least it appears to be so) No idea why the firewall service isn't starting.



Any ideas?


Thanks again.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:33 PM

Posted 12 December 2011 - 11:31 PM

Do you still receive 1068 dependency error while starting firewall service?

#5 zariarn

zariarn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 12 December 2011 - 11:36 PM

Says to refer to event log. It also mentions "refer to server-specific error code 5"

Here's new event log




Log Name: System
Source: Service Control Manager
Date: 12/12/2011 10:33:58 PM
Event ID: 7024
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Beauford-PC
Description:
The Windows Firewall service terminated with service-specific error Access is denied..
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2011-12-13T04:33:58.227126100Z" />
<EventRecordID>545998</EventRecordID>
<Correlation />
<Execution ProcessID="540" ThreadID="1876" />
<Channel>System</Channel>
<Computer>Beauford-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows Firewall</Data>
<Data Name="param2">%%5</Data>
</EventData>
</Event>

#6 zariarn

zariarn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 12 December 2011 - 11:44 PM

Posted Image

Uploaded with ImageShack.us

Edited by zariarn, 12 December 2011 - 11:45 PM.


#7 edhuddl

edhuddl

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 13 December 2011 - 12:23 AM

The same thing happened to me. I went to microsoft support and they used remote desktop and fixed the problem. It took about 15 minutes. The cool thing about it was free!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:33 PM

Posted 13 December 2011 - 11:09 AM

If your PC is clean,then your antivirus or third party firewalls may be blocking it.Uninstall them and try to start windows firewall.Reinstall your antivirus

Good luck

#9 zariarn

zariarn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 13 December 2011 - 05:59 PM

Thanks again for you responses.

I uninstalled avast and rebooted. I tried to start the firewall but no luck. I haven't used a third party firewall.

Any ideas?


Thanks :)

#10 zariarn

zariarn
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 13 December 2011 - 06:56 PM

I used microsoft remote desktop support. The only suggestion they came up with was a repair installed. I didn't want to do that so I researched even more.

I FOUND A SOLUTION....WAHHOOOO.

This is a post from the microsoft support.

"" Folks I was on the verge of reinstalling, and started to use brute force. I was able to resolve the issue. Hopefully this works for you. With administrative priviledge I entered regedit. I navigated to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet and started adding permissions to the registry key. Now this is kind of brute force because you're actually supposed to only do the appropriate subkeys. Permission propigates down, so I started at the top key. Now initially I wasn't making any progress here. I added "Local Service" and even "Everyone" with full control, but this didn't work, and Base Filtering Engine still would not start.

What fixed it for me was adding "Full Control" to the "Users" username which was originally there. It originally had only read permission. For what ever reason this fixed it for me. After changes to the registery a reboot is recommended. Just for clarity the system was Win 7 not vista. I had made some other changes, but I believe this is what fixed it for me. Good Luck""


It worked.


TY Narenxp for the advice. I don't think the above solution would have worked unless you had given me those reg keys.

#11 System Failure

System Failure

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 14 December 2011 - 12:04 PM

I'm having the same problem as the initial poster. However, after running all the fixes that were recomended everywhere: Malwarebytes, Combofix registry changes. I still can't get to the internet. Can someone walk me through getting this fixed, as I no longer have the recovery cd for this system and would have a hard time fdisk and starting from scratch.

Thanks,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users