Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Add-On Posts


  • This topic is locked This topic is locked
11 replies to this topic

#1 a1a2a3a4

a1a2a3a4

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 11 December 2011 - 02:43 AM

I also have this very same problem. I recently had 2 malware/virus attacks, the first one was easy enough to get rid of (Windows 7 anti-virus 2012) and another one which was a bugger, had to go into safe mode and all that. It was called Identity Protection or something? The reason why I got the 2nd one was most likely because my firewall was turned off probably because of the first one (just a guess, i'm not computer genius). I did about 4 hours of google searching and found nothing. I also ran malwarebytes, rkill, and that eset (?I think that's what it's called) online scanner BC suggested. After the removal none of these found anything. I'm guessing there's a missing file perhaps?

Also Microsoft Security Essentials did not work for me. The malware got through both times. Perhaps I need a better (free) anti-virus.

Edited by hamluis, 15 December 2011 - 05:36 PM.
Split from http://www.bleepingcomputer.com/forums/topic430142.html/page__p__2492422__fromsearch__1#entry2492422 .


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:46 AM

Posted 11 December 2011 - 09:21 AM

Please save the following contents as reg file. Then execute this file to import to registry.




Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE]
"DisplayName"="@%SystemRoot%\\system32\\bfe.dll,-1001"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\bfe.dll,-1002"
"ObjectName"="NT AUTHORITY\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\
00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
62,00,66,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="BfeServiceMain"


Save it as .reg file,launch it and add to registry




If you do not have windows firewall,copy this






Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
"DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
"ObjectName"="NT Authority\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
65,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
"Collection"=hex:87,00,01,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security]
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00



Save it as .reg file and import

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Click on Everyone

Below you have permission for users

Select full control and click ok

Now start bfe service and windows firewall service

#3 michael628

michael628

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 11 December 2011 - 12:19 PM

I'm having the same firewall issue. I've tried to copy/paste the text above into a .reg file. Each time I run/Merge it I get a reg-editor error.

Please help.

#4 michael628

michael628

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 11 December 2011 - 12:26 PM

I figured out the merge issue... How do I Now start bfe service and windows firewall service ?

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:46 AM

Posted 11 December 2011 - 01:03 PM

You need to restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Click on Everyone

Below you have permission for users

Select full control and click ok

Now click on start

Go to RUN and type


services.msc and click ok

Start base filtering engine service


Then go ahead and start windows firewall service

#6 Chibs

Chibs

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 11 December 2011 - 03:43 PM

Thanks, this fixed it for me.

#7 ktvindicare

ktvindicare

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 12 December 2011 - 12:04 AM

Im having the same problem as the Original Poster but when I go to edit my Registry i find that I am missing a BFE section in the "services" part.

When I go to import the new .reg file, it prompts me to delete everything in the services section. I don't want to do that do I?

#8 jeniholland

jeniholland

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 12 December 2011 - 12:45 AM

I'm getting the same error 0x80070424. I have followed the instructions above and I am still getting this code when I try to change my firewall settings.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:46 AM

Posted 12 December 2011 - 01:09 AM

@ktvindicare

You can safely import it.It is not going to delete anything.Its just a common warning

@ jeniholland

Did you start your windows firewall service and base filtering service?

#10 ktvindicare

ktvindicare

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 12 December 2011 - 08:56 AM

The problem appears to have been solved. Thank you.

#11 meeunknown

meeunknown

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:46 PM

Posted 14 December 2011 - 04:22 PM

How do I add the reg file to registry?

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,552 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:46 AM

Posted 15 December 2011 - 05:40 PM

This topic is closed, due to it being an administrative mess, IMO.

Please...in the future...start your own topic, rather than injecting your issues into a topic concerning a different system and possibly different problems that you see as the same. This maintains the integrity of the topic started by the OP...and it allows the best chance for you to get your needs propertly tended.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users