Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Security 2012 aftermath issues


  • Please log in to reply
13 replies to this topic

#1 Sarkus

Sarkus

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 23 December 2011 - 02:29 PM

So I got hit by Vista Security 2012 the other night. I followed the instructions here to get rid of the malware, but in the aftermath discovered that I couldn't get the security center to work. I managed to get that back up by importing a new .reg file for the one the malware deleted, but I haven't been able to get the firewall up. Any suggestions?

This is Vista32 OS and I specifically am told that Security Center can't open the firewall. When I try and do it manually I'm told the firewall is not using recommended settings - when I try and update those, I'm told the firewall can't make those changes.

Edited by Sarkus, 23 December 2011 - 02:32 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:04 AM

Posted 23 December 2011 - 02:49 PM

Welcome aboard Posted Image

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Sarkus

Sarkus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 23 December 2011 - 02:52 PM

This is what the log says:

Farbar Service Scanner
Ran by Miles Lippincott (administrator) on 23-12-2011 at 11:51:23
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
********************************************************

Internet Services:
=================

Connection Status:
=================
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
================
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
========================


System Restore:
==============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
==============================


File Check:
==========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 11:01] - [2011-09-20 13:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-10-20 11:28] - [2009-04-10 22:28] - 0407552 ____A (Microsoft Corporation) 5DE62C6E9108F14F6794060A9BDECAEC

C:\Windows\system32\bfe.dll
[2009-10-20 11:27] - [2009-04-10 22:28] - 0334848 ____A (Microsoft Corporation) C789AF0F724FDA5852FB9A7D3A432381

C:\Windows\system32\Drivers\mpsdrv.sys
[2008-09-29 10:33] - [2008-01-18 21:54] - 0064000 ____A (Microsoft Corporation) 22241FEBA9B2DEFA669C8CB0A8DD7D2E

C:\Windows\system32\SDRSVC.dll
[2008-09-29 10:34] - [2008-01-18 23:36] - 0104960 ____A (Microsoft Corporation) 716313D9F6B0529D03F726D5AAF6F191

C:\Windows\system32\vssvc.exe
[2009-10-20 11:27] - [2009-04-10 22:28] - 1055232 ____A (Microsoft Corporation) DB3D19F850C6EB32BDCB9BC0836ACDDB

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:04 AM

Posted 23 December 2011 - 02:58 PM

We have several registry keys missing, but those keys are computer specific so we can't import them from somewhere else.

Your best solution would be to install 3rd party firewall like...
Comodo free firewall: http://personalfirewall.comodo.com/free-download.html
Manual: http://www.vikitech.com/6069/comodo-firewall-review-usage-guide

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Sarkus

Sarkus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 23 December 2011 - 03:08 PM

Thanks. I've gotten the Comodo recommendation (and have already downloaded it) so I may just go that route if I decide not to just go the full Windows reinstall route. Thanks for your help.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:04 AM

Posted 23 December 2011 - 03:14 PM

That would the only option to fix Windows firewall issue.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Sarkus

Sarkus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 23 December 2011 - 04:06 PM

Should I be concerned about system restore if I keep this build and add Comodo? The previous restore points were apparently messed up by this malware as I was unable to use them when trying to fix problems associated with this attack.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:04 AM

Posted 23 December 2011 - 04:19 PM

Do you have an access to another Vista computer?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Sarkus

Sarkus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 25 December 2011 - 02:12 AM

I do not. Would a windows upgrade (say to Win7) replace the damaged files? I realized tonight that while MSE is running, its not updating and the manual update fails. The error code indicates its likely due to issues related to the infection, though I deleted and reinstalled MSE after cleaning the computer. So I don't know if that means there is still something present (TDSSKiller and a deep scan by MBAM come up with nothing) or something else.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:04 AM

Posted 25 December 2011 - 11:14 AM

Would a windows upgrade (say to Win7) replace the damaged files?

Do you have any Windows 7 DVD?

I realized tonight that while MSE is running, its not updating and the manual update fails. The error code indicates its likely due to issues related to the infection, though I deleted and reinstalled MSE after cleaning the computer.

You may have more damage caused by the infection.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Sarkus

Sarkus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 25 December 2011 - 01:49 PM

Do you have any Windows 7 DVD?


Not at the moment, but I read where somebody mentioned doing an "upgrade in place" to fix various issues and since I was considering upgrading to Win7 I thought that might be a way to do that and fix the damage caused by the most recent malware attack at the same time. So that was what I was wondering, if that would in fact be a solution to the various registry and other issues. The alternative seems to be a full delete and reinstall of Windows Vista, though I'm waiting on a support ticket with MS to see whether they have any solution to getting windows update in general to start working again. I was able to manually update MSE, though.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:04 AM

Posted 25 December 2011 - 02:05 PM

Well you can't fix Vista with Windows 7 disk.
If you can get hold of Vista DVD we can try repair installation.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Sarkus

Sarkus
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 25 December 2011 - 03:46 PM

Well I do have the Vista "Reinstallation DVD" that came with the computer.

So an upgrade to Win7 will not fix the problems on the computer? Thats what was suggested in what I read elsewhere, that an upgrade would fix problems. I guess it would depend on what is kept and what is replaced with a windows upgrade to a new OS.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:04 AM

Posted 25 December 2011 - 06:41 PM

Vista reinstallation DVD will return your computer to "day zero" state. All data and installed programs lost.
IF you had Windows 7 DVD you could upgrade but upgrade won't fix your issues. It'd have to be clean installation.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users