Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firewall turned off and can't turn back on


  • Please log in to reply
4 replies to this topic

#1 Ogre in the Basement

Ogre in the Basement

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 01 January 2012 - 09:01 PM

Mod Edit: Moved from XP to Am I Infected ~~boopme

Got some kind of virus that turned off my firewall and everytime I try to open the firewall settings in the control panel. Started with some kind of fake virus scan thing, so I shut down and ran Malewarebytes Anti-maleware in safe mode. It found a few issues that I had it remove. Restarted windows and my firewall is off and when I try to open firewall settings it asks me what program I want to open it with, does the same for spybot and even firefox. Ran Spybot in safe mode and it found a firewall and antivirus override that I told it to fix, but I still can't get into firefox or my firewall settings. I'll post you the log from Malewarebytes here in case it helps.





Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/1/2012 7:56:30 PM
mbam-log-2012-01-01 (19-56-30).txt

Scan type: Quick scan
Objects scanned: 172955
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\user\Local Settings\Application Data\ilj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\user\Local Settings\Application Data\ilj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\user\Local Settings\Application Data\ilj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\user\local settings\application data\ilj.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\user\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Edited by boopme, 01 January 2012 - 09:09 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:03 AM

Posted 01 January 2012 - 11:38 PM

Same computer as here?
http://www.bleepingcomputer.com/forums/topic432631.html/page__p__2510876__fromsearch__1#entry2510876

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Ogre in the Basement

Ogre in the Basement
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 02 January 2012 - 02:38 PM

yeah, same computer, but different problem. This is what happens when I let idiots use my computer. Instead of just clicking the x on a popup box they clicked cancel and now this issue has started.

#4 Ogre in the Basement

Ogre in the Basement
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:03 AM

Posted 02 January 2012 - 03:31 PM

actually, never mind, lol, I fixed the issue. Virus is removed, MBAM took care of it, but screwed up my registry file association. Sorry to bother you guys. Now I feel like an idiot. Didn't realize that most of my other programs were having the same issue with opening. Made me think about the registry and, sure enough, found a fix app online.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:03 AM

Posted 03 January 2012 - 01:06 AM

Glad you resolved your computer problems.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users