Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall STILL disabled


  • Please log in to reply
6 replies to this topic

#1 eejay

eejay

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:03 AM

Posted 14 August 2012 - 11:06 PM

Hi everyone,

The past few days I've been battling to remove a series of viruses, rootkits and malware (Sirefef, SMART HDD, among others) that infected my computer during a lapse of antivirus coverage, and possibly a Java vulnerability.

The fact that all of these slipped past and remained undetected by my Ad-Aware Pro (PAID version) infuriates me. Equally infuriated by their unintelligible customer service, I uninstalled the entire program and downloaded Avast Free Antivirus. Using a combination of Avast, Malwarebytes Anti-Malware, Spybot S/D, TDSSKiller, CCleaner, Unhide, EZ Sirefix, and a couple basic Windows tools, I was able to get the infected files quarantined/obliterated and now I'm in the process of cleaning up the mess left behind.

One of the biggest problems I have is the state of my Windows firewall. Whenever I try to activate it, I receive "Error code: 0x80070424".

I downloaded and ran the Microsoft Fixit tool and was told that (in so many words) I could not set the Windows firewall because I was using the Lavasoft Ad-Aware firewall program, or because of an existing group policy. Right now I'm willing to bet there's some remnant of Ad-Aware screwing up my Windows firewall. After three solid days of dealing with this mess, I'm about to turn into a rage rocket.

If anyone could offer advice or help, it'd be very much appreciated! :wacko:

Running: Windows 7 Ultimate (32-bit) SP1

Edited by eejay, 15 August 2012 - 08:24 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 14 August 2012 - 11:11 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 eejay

eejay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:03 AM

Posted 15 August 2012 - 10:01 AM

Hi narenxp,

I have already run TDSSKiller with TDLFS parameters and no threats were detected. I'll supply the log if necessary, but as there were no threats found, I don't see the point in posting it.

I am up-to-date on the latest Avast virus definitions (current version 120814-0). Both quick scans and full scans revealed no threats.

I downloaded ESET and installed it, and it picked up on 10 threats. (See log below) The program said that they were quarantined and/or deleted, but after restarting my computer, I still can't turn on my Windows firewall (same error code 0x80070424). As I mentioned before, I think Ad Aware, or some of its deceased settings, might be responsible.

Do you have any suggestions for fixing this manually, like through regedit or something?

Thanks for your help so far!

ESET Log:

C:\ProgramData\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip	Win32/Bagle.gen.zip worm	cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\14.08.2012_16.38.13\mbr0000\tdlfs0000\tsk0005.dta	Win64/Olmasco.Y trojan	cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\14.08.2012_16.38.13\mbr0000\tdlfs0000\tsk0006.dta	Win32/Olmasco.O trojan	cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\14.08.2012_16.38.13\mbr0000\tdlfs0000\tsk0007.dta	Win64/Olmasco.X trojan	cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\14.08.2012_16.38.13\mbr0000\tdlfs0000\tsk0009.dta	Win32/Olmasco.AA trojan	cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\14.08.2012_16.38.13\mbr0000\tdlfs0000\tsk0010.dta	Win64/Olmasco.Z trojan	cleaned by deleting - quarantined

C:\Users\Eejay\AppData\Local\Temp\pdtmtfmlmxufhfmhabraum.exe	a variant of Win32/Injector.VEJ trojan	cleaned by deleting - quarantined

C:\Users\Eejay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6106b462-3f3091a7	a variant of Java/Exploit.CVE-2012-1723.AL trojan	deleted - quarantined

C:\Users\Eejay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1fb90bf5-23d9f315	multiple threats	deleted - quarantined

C:\Windows\Installer\{5f603591-1c23-ccb3-1c57-94a491dc58cf}\n	Win32/Sirefef.EV trojan	cleaned by deleting - quarantined


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 15 August 2012 - 10:03 AM

Do you want me to fix the firewall first or remove zero access rootkit on your PC and then fix firewall? :)

Please run TDSSkiller and aswmbr and post the logs.

Edited by narenxp, 15 August 2012 - 10:04 AM.


#5 eejay

eejay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:03 AM

Posted 15 August 2012 - 11:29 AM

Thank you, but there's no need--I discovered the problem with my firewall:

I was missing my BFE (Base Filtering Engine) and had a bunch of missing or corrupted registry entries. I downloaded a registry key fix from TechNet Blogs that fixed my BFE problem. It still didn't fix my firewall, but I was able to find all the registry keys I needed to get my Windows Firewall, Updates, and Defender working again from Microsoft's Technet.

Now I'm running my virus scanners again to be sure I'm clean... But right now it looks like everything is back to normal. :thumbsup:

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:03 AM

Posted 15 August 2012 - 11:34 AM

C:\Windows\Installer\{5f603591-1c23-ccb3-1c57-94a491dc58cf}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined


You still have rootkit on your PC.

If you feel that your system is clean,i cant help you.

Can you see the name of guy who posted the fix in microsoft technet forum? Fixing a firewall is not a big issue.

good luck

Edited by narenxp, 15 August 2012 - 11:35 AM.


#7 eejay

eejay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:03 AM

Posted 15 August 2012 - 02:42 PM

I took care of the "infected" folder manually (as I had suspected, the virus had been deleted and only the empty folder remained), ran another ESET scan (and TDSSKiller scan, Malwarebytes scan, Avast, TrendMicro, and Spybot), and got clean bills of health from all.

By the way, it was your name in the Microsoft Technet forum where I got the registry fixes. Thanks for the help!

Edited by eejay, 15 August 2012 - 03:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users