Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to start Windows Firewall service-specific error code 5 Win7 64bit


  • Please log in to reply
11 replies to this topic

#1 dougdodger

dougdodger

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 April 2013 - 12:12 PM

when trying to restart windows firewall i am getting this... "service-specific error code 5"
using HP G62 laptop running Windows 7 SP1 Home Premium 64-bit
 
i had a rootkit on the laptop and i think it's completely removed but i still cannot activate the firewall, I used kaspersky rescue disk 10, rkill and mbam to remove rootkit.
 

hope someone can help....



BC AdBot (Login to Remove)

 


m

#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 26 April 2013 - 01:58 PM

System error code 5 is "access denied". http://msdn.microsoft.com/en-us/library/windows/desktop/ms681382%28v=vs.85%29.aspx

 

But I don't know if your error code is a system error code. If it is, you can check the permissions on the firewall service with this command:

 

sc sdshow MpsSvc

 

I have this on my test machine:

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCRP;;;S-1-5-80-<omitted>)


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 dougdodger

dougdodger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 April 2013 - 02:13 PM

here is what i have...
 
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754
844-3404434343-1444102779)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)


#4 dougdodger

dougdodger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 April 2013 - 02:24 PM

if i try to open firewall advanced settings this is what i get...

 

The Windows Firewall with Advanced Security snap-in failed to load. Restart the Windows Firewall service on the computer that you are managing. Error code: 0x6D9



#5 anyrepli

anyrepli

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 26 April 2013 - 02:30 PM

Microsoft has a "fix-it" program for firewalls with error code 5 and I think the following is a link to your version:

http://support.microsoft.com/mats/windows_firewall_diagnostic/



#6 dougdodger

dougdodger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 April 2013 - 02:41 PM

did try that earlier, tried again and i get these results...

 

We detected problems with your system and were able to successfully apply the fixes. However, our verification shows that the problem still exists

 

WINDOWS COULD NOT START WINDOWS FIREWALL

WINDOWS FIREWALL SERVICE IS NOT STARTED



#7 anyrepli

anyrepli

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 26 April 2013 - 03:06 PM

Did you also already try this procedure?

http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/trying-to-turn-on-windows-firewall-getting-error/a8dc26c1-010d-4f16-8531-d609731f7015?page=2

See post from NanduPradeep Kumar in the middle of the page and do at your own risk. The other possibility would be to use system restore and go back to a time before you were infected (if possible).

#8 dougdodger

dougdodger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 April 2013 - 03:32 PM

Yes, no good either, have no restore point available either, 



#9 anyrepli

anyrepli

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 26 April 2013 - 03:43 PM

Just a word of advice. Next time, when you request help, please elaborate on all you have done (already) in your initial post because it is very frustrating to make suggestions... only to get a response "I tried that already." Now, based on all that you have (presumably) done, I have come to the conclusion that your only recourse is to reinstall your OS because it appears that your infections have caused serious damage to your PC and, trying to assist, without knowing all that you have previously done is like looking for a needle in a haystack. I wish you the best of luck and I'm hoping that someone (with more patience) is willing to take this on; however, I'll bet you could do a reinstall 10xs over before you finally get this fixed (but I hope I'm wrong).

#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,536 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:06:45 PM

Posted 26 April 2013 - 03:48 PM

 

here is what i have...
 
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCRP;;;S-1-5-80-2006800713-1441093265-249754
844-3404434343-1444102779)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

 

Yes, it's the same, except for the SACL (S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)), but that can't be the cause.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 dougdodger

dougdodger
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 26 April 2013 - 05:27 PM

Just a word of advice. Next time, when you request help, please elaborate on all you have done (already) in your initial post because it is very frustrating to make suggestions... only to get a response "I tried that already." Now, based on all that you have (presumably) done, I have come to the conclusion that your only recourse is to reinstall your OS because it appears that your infections have caused serious damage to your PC and, trying to assist, without knowing all that you have previously done is like looking for a needle in a haystack. I wish you the best of luck and I'm hoping that someone (with more patience) is willing to take this on; however, I'll bet you could do a reinstall 10xs over before you finally get this fixed (but I hope I'm wrong).

 

sorry for not giving full history of what i'd done so far but that would of probably taken longer than an OS reinstall as well. Anyway, i checked out the link you gave earlier and read on to next page, i found this link in there.. http://www.selectrealsecurity.com/malware-removal-guide , reading through it i had covered a fair bit of it already and then i saw an all in one fixit tool link (from tweaking.com) under Fix Post-Disinfection Problems, after installing it i just selected the firewall fix and hey presto 1 reboot later i was back in business, i would love to find out what the fix actually did to the system but in the meantime i'm going to run all the checks again to make sure everything is clean.

much kudos and thanks to you anyrepli for pointing me in the right direction, you rock!



#12 anyrepli

anyrepli

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 26 April 2013 - 05:45 PM

Glad you were able to find a fix.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users