can't access firewall settings after spysheriff attack

I got caught by the bogus spysheriff last night and also some search and download trojan viruses. cleaned the adware and viruses out with spysweeper and AVG. Now i am unable to turn on the firewall for winxp sp2 from any access, including security center and control panel. i restarted the security center in "services" which had been disabled in the attack. the error message i get trying to turn on firewall is "due to an unidentified problem, windows can not display windows firewall settings". I am also unable to successfully return to an earlier restor point. What do you suggest i do?

thanks, mark davis
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SpySheriff changes the registry policy settings that needs to be restored which AVG and SpySweeper didn't.
Smitrem will restore these policy settings.
and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Next, please reboot your computer in Safe Mode:

Open the "smitRem" folder, then double click the "RunThis.bat" file to start the tool. Follow the prompts on screen.  Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

If still having problems with malware.
You can also download Ewido as well to remove other viruses and trojans that might still be present in your system as well.(Scan in Safe mode)

download, install, and update the free version of Ewido anti-malware:

Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

mdavismdAuthor Commented:
thanks rpggamergirl, and great name! i did everything as you requested. prior i had also done some things such as the netsh firewall reset, etc. when i call up the firewall applet with the exceptions tab, etc., it is all grayed out. also, from the security center when i hit "recommendations" under firewall and then the "enable" to turn it on, i get an apology and the suggestion to go to the services. in services, when i attempt to start firewall, it  says "Coniguration manager: The specified device instance handle does not correspond to a present device". that sounds kind of ominous, like, um, a major reload?

thanks in advance for any help, mark davis
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Normally after smitrem removed the infection it also restore all the default settings that SpySheriff had altered. Are you sure the system is clean?

Can we look at your Hijackthis log?
Please download HijackThis 1.99.1
Open Hijackthis, click "scan and save a logfile" don't fix anything yet, just upload the logfile created, go here and paste your Hijackthis log,
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or copy and paste the log at; 
and click Analyse, Save.  Post a link to the saved list here.

I haven't played rpg's for awhile now but whenever I do I can't stop! lol
mdavismdAuthor Commented:

Okie is the address on hijack site for the analysis. i note it says in red at the very top that there is "no firewall"...duh. now if i could just turn it on...i also posted the scanlog on the rafb site.
Navigate to the registry and remove the values of these keys or change them to 1.
NOTE: Always export the key to your desktop as .reg so you have a backup of that key before you change it.

Start > Run > type in;



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

values set to zero does disable it and it greys out the buttons so it can not be changed
values set to 1 enables it and greys out the buttons so that it can not be changed.
The value has to be removed so that the firewall is not set either way and you have control over it.(it's up to you whether you want them change to 1 or remove their values altogether)

You could also use a this regfile to remove those values if you want to do it this way:




[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
BTW, your Hijackthis log only showed registry clutter but no malware entries.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mdavismdAuthor Commented:
How do i get you your points?
You accepted my answer so I assume that everything is okay now?

Thank you very much for the points with an "A" grading! :)

Best wishes!
mdavismdAuthor Commented:
Everything is fine, no "exceptions"....
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.