jbobst
asked on
Windows Firewall options are greyed out
A user recently traveled to Asia, and during his trip his laptop started behaving strangely with internet browsing issues and VPN issues. When he returned, I verifed that his computer was having issues. For example, the laptop could get onto the internet, but couldn't open any web pages. I could ping sites all over the Internet but his IE browser would simply not display anything. DNS was fine, but I noticed his Windows Firewall screen would not allow me to turn it off or on...the radio button options were greyed out and the firewall was set to "on". There were also a few services that I didn't recognize, which I shut down as well. His laptop has our Symantec Corporate AV installed on it, so I made sure the virus defs were up to date, and ran a full system scan in safe mode. Sure enough, it found various spyware and trojans. I ran two more safe mode scans and then a scan in normal windows and the third safe mode scan came back clean...as did the scan in normal windows. After Symantec AV cleaned the trojans and sypware, his computer started to operate normally...at least with browsing the Internet. However, he still has some strange servcies (which are disabled) and his windows firewall is STILL not changable...it's just stuck in the "on" position and I am not able to modify it. I clicked the advanced tab and requested that the firewall be set back to default, but that still didn't make a difference.
Any thoughts? Other than to wipe the hard disk and re-install? (which I am planning on doing here in the next day or two).
Thanks.
Jeff
Any thoughts? Other than to wipe the hard disk and re-install? (which I am planning on doing here in the next day or two).
Thanks.
Jeff
These keys are probably created by the virus:
[HKEY_LOCAL_MACHINE\SOFTWA RE\Policie s\Microsof t\WindowsF irewall\Do mainProfil e]
"EnableFirewall"=dword:000 00000
[HKEY_LOCAL_MACHINE\SOFTWA RE\Policie s\Microsof t\WindowsF irewall\St andardProf ile]
"EnableFirewall"=dword:000 00000
values set to zero --> disables it and it greys out the buttons so it can not be changed
values set to 1 --> enables it and greys out the buttons so that it can not be changed
The value has to be removed so that the firewall is not set either way and he has control over it.
OR:
Also check here:
http://windowsxp.mvps.org/resetfwpol.htm
[HKEY_LOCAL_MACHINE\SOFTWA
"EnableFirewall"=dword:000
[HKEY_LOCAL_MACHINE\SOFTWA
"EnableFirewall"=dword:000
values set to zero --> disables it and it greys out the buttons so it can not be changed
values set to 1 --> enables it and greys out the buttons so that it can not be changed
The value has to be removed so that the firewall is not set either way and he has control over it.
OR:
Also check here:
http://windowsxp.mvps.org/resetfwpol.htm
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try resetting the firewall also....
netsh firewall reset
Then see if you can disable it...
Are the FW options greyed out , or just not accepting changes...??
netsh firewall reset
Then see if you can disable it...
Are the FW options greyed out , or just not accepting changes...??
NM the last part, just saw the question again.....(is it time to go home yet?????)
ASKER
Sorry I never did a highjack this log. I ended up just re-installing windows, as that is quickest solution. Thanks for the help.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
it's possible that the malware has damaged system files. try sfc scannow or repair install.