Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Firewall arrested by malware

Posted on 2006-11-27
5
Medium Priority
?
195 Views
Last Modified: 2013-12-04
Hi all,
i'm having trouble for 2 reasons :
1) my AVG firewall is disabled and i'm not allowed to enable it;
2) If i try to run hijackthis it start and suddenly close down, the same if i type hijackthis in my internet browser IE;
I think is a malware and i have plenty of antivirus and antyspyware but i cant get rid of it, and i dont have any message back so i dont know what is it.
thanks for answering
davide
0
Comment
Question by:calvinnhobbes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 27

Expert Comment

by:David-Howard
ID: 18022934
Calvin,
Have you (or can you) attempt to perform your scans in Safe Mode?
Safe Mode: What it is and how to access it.
http://www.computerhope.com/issues/chsafe.htm
You might want to check your Startup tab for malicious entries.
Check Startup for malicious entries.
How to use MSConfig (Directions with screen shots)
http://www.netsquirrel.com/msconfig/
David
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18023307
Leave all startup entries enabled and run a hijackthis scan in safe mode.
Sometimes this is caused when Haxdoor is present in the system.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18023317
Show us the hijackthis log once you've got it.

Upload the log to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 

Author Comment

by:calvinnhobbes
ID: 18023523
I cant access MSCONFIG (inmpossible to find error message) so i dont know how to work on the start up tab. I've already tried to run hijackthis in safe mode but it doesnt work anyway.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 750 total points
ID: 18023673
Infos on disabled firewall and how to fix it, but when it's caused by malware then it will just be disable again so you need to remove malware most importantly.

http://www.winxptutor.com/sp2/resetfw.htm
http://windowsxp.mvps.org/sharedaccess.htm


These were created to disable it:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000000

values set to zero --> disables it and it greys out the buttons so it can not be changed
values set to 1      --> enables it and greys out the buttons so that it can not be changed
The value has to be removed so that the firewall is not set either way and you have control over it.



Can you run other programs??? like the below apps?
1.  Please download Silent Runners.
http://www.silentrunners.org/Silent%20Runners.vbs
* Save it to the desktop.
* Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
* You will see a text file appear on the desktop - it's not done yet, just let it run (it won't appear to be doing anything!)
* Once you receive the prompt "All Done!", double-click on the new text file on the desktop and copy that entire log and upload the logfile created, go here and paste your log, http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.


2.  Download (Download the GUI) version of BlackLight, and save it to your desktop.
https://europe.f-secure.com/blacklight/try.shtml
Doubleclick blbeta.exe, accept the agreement, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones such as "wbemtest.exe", so don't choose the rename option yet! Copy and paste the log it generated in your next reply.


3.  This one will tell us if it's caused by haxdoor:
Download haxfix.exe and save it to your desktop.
http://users.telenet.be/marcvn/tools/haxfix.exe
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon"
Click "Next"
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
Click "Finish"

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
4. Run Goldun fix
E. Exit Haxfix

Select option 1. Make logfile by typing 1 and then pressing Enter
Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)
Copy the contents of that logfile and paste it into this thread
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question