Windows Firewall deactivating itself-Why?

[Ancient Lady]

I have Windows Firewall set to on in the Firewall settings but when my computer boots up I get a warning that my firewall is off.

I have to click the balloon and reset it each time. This has been happening for a few days now. For some reason the Firewall settings are being turned off between shut down and boot up even though I have set them to be on.

I have run Spybot and done a full scan with AVG free and nothing has come up as a problem. I am running XP Media centre.

Could this be some kind of virus?

[BeeCeeBee]

Do you have any trouble while on the internet. Are you being redirected to any sites or are you unable to reach sites that you have before?

[Ancient Lady]

No, I have no problems with anything like that. The only 2 things that have changed recently is that I downloaded the new version of Spybot and before I did not install the Tea timer option as it used to slow down my computer but this time I thought I might try it again for extra security.

The problem with the firewall deactivating itself did not start until about 10 days after installing the new Spybot.

The other change is something my bank has introduced called Rapport to give extra security when online banking.

This seems to be a program that can protect websites and can tell you if someone is using your log on details elsewhere. I think that is what it does but I am not exactly sure.

[Guest Wolfeymole]

Read each Tab here Ancient-Lady for more information on Rapport.

 

NatWest - Rapport - For safer banking

 

Also Spybot and AVG are not the greatest malware and anti virus tools out there so in the mean time follow the instructions below and get back to us.

 

 

Your computer may be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

 

[*] Click Finish.

[*] The program will download and update itself if it finds the necessity to do so. Please allow this.

[*] Once the program has loaded, select Perform full scan, then click Scan.

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*] When the scan is complete, click OK, and then Show Results to view the results.

[*] Make sure that every entry is selected, and click Remove Selected.

[*] Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:
   

    

   [*] Click the Close button to leave the control center screen.

   [*] On the main screen, under Scan for Harmful Software click Scan your computer.

   [*] On the left, make sure you check mark C:\Fixed Drive.

   [*] On the right, under Complete Scan, choose Perform Complete Scan.

   [*] Click Next to start the scan. Please be patient while it scans your computer.

   [*] After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*] Make sure every entry has a check mark next to it and click Next.

   [*] A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*] Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Please don't use it on a regular basis as this will clear all previous restore points. The feature might be very useful to revert your computer to working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[Ancient Lady]

I have carried out your suggested steps 1 to 4 and there have been absolutely no problems detected except for a cookie from HP which I have sorted but as I have HP computer and HP printer this was not unexpected. The malware tests were all negative as well as the scans barring the one cookie.

I was not sure if it is therefore necessary to do step 5 re the clearing of the System Restore if no problem has been detected. Can you advise and also suggest other reasons for the firewall deactivating itself.

[BeeCeeBee]

Did you disable the spybot teatimer before you ran through the process?

[Ancient Lady]

Yes, Spybot & AVG were disabled

[Guest Wolfeymole]

For some reason the Firewall settings are being turned off between shut down and boot up even though I have set them to be on.

 

This would be logical.

 

All programs would be shut down on .................. shut down.

[Ancient Lady]

I was just trying to explain that I wasn't disabling it myself at any stage.

Not very good at all the technical terms so probably did not put it very well.

I replied to BeeCeeBee that I had carried out all your suggestions from 1 to 4 finding only 1 cookie(taken care of). Not done step 5 unless you suggest I do so as no malware etc discovered.

Spybot and AVG were disabled.

[Guest Wolfeymole]

Well to be honest Ancient I would'nt use the windows Firewall anyway as it's only good for protection against inbound traffic to your pc.

 

Run the Eset scan and get back to us.

[Ancient Lady]

I did do the Eset scan before as suggested but I have done it again and no problems were found.

I have now done all your suggested tests with nothing detected barring one cookie.

Do you have any idea what would give me a false warning as I have noticed that if I ignore the firewall warning at start up, it then appears to turn itself back on after a couple of minutes?

What firewall, spyware and anti-virus do you recommend whether it be free or paid?

I am not a fan of Norton or McAfee.

[BeeCeeBee]

Nor are we, Ancientlady. Have a look at the suggestions listed here.

http://extremetechsupport.com/forum/malware-removal-av-firewalls-etc/3597-free-pc-help-recommended-security-products.html

The eset suite seem to be a favorite among the subscription services.

[Ancient Lady]

Many thanks I will take a look at Eset.

Do you think I should just ignore the firewall warning or should I be looking for other reasons for its strange behaviour?

[BeeCeeBee]

If you go with eset I believe that it contains a firewall that will replace Windows firewall anyway. Wolfeymole, I know, uses this package so if you have any questions just post them and you will get all the answers you need, probably tonight.