windows firewall

[kane]

when i turn my computer on my windows firewall needs to be turned on manually. im running windows xp pro. iv checked on administrative tools, services and the firewall is set to automatic. anyone got any ideas?

[Guest Wolfeymole]

You don't have any other Firewall software installed do you Kane?

[kane]

No i dont think so. Iv got Avast anti-virus, i dont think that has a Firewall. It was fine until a couple of weeks ago. Im also unable to Defrag my internal hard drive and when iv tried system restore there are no restore points and it will not let me make a restore point?

[Plastic Nev]

Hi, have you run a scan with Avast recently? if not, do so and let us know if it turns anything up please. I think you may have something you don't want, but will wait for your answer first before going any further.

Nev.

[kane]

Hi, no i haven't, I'll do that now. I just downloaded and installed Zone Alarm Basic Firewall as it said in Which magazine it was the best free Firewall but it is incompatible with Avast so iv uninstalled it again. I'll let you know how i get on with the scan, thanks.

[kane]

I done the scan and i have 2 Trojans? I took a screen shot of both, is there a way i could put them up? What should i do next? Thanks

[RandyL]

Do you see a paper clip icon? You can attach the screenshot by using that.

 

You can also just let us know which Trojans were found.

 

It does sound like there is a possibility that the Trojans are turning off your firewall and interfering with System Restore. Did Avast remove them?

[kane]

I see the paper clip icon but don't understand how to attach it as it says enter URL, Iv saved the screen shot to my external hard drive. Here's what the 1st says anyway.

 

File name: C:\RECYCLER\S-5-7-26-100028501-100009732-7448.

Malware name: Win32:Alureon-D [Trj]

Malware type: Trojan Horse

VPS Version: 090429-0.29/042009

 

I moved the Trojan to Chest as recommended. Thanks for any help

[Tootech]

It may be that you have other malware floating around on your PC, best thing to do is run a full malware disinfection process as below. It takes a while, but its worth it.

 

 

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

 

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:
   

    

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark All the Fixed Drives.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[kane]

Thanks for that Tootec. Would it best to download ATF-Cleaner, Malwarebytes and SuperAntiSpyware all in 1 go before anything else? When do i need to turn my Anti-Virus off? Im not using Firefox, im using Google Chrome, does that make any difference? I could use Internet Explorer to Select All if i need to. sorry for all the questions

[kane]

Are all these downloads Free?

[Tootech]

Yes, they are all free downloads. I'd download them all before you start, makes it easier that way.

 

Disable your antivirus software after you have the downloads, and before you start the installing and scanning.

 

Chrome is great, but for the Eset online scan you must Internet Explorer.

[kane]

Thanks for that Tootech, here goes..

[kane]

I'v downloaded the 3 programs and done Step 1, Malwarebytes wont open for some reason? I'v uninstalled and downloaded it again but its still not working. If and when i get to Step 4 do i turn my Anti-Virus back on before using ENET Online Scanner?

[Plastic Nev]

Hi, OK about the Malwarebytes, leave that one for now and try the next step which is the "Superantispyware".

 

If that won't install, or open go on to the Eset scan and try that, You can leave your Avast on or off, it shouldn't interfere with the Eset scan, but if you want to be sure turn your antivirus off if you wish.

 

Let us know if any of the others will work. If not we can advise how to get Malwarebytes and the others to work, but it is slightly complicated to do, so for now try what you have first.

[kane]

Ok thanks Nev, I'll let you know how i get on

[kane]

Superantispyware would would not open either, it said "has encountered a problem and needs to close"

I tried Eset online scanner and each link that i tried said "Oops this link appears broken". Then when i did manage to get on one and installed it, when i pressed start it said "Error: Update Failed (200)".

 

I'v had problems with IE for a while now and use Google Chrome with hardly any probs.

On IE certain web pages go to Myspace and YouTube and other advertising pages, not what I'v been looking for.

[kane]

Has any1 any ideas as what to do next? any help is much appreciated.

[Goku]

Hello Kane. I will try to help you out.

 

Please download Unlocker by Cedrick 'Nitch' Collomb. Install the program and restart your computer.

 

Now, browse to the following location and manually delete the folder name (highlighted in red).

 

C:\Documents and Settings\<User Name>\Local Settings\Temp

 

To do so, right-click on the folder and select Unlocker from the context menu. On the corresponding screen, select Delete from the drop-down menu at the bottom left. Then press the Unlock All button. The folder should successfully be deleted. If not, then Unlocker will ask you to delete it on next boot. Answer Yes to it and reboot the computer. Empty the Recycle Bin and restart your computer.

 

You will need to show hidden files and folders in order to do the above procedure. Please do the below to enable that setting:

 

• Open My Computer or any other folder window.
  
• Under the Tools menu, select Folder Options.
  
• Click the View tab.
  
• Under Hidden files and folders, switch the radio button to Show hidden files and folders.
  
• Click Apply and then OK.
  
• Refresh the folder.
  

Let us know if you get stuck somewhere. Hope that helps. :)

 

-- Goku

[kane]

Thanks Goku, I followed your above instructions and the Temp file has been deleted, nothing else seems to have changed though? I'm still unable to do the above tasks given to me by Nev. Is there anything else i should do?

On the ESET Online Scan it says that Windows is unable to verify the publisher. The Active X add-on is enabled in Manage add-on's but still will not work. Cheers.

[Goku]

OK, I think we may still have some undesirable programs. Please download and install CCleaner from here. Open the program and switch to the Startup tab and please note down all the entries present. List these entries in your next reply and I will advise you further.

 

Oh, and you can freely use CCleaner for your maintenance operations. It is a very good utility. Just make sure you stay away from its Registry section as it is a bit dangerous.

 

Hope that helps. :)

 

-- Goku

[kane]

Thanks Goku I'll try that now

[kane]

I'V downloaded CCleaner and done what you said Goku. Most of the entries present are on my desk top and all enabled apart from this one.

 

Enabled Key Program File

No HKLM:Run MWSBAR rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\

MWSBAR.DLL,S

 

I hope this helps. do you want me to list the other entries? Shall I enable this entrie? about a month ago i kept getting a rundll32 error message on start up and i was told to go to Run, Msconfig and unmark it which got rid of the error message. Thanks for any more help

[kane]

That didnt come out as I'd typed it, it should read:

 

Enabled: No

Key: HKLM:Run

Program: MWSBAR

File: rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

 

thanks

[RandyL]

Hi kane;

I would just like to interject until Goku gets back if you don't mind.

 

MOST of the entries that you mentioned are probably related to MYWEBSEARCH, MYWEB TOOLBAR or similar. These are often considered malware or at the very least spyware or adware.

 

There are no shortcuts here. You need to remove every single thing these these programs find in order to fix your system. You can not pick and choose.

 

What else did they find? Please be specfic in the details.

 

My concern is that you may have many malicious programs installed. Unless you get rid of those first a proper cleang may be fruitless.

 

Myweb, smilies, screensavers. P2P, torrents, games etc are all suspect programs.

 

Even one such program could be the source.

 

At the end of the day the only option may be a reinstall unless you are willing to remove these things and go through many steps without wavering on removing these items.