Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Built In Firewall


  • Please log in to reply

#1
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Member
  • PipPip
  • 25 posts
Okay, this is a wierd one, I got hit by a certain hijack ware that I was unable to remove, but not undo the damage it caused. I do not want to reinstall windows, as the recovery CD that came with my computer is a ghost copy meaning it will wipe my HDD.

The hijack ware I got was "Seekmo" and "mirar".

I was able to successfully remove them, but one of them has blocked access to windows firewall, and it is causing all my online games to not be able to run because windows firewall is blocking them. "Guild Wars" and World of Warcraft".

Could someone please help me with this?

When I do try to run windows firewall settings from the control panel it says"Due to an unexpected error windows firewall settings failed to load".
  • 0

Advertisements


#2
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest
guess you cleanout all your virus

so ok

how about installing another firewall just for security precautions

can you disable windows firewall

lower security long enough to gain access to games

KEEP IN MIND ITS GAMES THAT MIGHT OF GOT YOU INFECTED

DOWNLOAD ONE AND SEE IF YOU GET THE SAME RESULTS



http://www.filehippo...sonal_firewall/


http://www.filehippo...zonealarm_free/


good gaming
  • 0

#3
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, it is only Guild Wars, NWN, and NWN2 Beta that I play and the only chance of getting anything through them is if I try to use a BOT or skill calculator or anything, which I don't so no worries there. As for the windows firewall, lowering security settings only affects internet explorer and not the games. I am totally locked out of WIndows firewall, it is blocking all ports but the ones used by internet browsers.

Was doing a trial of WoW, but ended that today right after installing it, got tired of the update process. Took a 4.3GB DVD installed the game which was 5.7 on the HDD, then had to download not one update but five updates that was 250MB each. Said forget it called Blizzard and told them that I wasn't interested in the trial anymore. But that is kind of off subject.

Edited by KoE_Dae'Loki, 12 October 2006 - 01:49 AM.

  • 0

#4
crash override

crash override

    Member

  • Member
  • PipPipPip
  • 104 posts
You might want to post this in the malware removal section as it sounds like there is definitely something nasty in there.
  • 0

#5
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, this isn't in the malware removal since there is no more malware on the system, it has just taken and restricted me from being able to reinstall certain things such as system updates like the newest directX, and being able to access Windows Firewall Settings, Security Center, and a few others. LIke I said in the first post I have already removed the hijack/malware that was there. I use Both Ewido 4.0 and Panda Software Virus Removers to clear them, as Ad-Aware seems to no longer catch stuff anymore.

It used to block me from my internet settings but I finally got it unlocked, but have had no luck with the other stuff, it either took my privledges away from running them, or it has a registry entry that is blocking me like an entry that tells windows to run their program instead and since it isn't there anymore that might be why I am getting the error.

Edited by KoE_Dae'Loki, 12 October 2006 - 03:36 PM.

  • 0

#6
Guest_rushin1nd_*

Guest_rushin1nd_*
  • Guest


The hijack ware I got was "Seekmo" and "mirar".

I was able to successfully remove them, but one of them has blocked access to windows firewall, and it is causing all my online games to not be able to run because windows firewall is blocking them. "Guild Wars" and World of Warcraft".



it appears in your own words.....

------------------------------------------------------------
mirar---several versions of this one..does not fully uninstall has stealth

---------------------------------------------------------
Seekmo-- doesnt fully uninstall...has stealth
----------------------------------------------------------------

post a hi-jack log for the moderators to look at ....... there maybe some variants that may have been missed during there removal...they can spot this.
  • 0

#7
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, here is my hijack this log.

As far as the uninstall goes, it was a safemode with winshredder delete manual uninstall of them, complete registry check and all. Took me over 8 hours to isolate and eliminate all of it. I do not use the add/remove programs uninstall of these malware programs as they keep the processes runnning and after a few days to a few weeks they reinstall themselves.


Logfile of HijackThis v1.99.1
Scan saved at 5:55:40 PM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\All Users\Desktop\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = http://www.holyvehm.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158734562343
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

Attached Files


Edited by KoE_Dae'Loki, 13 October 2006 - 05:01 PM.

  • 0

#8
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I repair computers for a living, but I do not have a copy of windows to do a repair install. What I am looking for is either a way to reinstate prividges and also if possible which registry entries control the firewall, as I believe that the newer versions of Seekmo and the other one modify that as well. Or at least if anyone knows what files are utilized for the windows firewall, maybe they modified those files, and I might be able to just copy them from another computer that I own.
  • 0

#9
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Did HJT not include up to 023

It needs to be posted here

http://www.geekstogo...hp?showforum=37
  • 0

#10
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I am not needing help in removing a virus or malware, just to be able to get back into my windows firewall settings again. I had removed the programs, but they had messed up my windows install somehow so that I can't get into it and it is blocking everything but internet browsers.

I can use Opera, IE, and firefox, but the ftp functions of them aren't working, and since part of my job is webmastering, I need to ftp files constantly, and I am tired of using the network to transfet them and then upload, I would rather upload on the machine I manage the websites on.

Once again, I do not have a windows cd that can do a repair install, as it is a ghost image, meaning I will loose all files on my HDD, and I can not afford to do that, and since this computer only has a CD/RW DVD-ROM combo drive, backing the files up then doing a ghost install and then putting the files back is out of the question since I would have to back up about 70GB of files.
  • 0

Advertisements


#11
Fenor

Fenor

    Trusted Tech

  • Retired Staff
  • 5,236 posts
Hey KoE_Dae'Loki!

Try the following:

1. Download the attached WindowsFirewallFix.zip file, and extract the WindowsFirewallFix.reg file located inside of it. Then find that file on your computer and double-click it to run it. Click YES to the warning: Are you sure you want to add the information in FILE LOCATION HERE\WindowsFirewallFix.reg to the registry?
2. Go to START-->RUN and type cmd. In the new command prompt window, type NETSH FIREWALL RESET and hit enter. Then type Exit to close the command prompt window.
3. Open Windows Firewall control panel and enable it.

Should that NOT work, try this

1. Go to START-->RUN and type cmd. In the new command prompt window, type:
  • rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf
and hit enter. Type Exit to close the command prompt window
2. Reboot your computer
3. Go to START-->RUN and type cmd. In the new command prompt window, type NETSH FIREWALL RESET and hit enter. Type Exit to close the command prompt window.
4. Open Windows Firewall control panel and enable it.

Fenor

Attached Files


Edited by Fenor, 14 October 2006 - 06:33 AM.

  • 0

#12
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
First one didn't work, and when I do the second one, it gives me the following error.



Error in setupapi
Missing entry:installhinfsection
  • 0

#13
Fenor

Fenor

    Trusted Tech

  • Retired Staff
  • 5,236 posts
Do a search for netrass.inf on your computer, making sure to check the advanced options so that it searches in hidden files and folders. Let me know if that file even exists. The location of the file should be C:\Windows\inf.

Also, do you have any security software programs like Norton Internet Security, McAfee Security Center, eTrust, etc... installed on your system? Those disable the Windows Firewall by default.

Fenor
  • 0

#14
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
netrass.inf is there in the C:\windows\inf folder, and right now I have panda software and Ewido 4.0 installed, but both of them allow access to the windows firewall settings.

Edited by KoE_Dae'Loki, 15 October 2006 - 04:38 PM.

  • 0

#15
KoE_Dae'Loki

KoE_Dae'Loki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Okay, I looked at the netrass.inf file, and noticed some pretty wrong things in there, I put it where I thought it should be, then loaded that file on my wifes computer and double checked everything, and they were the same, upon saving it, and doing the
rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf
And rebooting my computer, I am now allowed to go back into the windows firewall, thank for all the help guys.


This problem is now fixed, and the admins can lock it down if they wish.

Edited by KoE_Dae'Loki, 16 October 2006 - 01:49 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP