Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rdriv.sys [RESOLVED]


  • This topic is locked This topic is locked

#16
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Yeah, this nasty little rootkit disables the windows firewall. :tazz:

Here are the instructions to turn it back on:

Click Start > Control Panel.
Double-click the Security Center.
In the right pane, click Windows Firewall. The Windows Firewall appears.
Select On.
Click OK to close the Windows Firewall.
In the left pane of the Security Center, select Change the way Security Center alerts me.
Click Alert Settings.
Select Alert Settings, Firewall, and Virus Protection.
Click OK
Click Automatic Updates.
Select Automatic.
Click OK.
Exit the Security Center.

Let me know if that doesn't work...
  • 0

Advertisements


#17
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start > Connect to > Show all connections

Right-click on your default internet connection, then go to properties. Click the "Advanced" tab and make sure there is a check next to "Help protect my computer and Network by limiting or preventing access to this computer from the Internet."

Edited by bananafanafo, 01 June 2005 - 03:13 PM.

  • 0

#18
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You can ignore my last 2 posts. It disables the firewall by editing the registry, so we'll have to fix it in the registry.

I'll be back as soon as possible!
  • 0

#19
Think of Me

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The things you told me to do are all grayed out and unclickable anyway. =/
  • 0

#20
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I realized that after I posted. :tazz:

Go to Start > Run type in:

regedit

Navigate to this key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Click to highlight 'Security Center', then go up to File > Export. Change the "Save As Type" to "Text Files" type key in the File Name box. Save it on your desktop.

(Make sure the "Export Range" at the bottom has "Selected Range" ticked)

Locate key.txt on your desktop. Double-click it to open the text file, copy everything in it and paste it here.
  • 0

#21
Think of Me

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
Class Name: <NO CLASS>
Last Write Time: 5/26/2005 - 5:18 PM
Value 0
Name: AntiVirusDisableNotify
Type: REG_DWORD
Data: 0x1

Value 1
Name: FirewallDisableNotify
Type: REG_DWORD
Data: 0x1

Value 2
Name: UpdatesDisableNotify
Type: REG_DWORD
Data: 0x1

Value 3
Name: AntiVirusOverride
Type: REG_DWORD
Data: 0x1

Value 4
Name: FirewallOverride
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM
Value 0
Name: DisableMonitoring
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM
  • 0

#22
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Open Notepad, and copy everything inside the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as firewall.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

Locate firewall.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES. After merged successfully prompt, please reboot and let me know if your firewall is now working!
  • 0

#23
Think of Me

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Err no it's still grayed out.
  • 0

#24
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
do this for me again, please:

Go to Start > Run type in:

regedit

Navigate to this key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Click to highlight 'Security Center', then go up to File > Export. Change the "Save As Type" to "Text Files" type keys in the File Name box. Save it on your desktop.

(Make sure the "Export Range" at the bottom has "Selected Range" ticked)

Locate keys.txt on your desktop. Double-click it to open the text file, copy everything in it and paste it here.
  • 0

#25
Think of Me

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
Class Name: <NO CLASS>
Last Write Time: 6/1/2005 - 8:15 PM
Value 0
Name: AntiVirusDisableNotify
Type: REG_DWORD
Data: 0x0

Value 1
Name: FirewallDisableNotify
Type: REG_DWORD
Data: 0x0

Value 2
Name: UpdatesDisableNotify
Type: REG_DWORD
Data: 0x0

Value 3
Name: AntiVirusOverride
Type: REG_DWORD
Data: 0x0

Value 4
Name: FirewallOverride
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
Class Name: <NO CLASS>
Last Write Time: 6/1/2005 - 8:16 PM
Value 0
Name: DisableMonitoring
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM
  • 0

Advertisements


#26
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
There must be some other policies set somewhere...I'll be back as soon as possible!
  • 0

#27
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You are on an account with Administrative rights, correct?
  • 0

#28
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
do this for me again (different key), please (we may have to do this a couple of more times...see what mean when I said it's a pain to remove? :tazz: ):

Go to Start > Run type in:

regedit

Navigate to this key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall

Click to highlight 'WindowsFirewall', then go up to File > Export. Change the "Save As Type" to "Text Files" type firewall in the File Name box. Save it on your desktop.

(Make sure the "Export Range" at the bottom has "Selected Range" ticked)

Locate firewall.txt on your desktop. Double-click it to open the text file, copy everything in it and paste it here.

Edited by bananafanafo, 01 June 2005 - 08:03 PM.

  • 0

#29
Think of Me

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
Class Name: <NO CLASS>
Last Write Time: 5/26/2005 - 5:18 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
Class Name: <NO CLASS>
Last Write Time: 5/26/2005 - 5:18 PM
Value 0
Name: EnableFirewall
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
Class Name: <NO CLASS>
Last Write Time: 5/26/2005 - 5:18 PM
Value 0
Name: EnableFirewall
Type: REG_DWORD
Data: 0x0
  • 0

#30
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Open Notepad, and copy everything inside the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as firewall2.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

Locate firewall2.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES. After merged successfully prompt, please reboot and let me know if your firewall is now working (it should now!)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP