Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

rdriv.sys [RESOLVED]

Started by Think of Me , May 31 2005 06:59 AM

  • This topic is locked This topic is locked

#16
Michelle
Posted 01 June 2005 - 02:27 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Yeah, this nasty little rootkit disables the windows firewall. :tazz:

Here are the instructions to turn it back on:

Click Start > Control Panel.
Double-click the Security Center.
In the right pane, click Windows Firewall. The Windows Firewall appears.
Select On.
Click OK to close the Windows Firewall.
In the left pane of the Security Center, select Change the way Security Center alerts me.
Click Alert Settings.
Select Alert Settings, Firewall, and Virus Protection.
Click OK
Click Automatic Updates.
Select Automatic.
Click OK.
Exit the Security Center.

Let me know if that doesn't work...
  • 0

Advertisements

#17
Michelle
Posted 01 June 2005 - 03:12 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Go to Start > Connect to > Show all connections

Right-click on your default internet connection, then go to properties. Click the "Advanced" tab and make sure there is a check next to "Help protect my computer and Network by limiting or preventing access to this computer from the Internet."

Edited by bananafanafo, 01 June 2005 - 03:13 PM.

  • 0

#18
Michelle
Posted 01 June 2005 - 05:41 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You can ignore my last 2 posts. It disables the firewall by editing the registry, so we'll have to fix it in the registry.

I'll be back as soon as possible!
  • 0

#19
Think of Me
Posted 01 June 2005 - 06:07 PM

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The things you told me to do are all grayed out and unclickable anyway. =/
  • 0

#20
Michelle
Posted 01 June 2005 - 06:21 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I realized that after I posted. :tazz:

Go to Start > Run type in:

regedit

Navigate to this key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Click to highlight 'Security Center', then go up to File > Export. Change the "Save As Type" to "Text Files" type key in the File Name box. Save it on your desktop.

(Make sure the "Export Range" at the bottom has "Selected Range" ticked)

Locate key.txt on your desktop. Double-click it to open the text file, copy everything in it and paste it here.
  • 0

#21
Think of Me
Posted 01 June 2005 - 06:36 PM

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
Class Name: <NO CLASS>
Last Write Time: 5/26/2005 - 5:18 PM
Value 0
Name: AntiVirusDisableNotify
Type: REG_DWORD
Data: 0x1

Value 1
Name: FirewallDisableNotify
Type: REG_DWORD
Data: 0x1

Value 2
Name: UpdatesDisableNotify
Type: REG_DWORD
Data: 0x1

Value 3
Name: AntiVirusOverride
Type: REG_DWORD
Data: 0x1

Value 4
Name: FirewallOverride
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM
Value 0
Name: DisableMonitoring
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM
  • 0

#22
Michelle
Posted 01 June 2005 - 06:51 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Open Notepad, and copy everything inside the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as firewall.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

Locate firewall.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES. After merged successfully prompt, please reboot and let me know if your firewall is now working!
  • 0

#23
Think of Me
Posted 01 June 2005 - 07:25 PM

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Err no it's still grayed out.
  • 0

#24
Michelle
Posted 01 June 2005 - 07:27 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
do this for me again, please:

Go to Start > Run type in:

regedit

Navigate to this key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Click to highlight 'Security Center', then go up to File > Export. Change the "Save As Type" to "Text Files" type keys in the File Name box. Save it on your desktop.

(Make sure the "Export Range" at the bottom has "Selected Range" ticked)

Locate keys.txt on your desktop. Double-click it to open the text file, copy everything in it and paste it here.
  • 0

#25
Think of Me
Posted 01 June 2005 - 07:42 PM

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
Class Name: <NO CLASS>
Last Write Time: 6/1/2005 - 8:15 PM
Value 0
Name: AntiVirusDisableNotify
Type: REG_DWORD
Data: 0x0

Value 1
Name: FirewallDisableNotify
Type: REG_DWORD
Data: 0x0

Value 2
Name: UpdatesDisableNotify
Type: REG_DWORD
Data: 0x0

Value 3
Name: AntiVirusOverride
Type: REG_DWORD
Data: 0x0

Value 4
Name: FirewallOverride
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
Class Name: <NO CLASS>
Last Write Time: 6/1/2005 - 8:16 PM
Value 0
Name: DisableMonitoring
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
Class Name: <NO CLASS>
Last Write Time: 2/8/2005 - 10:31 PM
  • 0

Advertisements

#26
Michelle
Posted 01 June 2005 - 07:51 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
There must be some other policies set somewhere...I'll be back as soon as possible!
  • 0

#27
Michelle
Posted 01 June 2005 - 07:54 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You are on an account with Administrative rights, correct?
  • 0

#28
Michelle
Posted 01 June 2005 - 08:00 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
do this for me again (different key), please (we may have to do this a couple of more times...see what mean when I said it's a pain to remove? :tazz: ):

Go to Start > Run type in:

regedit

Navigate to this key:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall

Click to highlight 'WindowsFirewall', then go up to File > Export. Change the "Save As Type" to "Text Files" type firewall in the File Name box. Save it on your desktop.

(Make sure the "Export Range" at the bottom has "Selected Range" ticked)

Locate firewall.txt on your desktop. Double-click it to open the text file, copy everything in it and paste it here.

Edited by bananafanafo, 01 June 2005 - 08:03 PM.

  • 0

#29
Think of Me
Posted 01 June 2005 - 08:05 PM

Think of Me

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
Class Name: <NO CLASS>
Last Write Time: 5/26/2005 - 5:18 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
Class Name: <NO CLASS>
Last Write Time: 5/26/2005 - 5:18 PM
Value 0
Name: EnableFirewall
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
Class Name: <NO CLASS>
Last Write Time: 5/26/2005 - 5:18 PM
Value 0
Name: EnableFirewall
Type: REG_DWORD
Data: 0x0
  • 0

#30
Michelle
Posted 01 June 2005 - 08:11 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Open Notepad, and copy everything inside the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as firewall2.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000

Locate firewall2.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES. After merged successfully prompt, please reboot and let me know if your firewall is now working (it should now!)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP