Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

No Firewall - Help!! 1

Status
Not open for further replies.
Binnit

Binnit

Technical User
Apr 28, 2004
627
US
I installed SP2 this week, no real problems until I misguidedly visited a download site and installed some extremely nasty infections, read up the various cleaning devices posted in the faq and now have a clean machine (used GIANT Spycleanerand Spyware Doctor alonmg with Adaware to clean up)

Problem: I think I have cleaned up too much as I cannot enable the SP firewall, it says that the ICS needs to be running but I cannot get this to run, the Security center tells me to go to Control panel Firwall settings and that says it cannot enable.

Any ideas what has happened and how it can be fixed?
I have tried:-

Uninstalling SP2 and reinstall (no change)
Uninstalling my ADSL software (no change)
Uninstalled GIANT (after using it in case this was interfering)

I have heard that Adaware can cause problems, should I uninstall this next?

Any guidance appreciated as I am currently not firewalled.
Thanks


If IT ain’t working Binnit and Reboot
 
Sort by date Sort by votes
I would add that I am not using this machine on any sort of network and no other machines are connected to it, this is soley one machine used at home. I am not sure whay the firewall needs ICS to become enabled.


If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
Linney
Please tell me how to check and set it

Thanks
Binnit



If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
Linney
Thanks for your tip but I cannot get the service started using Security center or Control panel, is there some manual process to get it going?

If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
Linney
In your link the Sophos people say
"By turning off firewall protection and other security software the author of the latest incarnation of the Bagle worm is opening up computers to attack," said Graham Cluley, senior technology consultant for Sophos. "Increasingly virus writers are aiming to take over innocent peoples' computers in order to steal, spam or cause mischief."

Sophos notes that the W32/Bagle-AU worm is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update.
Click to expand...
This sounds exactly like my problem but I cannot locate any solution to it.

If anyone finds a solution or knows how I can resolve this please post.

Thanks

If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
Install a third party Firewall, such as ZoneAlarm or Steganos Personal or Tiny Firewall...

Go to the System Console, there under Management, you should find the Services, there you can manipulate (turn on, off, or set them Automatic) the various services running under XP...
(Sorry that I'm not able to give the correct wording of where to find the Services, as I am using a non english version of XP, and have to rely on simple translation)...



Ben

If it works don't fix it! If it doesn't use a sledgehammer...
 
Upvote 0 Downvote
Go to admistrative tools in control panel. Then services.
scroll down and Make sure the Windows Firewall/Internet Connection Sharing (ICS) service is Started and set to Automatic. Then try turning on the firewall.

One thing if all else fails. Boot from a xp cd and go thru to repair instalation. Let it run thru. After that your computer will run poorly until you go to windows update and redo all the critical updates including servive pack two. This fixed it for me. I had a major problem like this after trying to install a video card once.
 
Upvote 0 Downvote
cbmudd" has answered your question of where the Services are found. He is also referring you to this article -

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP (Q315341)


See what other errors you have mentioned in the Event Viewer, you can get to the Event Viewer (and Services too) via right click My Computer icon and select Manage.

Make sure you are using updated virus definitions and Spyware definitions with your scanners. Try the online virus scanners mentioned in these FAQ's as a second opinion is also worthwhile.

Removing adware & spyware
faq608-4650

What are Good Virus/Spyware?Update/Firewall Practices?
faq779-5240

Anything you may have removed with Ad-Aware or similar is more likely to break or effect some third party (non-windows) programs rather than any Windows program. These type of programs (Ad-Aware etc.) usually include an undo or restore procedure too. I have not seen reports (yet) of the firewall being broken by them, and don't advise that you start restoring any spyware.
 
Upvote 0 Downvote
Thanks guys for all your tips, I will follow up on these later today. (currently at work)

I am now totally convinced this is the result of Bagle AU and nothing else. VirusList.com have provided some removal advice regarding some files and a registry entry that need removal.

Will post back with results asap.




If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
Linney / CBmudd

Have now checked your suggestions above.

CBMudd: checked status (shown as blank) and tried to start the ICS through Admin tools the following error was reported:
Could not start Error 10047 Address incompatible with requested protocol was used
Click to expand...

Linney
Check the error log and found errors 7000/7016/7023

Mcafee (my AV) do not appear to have posted anything about this Bagle varient yet.

Any further suggestions welcomed, I fear a In place upgrade or clean install is imminently approaching.....




If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
Linney / CBmudd

Further news:

Have now managed to install ZoneAlarm (personal firewall only)and now have some protection.

Does Bagle AU spell the end of SP2 firewall protection one wonders?

Any further clues to the error reports etc in my previous posts?


If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
The error reports show service manager failures, and as you have discovered your ICF/ICS services are not in fact running.

I have two concerns:

. You added SP2 when you already were infected. SP2 cannot help you in this instance, and the installation is likely corrupt. The Services failures your Event Log suggests this is a likely scenario;

. There is an issue with the Service Pack installation, no matter what the timing of the infection.

I would:

. Uninstall SP2
. Aggressively use online AV scanners, at least Trend Micro and Panda: . Follow the other cleanup steps in faq608-4650
. Reinstall SP2
 
Upvote 0 Downvote
Bill
Thanks for your posting, I was wondering if you were likely to respond to this query last night when I was posting, I guess you were otherwise engaged watching the Redskins perhaps?

Anyway,
I believed I was clear/clean prior to installing SP2, I of course do not wish to question your superior knowledge of these issues but how can you be sure this was the case?

Are you suggesting there is an issue with my SP2 installation or SP2 in general?

Do you consider this to be brought on by Bagle AU?

Would you now recommend a clean install anyway?
Thanks

If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
Don't mention the Redskins yesterday...bad topic.

I was actually busy handing out Haloween candy.

"Are you suggesting there is an issue with my SP2 installation or SP2 in general?"

Service Pack 2 does not install well in situations were there are existing malware entries. It appears to install well, but there seem always to be issues. This is reflected in the Microsoft article:
Hence the earlier suggestions to remove SP2, clean the box, and then reinstall.
 
Upvote 0 Downvote
Bill
Ooops, never did hear the result, I was listening to the BBC 10pm news and the correspondent mentioned the match was in progress whilst passing some comments about some election going on over there....?, clearly not the result you wanted by all accounts. I'm not sure that the rest of the world wants either of your election candidates to win either, perhaps you should stand for the Oval room!!

Anyway thats not for this forum - Vote B Castner... sorry

OK so I am in need to another clean up routine


If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
Tomorrow is election day for the US president, as well as a lot of Governships of States, Senatorial and House races. So tomorrow in the US is a big deal. Of the many "predictors" of the presidential election, whether the Washington Redskins win on the Sunday before election Tuesday. John Kerry supporters have a welcome omen for their candidate: The Green Bay Packers defeated the Washington Redskins yesterday. If history holds, the 28-14 result portends a victory for Kerry tomorrow because the result of the Redskins' final home game before the presidential election has always accurately predicted the White House winner. If the Redskins win, the incumbent party wins. If they lose, the incumbent party is ousted.

I am sure there must be some local lore about Manchester United and the fate of the Labor Party in the UK.

 
Upvote 0 Downvote
Error 10047.

These values are defined in the WinError.h header file. They are returned by the GetLastError function when many functions fail.

Try resetting the winsock entries. (Go to the command prompt and then type the command "Netsh winsock reset")


 
Upvote 0 Downvote
Linney / CBmudd / Bill
Thanks for all your assistance with this, in view of the multiple problems and errors being reported (despite its appearance to be running properly) I will progress with a clean install. It was getting towards that time of year anyway and it will be nice to be squeaky clean and fully SP'd

Linney - a star for your continuity, patience and provision of useful links from the start.

If IT ain’t working Binnit and Reboot
 
Upvote 0 Downvote
I know of a way to fix this problem. I also had the same misfortune. you have go reset your winsock in the comand prompt menu. click start, click run, in the run box type cmd, winsock reset, it should tell you you have successfully reset winsock. close out of this and restart your computer. now you should be able to turn your firewall on and off.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
769
goombawaho
goombawaho
TomSalvato
  • Locked
  • Question
Help with a DOS command that isn't working for me
Replies
7
Views
207
Professor Shadow
Professor Shadow
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
440
pjw001
pjw001
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
375
guitarzan
guitarzan
pmonett
  • Locked
  • Question
What is this now ? 1
Replies
8
Views
648
pmonett
pmonett

Part and Inventory Search

Sponsor

Back
Top