Skip to content


Reply
Stone Emissary
featherwind
Posts: 22
Registered: ‎06-13-2012
Accepted Solution

Aftermath of Troj_SIREFEF.ERO -- no windows firewall

After getting help removing the trojan yesterday, today I discovered my firewall was down or not even there maybe.  At least I cannot make changes in it which tells me somethings is really wrong.  (Tuneup Utilities alerted me to it being down.)

Control panel - to Win firewall.  Try to update settings and get: Win firewall can't change settings error 0x8007024.

 

Searched and went here: http://blogs.technet.com/b/asiasupp/archive/2011/12/27/error-code-0x80070424-with-windows-firewall-a...

 

Checked services.msc first just to see and BFE was there and started.  Windows Firewall wasn't even listed. 

 

Did those steps on above link plus also gave permission for Everyone on mpssvc.  (that wasn't said to do but I did it anyway since the first part didn't work).

This still didn't work but Windows Firewall was now listed.  Trying to start it gave me the error: could not start, review system log and whatever.

 

Checked the log:  The Windows Firewall service teminated with service-specific error Access is denied..  event id 7024

Before that there was a log on the Firewall service entered the stopped state.  event id 7036  (if that means anything)

 

Okay, so tried those.  I also tried Microsoft Fix it for Firewall which couldn't turn it on.

Next I went to systerm restore  -- Oh boy --- we cleaned that out last night and put in "Clean" for the new one.  So there was nothign to restore to.

Ran Malwarebytes, Hitman Pro, Microsoft scanner something or other, all in safe mode and nothing found.

 

So I'm back begging for help for you again.  Remember I'm not that computer savvy.

 

Win7 Pro 64bit

TM Titanium Max Sec 2012

 

 

 

Please use plain text.
Stone Emissary
featherwind
Posts: 22
Registered: ‎06-13-2012

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

Tried this:  http://support.microsoft.com/kb/2530126

Method 2 & 3 didn't work.

 

Tried SFC /scannow command   system file checker.   Nothing found.  (that was way back at the start)

 

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,944
Registered: ‎08-08-2011

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

[ Edited ]

OK..i can determine and fix that for u..:smileyhappy:

 

run farbar service scanner

download link can also be found here: http://forum.avast.com/index.php?topic=94552.msg756660#msg756660


Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
featherwind
Posts: 22
Registered: ‎06-13-2012

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

I just installed Comodo Firewall (not that I have a clue on it).  But I wanted a firewall up.  Here's the log:

 

Farbar Service Scanner Version: 09-06-2012 Ran by Nancy biz (administrator) on 16-06-2012 at 00:47:06 Running from "C:\Users\Nancy biz\Desktop" Microsoft Windows 7 Professional  Service Pack 1 (X64) Boot Mode: Normal ****************************************************************

Internet Services: ============

Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error: Google IP is offline Attempt to access Google.com returned error: Google.com is offline Yahoo IP is accessible. Yahoo.com is accessible.

Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy: ==================

System Restore: ============

System Restore Disabled Policy: ========================

Action Center: ============

Windows Update: ============

Windows Autoupdate Disabled Policy: ============================

Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".

Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1

File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-06-13 05:07] - [2012-04-23 23:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Please use plain text.
Stone Emissary
featherwind
Posts: 22
Registered: ‎06-13-2012

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

Scan with Comodo exited:

 

Farbar Service Scanner Version: 09-06-2012 Ran by Nancy biz (administrator) on 16-06-2012 at 00:51:56 Running from "C:\Users\Nancy biz\Desktop" Microsoft Windows 7 Professional  Service Pack 1 (X64) Boot Mode: Normal ****************************************************************

Internet Services: ============

Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible.

Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy: ==================

System Restore: ============

System Restore Disabled Policy: ========================

Action Center: ============

Windows Update: ============

Windows Autoupdate Disabled Policy: ============================

Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".

Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1

File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2012-06-13 05:07] - [2012-04-23 23:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,944
Registered: ‎08-08-2011

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

[ Edited ]

Please attach it [log] here..dont copy paste

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
featherwind
Posts: 22
Registered: ‎06-13-2012

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

 
Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,944
Registered: ‎08-08-2011

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

[ Edited ]

Please do so:

 

Go to run.

 

type in services.msc

 

in new window,scroll down and select the windows firewall service

 

right click and select properties 

 

move the startup type to automatic and click apply

 

reboot the machine

 

Capture.PNG

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
featherwind
Posts: 22
Registered: ‎06-13-2012

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

That is what it already was. 

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,944
Registered: ‎08-08-2011

Re: Aftermath of Troj_SIREFEF.ERO -- no windows firewall

[ Edited ]

u mean it is on automatic already?

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.