Author Topic: Unable to change firewall settings after Trojan attack....  (Read 20606 times)

0 Members and 1 Guest are viewing this topic.

Offline spook45

  • Newbie
  • *
  • Join Date: Dec 2011
  • Posts: 6
  • Karma: 0
    • View Profile
Unable to change firewall settings after Trojan attack....
« on: December 08, 2011, 04:20:32 pm »
I have a thread going on the Emsisoft site and ShadowPuterDude (admin) suggested that I try you Windows Repair tool to see if it would fix my problem. First of all this is running on Windows 7 x64 Home Premium with 8gb RAM and a 2TB Drive.

I downloaded the current version of the tool and ran it as ShadowPuterDude instructed me. Whenever I go to check the status of the firewall it indicates that my firewall is not set to the reccomended setting. When I click on the button to set to reccomended settings I get an error message stating "cannot change some of your settings: error code 0x80070424"

Can you shed any light on this or suggest a possible fix. My wife and I are a little skittish about running the system without knowing whether or not the firewall is set to the correct state.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #1 on: December 09, 2011, 10:14:58 am »
What repairs did he have you run?

The Windows firewall rely on WMI as well. And permissions can play a big role.

So try the reset reg permissions, WMI and the firewall repairs and let me know how it goes. Make sure to reboot after :wink:

Shane

Offline spook45

  • Newbie
  • *
  • Join Date: Dec 2011
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #2 on: December 10, 2011, 10:49:00 am »
I have my wife's desktop (infected and having problems) and my laptop. Both of them are running Win7. I have tried to compare the services between the two and the one that sticks out is 'bfe'. It is running on my laptop and not on the desktop.

I tried running WR (advanced) default settings and that did not start bfe. One suggestion I have got so far is to reinstall SP1 for Win7. Would that help? I don't see 'bfe' as a repair option on your list under advanced. I am grasping for straws here. I am just about to point of reinstalling Win7 but I would really hate to blow my wife's HD to hell. She has all her applications installed and it would really be a job to get it back the way it was. Any suggestions or help would greatly be appreciated.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #3 on: December 10, 2011, 11:12:40 am »
The one thing I will never have my repair program do (And why it will never be perfect) is change registry settings. Its like playing with fire. One wrong setting and a persons system is down.

So when a infection messes up the reg settings the best and safest thing to do is a reinstall.

First you can try a repair reinstall. If that doesn't fix it you will need to do a normal reinstall.

So far your problems don't seem to be permissions related. It looks more like reg keys where changed or removed.

While I may add a few reg settings (Only safe ones) down the road. The best thing you can do at this point is a reinstall :wink:

Do you need any info on how to do a repair install?

Shane

Offline spook45

  • Newbie
  • *
  • Join Date: Dec 2011
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #4 on: December 10, 2011, 12:00:16 pm »
Yes please. I have never done a repair reinstall.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile

Offline spook45

  • Newbie
  • *
  • Join Date: Dec 2011
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #6 on: December 11, 2011, 10:12:22 am »
Thank you very much for the information. I have the system install disk that came with her system so we shall see. The last resort will be a full re-install.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #7 on: December 11, 2011, 12:59:28 pm »
Let me know the outcome :-)

I am going to be looking into the reg keys that the services windows needs. If they all match up across multiple Windows versions and their values never change then I might be able to safely add those reg keys to the repair :wink:

Shane

Offline spook45

  • Newbie
  • *
  • Join Date: Dec 2011
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #8 on: December 11, 2011, 08:44:28 pm »
I was able to get the Firewall working again. I did a full scan with Emsisoft Malware and Spybot S&D and all was clean. ShadowPuterDude on the Emsisoft site was able to give a registry script that started both the BFE and Firewall. Now I have clean up some printer issues and my wife's system should be back to normal.

Thank you so very much for your assistance and the excellent tools you provide to the community. I will be visiting your site on an on-going basis.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #9 on: December 12, 2011, 12:38:50 am »
Wouldn't mind getting those scripts from you to add them to the repair tool :wink:

Shane

Offline spook45

  • Newbie
  • *
  • Join Date: Dec 2011
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #10 on: December 12, 2011, 08:38:17 am »
I call them scripts because that is how the reg editor refers to them. They seem to be registry entries that have a .reg filename extender. When I double-click on the file it starts the registry editor and asks if I will allow a merge of the files. I indicated yes and it fixed the problem. The contents of the script are listed in my post on the emsisoft site along with instructions on how to use  them and what they were for.

If you can't get to them let me know and I will copy them over but the whole thread explains just what was going on and why the scripts were generated.

Both you and ShadowPuterDude have been awesome with your help and expertise. This has been a stressful time for my wife and I know that I would not have been able to get through this without this expertise. Like I said before I will be checking into your site in the future.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Unable to change firewall settings after Trojan attack....
« Reply #11 on: December 12, 2011, 08:42:27 am »
I will check out the reg files later on and see if I can include them (Safely) into the windows repair :-)

Shane