Firewall help needed

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have the issue where the firewall will not stay on (XP2 Home). I have
followed all the recommendations in other posts - regedit, restarting
service, etc. and I can get it started but it doesn't stay on. Everyone also
recommends running the various anti-virus and spyware programs with the
latest definitions but how can you get the latest defs without a secure
connection?

I downloaded a free trial of Trend-Micro PC-Cillin with a firewall. I ran
and cleaned up the issues it found then went on line to get Microsoft and
other updates. I kept getting pop-ups like Party Poker and a Registry
cleaner among others. Once off-line, my MSN sign-on screen continuously pops
up.

I am re-running the trend-Micro scan. How can I be safe on-line again??

Thanks for any help. This is very frustrating.
-Barb
 
Barb said:
I have the issue where the firewall will not stay on (XP2 Home). I
have followed all the recommendations in other posts - regedit,
restarting
service, etc. and I can get it started but it doesn't stay on.
Everyone also recommends running the various anti-virus and spyware
programs with the latest definitions but how can you get the latest
defs without a secure connection?

I downloaded a free trial of Trend-Micro PC-Cillin with a firewall. I
ran and cleaned up the issues it found then went on line to get
Microsoft and
other updates. I kept getting pop-ups like Party Poker and a Registry
cleaner among others. Once off-line, my MSN sign-on screen
continuously pops up.

I am re-running the trend-Micro scan. How can I be safe on-line
again??
Click to expand...

You need to clean up your computer since it still has malware. Get the
tools and updates from a different, known-clean computer with Internet
access and a cd-rw drive (or have a usb thumbdrive with enough capacity
to transfer the files).

Go through these steps systematically:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

If doing the necessary work seems daunting (and there is no shame in
admitting this), take the machine to a professional computer repair
shop (not your local version of BigStoreUSA).

Malke
 
I forgot to mention that Pc-Cillin finds two items that it cannot quarantine.
C:/Windows/system32/kwicio.exe (TROJ QCOLOGIC.AA) and
C:/Windows/lsass.exe (Worm SDBOT.CIR)

In both cases, it tell me to delete the file if it is not needed but I
cannot find either of thme in the noted location.

Help!!!
 
Barb said:
I forgot to mention that Pc-Cillin finds two items that it cannot
quarantine.
C:/Windows/system32/kwicio.exe (TROJ QCOLOGIC.AA) and
C:/Windows/lsass.exe (Worm SDBOT.CIR)

In both cases, it tell me to delete the file if it is not needed but I
cannot find either of thme in the noted location.

Help!!!
Click to expand...

I gave you my answer in my first post to you. Go through the steps
systematically here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Since you have an SDBOT worm and a variant of the Qologic malware, you
will probably need to run HijackThis and post your log to one of the
forums listed at the above link (not here, please).

Or have a professional clean up your machine.

Malke
 
Thanks for the detailed instructions. I am downloading all the needed
resources from another computer and will give it a try.
 
Barb said:
Thanks for the detailed instructions. I am downloading all the needed
resources from another computer and will give it a try.
Click to expand...
Good. If you need more help, post back with full details. You can *do*
this! It just takes patience and not throwing the computer out the
window. ;-)

Malke
 
Thanks for the vote of confidence. I am making some progress. Ad-aware and
Spybot got rid of a bunch of stuff and some of it was specific to Security
Center. I'm also not getting the contunuous MSN sign-on screen anymore.
There were 2 items Spybot could not delete beause they were in memory. It
asked for permission to run at startup which I allowed but it still did not
work. Was this because I failed to restart in Safe Mode? (I did the
original scans in Safe Mode)
 
Barb said:
Thanks for the vote of confidence. I am making some progress.
Ad-aware and Spybot got rid of a bunch of stuff and some of it was
specific to Security Center. I'm also not getting the contunuous MSN
sign-on screen anymore.
There were 2 items Spybot could not delete beause they were in memory.
It asked for permission to run at startup which I allowed but it
still did not
work. Was this because I failed to restart in Safe Mode? (I did the
original scans in Safe Mode)
Click to expand...

I would do another scan with Spybot in Safe Mode. You may also need to
run HijackThis and post your log to one of the HJT forums listed on my
website (not here, please).

Malke
 
Back
Top