Calum wrote:
> I cannot enable the firewall on my PC. Whenever I log on I get a red
> balloon in the taskbar telling me that the firewall is not enabled.
> When I try to enable it, I get the message "Windows cannot start the
> Windows Firewall/Internet Connection Sharing (ICS) service".
>
> I have also noticed that the task manager is unavailable at start-up,
> as is the Registry Editor and the command prompt. I have managed to
> rectify these problems, and have installed and run the
> WinsockXPFix.exe tool.
>
> However, when I reboot after doing all this, I am back to square one
> again - no task manager, no Registry Editor etc. and the firewall is
> still not enabled!
>
These are all symptoms of an infected computer. Remove malware as
follows, using updated tools and scanning in Safe Mode:
1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions. If you do not have a full-featured
av installed on your computer, first get and scan with TrendMicro's
Sysclean (instructions follow malware removal links). After scanning
with Sysclean, make sure you get a full-featured av, install it, update
it, and do a complete scan in Safe Mode.
Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.
2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.
Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).
If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and About:Buster works well in removing the
About:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.
3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).
4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.
5) Run a firewall.
Links to help with malware:
Software/Methods:
<a rel="nofollow" style='text-decoration: none;' href="http://www.safer-networking.org" target="_blank">http://www.safer-networking.org</a> - Spybot Search & Destroy
<a rel="nofollow" style='text-decoration: none;' href="http://www.lavasoftusa.com" target="_blank">http://www.lavasoftusa.com</a> - Ad-aware
<a rel="nofollow" style='text-decoration: none;' href="http://www.majorgeeks.com" target="_blank">http://www.majorgeeks.com</a> - good download site
<a rel="nofollow" style='text-decoration: none;' href="http://www.intermute.com/spysubtract/cwshredder_download.html" target="_blank">http://www.intermute.com/spysubtract/cwshredder_download.html</a>
<a rel="nofollow" style='text-decoration: none;' href="http://www.silentrunners.org/sr_cwsremoval.html." target="_blank">http://www.silentrunners.org/sr_cwsremoval.html.</a> - SilentRunners
<a rel="nofollow" style='text-decoration: none;' href="http://www.cexx.org/lspfix.htm" target="_blank">http://www.cexx.org/lspfix.htm</a> - Repair Winsock 2 settings after
removing spyware
<a rel="nofollow" style='text-decoration: none;' href="http://www.spychecker.com/program/winsockxpfix.html" target="_blank">http://www.spychecker.com/program/winsockxpfix.html</a> - WinsockXPFix.exe
HijackThis:
<a rel="nofollow" style='text-decoration: none;' href="http://www.aumha.org/a/hjttutor.htm" target="_blank">http://www.aumha.org/a/hjttutor.htm</a> - HijackThis tutorial by Jim
Eshelman
<a rel="nofollow" style='text-decoration: none;' href="http://aumha.net" target="_blank">http://aumha.net</a> - forums
<a rel="nofollow" style='text-decoration: none;' href="http://spywarewarrior.com/viewforum.php?f=5" target="_blank">http://spywarewarrior.com/viewforum.php?f=5</a> - Spyware Warrior HijackThis
forum
<a rel="nofollow" style='text-decoration: none;' href="http://www.wilderssecurity.com/" target="_blank">http://www.wilderssecurity.com/</a>
<a rel="nofollow" style='text-decoration: none;' href="http://forums.tomcoyote.org/" target="_blank">http://forums.tomcoyote.org/</a>
General:
<a rel="nofollow" style='text-decoration: none;' href="http://aumha.net" target="_blank">http://aumha.net</a> - look under "Security" for various forums
<a rel="nofollow" style='text-decoration: none;' href="http://rgharper.mvps.org/cleanit.htm" target="_blank">http://rgharper.mvps.org/cleanit.htm</a>
<a rel="nofollow" style='text-decoration: none;' href="http://mvps.org/winhelp2002/unwanted.htm" target="_blank">http://mvps.org/winhelp2002/unwanted.htm</a>
<a rel="nofollow" style='text-decoration: none;' href="http://www.aumha.org/a/parasite.htm" target="_blank">http://www.aumha.org/a/parasite.htm</a> - The Parasite Fight
<a rel="nofollow" style='text-decoration: none;' href="http://www.spywarewarrior.com/rogue_anti-spyware.htm" target="_blank">http://www.spywarewarrior.com/rogue_anti-spyware.htm</a>
TrendMicro's Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files.
1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:
<a rel="nofollow" style='text-decoration: none;' href="http://www.trendmicro.com/download/dcs.asp" target="_blank">http://www.trendmicro.com/download/dcs.asp</a> - Sysclean
<a rel="nofollow" style='text-decoration: none;' href="http://www.trendmicro.com/download/pattern.asp" target="_blank">http://www.trendmicro.com/download/pattern.asp</a> - virus pattern files
The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.
3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.
Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
<a rel="nofollow" style='text-decoration: none;' href="http://www.elephantboycomputers.com" target="_blank">www.elephantboycomputers.com</a>
"Don't Panic!"
FAQ
Search
Profile
Private Messages
Log in
Windows XP