Windows Firewall XP - cannot enable!

By mephoto ·
Sorry for the length, but I feel the more detail the better chance of solution. About 3 months ago I began getting a dialog bubble from the bottom row whenever my computer booted up, saying "Norton Internet Worm" whatever was disabled and to click the box to fix. When I did, it went to the Windows Security Center like going through Control Panel/Security Center and the Firewall line was orange and "off". I clicked the "recommendations" button and it said to enable it, so I clicked the "enable" button. A box popped-up saying it couldn't enable it and to try going through the Windows Firewall settings. When I opened that, both the "on" and "off" check circles and write-ups were greyed over and unselectable (and the "off" one was filled in). Since this was frustrating and didn't appear to bother anything (and I don't think I have and Nortons stuff on my PC) I ignored it. Now I've gotten viruses twice in a week. When removing them, my internet explorer loses its ability to get online and the internet connection wizard says to check my HTTP port (80), HTTPS port (443) and FTP port (21). I don't know how to check this, but I was able to confirm somehow that those are the port numbers associated with those lettered ports. I assume these are being locked open by spyware/virus/malware, mostly because one of my cleaners seems to periodically find an "open firewall ports" thing when it scans. It claims to be removing the entries, but the firewall remains open. (whew) Please help!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Let us know how you go with this

by Jacky Howe In reply to Windows Firewall XP - can ...

Follow the steps below with the System started and restarted in Safe Mode with Networking. Running in Safe Mode loads a minimal set of drivers for the Operating System. You can use these options to start Windows so that you can modify the registry or load or remove drivers. If you can access the Internet use it to download and install the files.

If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM. You can also download the updates for MBAM and run them from the USB.

From another System download and install Spybot, update it and copy the the installed folders to a USB Stick. Copy MBAM and the Update as well.

With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.

Removing malware from System Restore points:

When your infected with any trojans, spyware, malware, they could have been saved in System Restore and can re-infect you. It's best to remove them.

Press the WinKey + r type sysdm.cpl and press Enter.
Select the System Restore tab and check "Turn off System Restore".

Press the WinKey + r type sysdm.cpl and press Enter
Select the System Protection tab. Untick the box next to Local Disk C: and any other drives and click on Turn System Restore off.

After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".
When all is clear you may need to tidy up the Registry. Link is at the bottom.

Once you have restarted the Infected System in Safe Mode, navigate to the USB stick and run Spybot.

Download Spybot - Search & Destroy and install it. Update it.

When you first start Spybot, click on the Mode menu and select Advanced mode. Under the Tools options (bottom left) select View Report. On the screen in the right hand pane, select View report to create a new report. Save the report as it may come in handy later. Spybot will also keep log files in this location in Vista:

C:\ProgramData\Spybot - Search & Destroy\Logs

Spybot will also keep saved log files in this location in XP:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs

Download Malwarebytes Anti-Malware, install it and update it.

<a href="" target="_blank"><u>Malwarebytes</u></a>

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
<a href="" target="_blank"><u>mbam-rules</u></a>

I would keep scanning with it until it is clean by closing out and rebooting and running it again.

Run this Rootkit Revealer GMer
<a href="" target="_blank"><u>Gmer</u></a>

<a href="" target="_blank"><u>FAQ</u></a>

Collapse -

No luck so far...

by mephoto In reply to Let us know how you go wi ...

Most of the steps worked fine, but still no luck. I'll try downloading the latest of the 2 programs to my wife's machine and moving them over with the USP or CDR. Some other notes:
1. the balloon at the bottom right at start-up says "your computer might be at risk. Norton Internet Worm protection is turned off." blah blah blah "click balloon to fix." Which I did and it took me to the Security Center with Firewall marked orange and "off", as previously stated.

2. When I hit the recommendations button on Security Center and hit the enable button in the following box, it said "we're sorry, security center could not turn on Windows Firewall." Select Windows Firewall, General tab, select "ON", click okay. Doesn't work because still both options (ON and OFF) are grayed out and unselectable, though OFF is selected.

3. I found this interesting. When I checked how my wife's is set up, the "ON"/"OFF" box says something about "you are protected by windows firewall turned on" something something at the top in a blue banner. In mine, the banner reads "For your security, some settings are controlled by Group Policy." Huh?

Thanks for the help so far and I'll keep trying and updating the progress.

Collapse -

It's possible that

by Jacky Howe In reply to No luck so far...

Virus activity is disabling the Firewall. Run the scans that I have suggested.

Collapse -

WinAntiVir or so

by SPC_TCOL In reply to It's possible that

Looks like some of these WinFixer programs.
Don't play around, the faster you scan your computer like it was already said, the better is the chance to remove this stuff without any problem.
With Antimalware, I found out that sometimes you need to use the full scan as well as the short one to remove everything.

Collapse -

click on ...

by StefanVerster In reply to Windows Firewall XP - can ...

start > run and type in msconfig and hit enter
click on the startup tab and click on disable all at the bottom.restart your pc then go to start > run and type in services.msc and hit enter.Go to WINDOWS FIREWALL/INTERNET CONNECTION SHARING (ICS) and make sure that it is set to automatic and that it is started.If it isn't started start that service then close the window.Go to control panel > windows firewall and then you should be able to turn it on or off.Hope it helps!

Related Discussions

Related Forums