Firewall will not restart post virus removal

jmar22LS

New Member
Thread author
Jun 23, 2013
9
Yesterday 6/22/13 I noticed MSE was not running in the lower right hand corner. Looked across my desktop and found a new icon which looked very similar to MSE. I thought they must have updated it so I clicked on it. Up popped Internet Security Pro 2013 and all its warnings. I turned off the computer and used my phone to find your instructions to remove it. Since cleaning I can not get my firwall back up and I also downloaded windows defender and was unable to update definitions or perform a complete scan.

[attachment=4937]

[attachment=4938]

[attachment=4939]
 

Attachments

  • OTL.Txt
    66.1 KB · Views: 98
  • Extras.Txt
    58.9 KB · Views: 77
  • aswMBR.txt
    2.2 KB · Views: 66

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
When you install MSE, window defender is disabled. The firewall issue could be damage left by the infection.

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Download and Run Windows Repair (all in one)

Download Windows Repair (all in one)

  • Install the program then run it.
  • Go to step 2 and allow it to run Disc check by clicking Do It
  • Go to step 3 and allow it to run SFC
  • Go to start repairs tab and click start.
  • Allow the program to create a system restore and backup registries when prompted.
  • Check the box next to "Restart/Shutdown system when finished" and ensure all the boxes are checked along with the default checks
  • Then click Start.
 

jmar22LS

New Member
Thread author
Jun 23, 2013
9
Thank you for your help, I have attached the logs for your review and am running windows repair now.

Log 1
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.23.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: YOUR-4DACD0EA75 [administrator]

6/23/2013 2:41:34 PM
mbar-log-2013-06-23 (14-41-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 244862
Time elapsed: 23 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
c:\RECYCLER\S-1-5-18\$07c0e18193ec1bb40ff7cf21eb1c806d (Trojan.Siredef.C) -> Delete on reboot.
c:\RECYCLER\S-1-5-21-2367585421-942839917-2321535563-1007\$07c0e18193ec1bb40ff7cf21eb1c806d (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Log 2
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.23.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: YOUR-4DACD0EA75 [administrator]

6/23/2013 3:23:32 PM
mbar-log-2013-06-23 (15-23-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 244673
Time elapsed: 23 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

jmar22LS

New Member
Thread author
Jun 23, 2013
9
Thank you Fiery,
I ran the windows repair and now have my firewall back. I am still a little concerned though because during the repair the program kept asking for my original XP disc with servcie pack 3. My original disc is service pack 1 and service pack 3 was an internet update. It said it needed the disc for several dll files that were missing. I had to hit cancel and skip those fixes. Do you think it is necessary to uninstall SP3 and then reinstall it?

Thanks again
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Try running the repair again. When it asks you for your disk, just insert the service pack 1 disk. There may be a copy of the file on that disk.

Seeing that you still had a rootkit on your PC, let's run a few more tools.

Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Re-run roguekiller again.
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 

jmar22LS

New Member
Thread author
Jun 23, 2013
9
It will not accept the SP1 disc, it just says it is the wrong disc and to please enter the right disc.

I have attached the files for the latest TDSS and Roguekiller runs.
 

Attachments

  • TDSSKiller.2.8.16.0_25.06.2013_09.09.40_log.txt
    322.8 KB · Views: 112
  • RKreport[0]_S_06252013_092243.txt
    1.5 KB · Views: 86
  • RKreport[0]_D_06252013_092418.txt
    1.5 KB · Views: 93

Fiery

Level 1
Jan 11, 2011
2,007
Let's do one more scan to be sure you are clean. Also, can you write down the missing file names and the directory?

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 

jmar22LS

New Member
Thread author
Jun 23, 2013
9
Eset scan found two threats:

D:\I386\APPS\APP23880\src\CompaqPresario_Spring06.exe a variant of Win32/AdInstaller application
D:\I386\APPS\APP23880\src\HPPavillion_Spring06.exe a variant of Win32/AdInstaller application
 

jmar22LS

New Member
Thread author
Jun 23, 2013
9
As for the Windows fix,
It says:
Files that are required for Windows to run properly must be copied to the DLL cache.
Insert your Windows XP Service Pack 3 CD now. (it will not accept the XP SP1 disc i have)
1.It does not tell me which files are missing.
2.My choices are Retry – does nothing
More info – which says you need to enter the proper CD.
Cancel – which skips it.
5.These pop up 4 times during the system file check portion (step 3)
 

Fiery

Level 1
Jan 11, 2011
2,007
If your PC is running fine then we won't have to worry about those files. Plus, you don't have a SP3 CD.

How is your PC running? We will clean up if all is good.
 

jmar22LS

New Member
Thread author
Jun 23, 2013
9
It seems to be running fine, I have not had any new problems so far. My firewall has started each time I start my computer and MSE has also been running properly. Thank you for your help. I was wondering if I should clean up all these programs I was installing but wasnt sure exactly how to go about it.

One quastion I have that you may know the answer to is that for a few months now i've been getting pop up boxes when I visit some websites saying that I need to update to a newer version of IE noticed but I know I have the most recent version of IE 8. Is this becasue I'm running it on XP? I know I'll need a new computer soon, but I'm trying to hold off until I absolutely have to because this one (other than the virus) is working fine.
 

Fiery

Level 1
Jan 11, 2011
2,007
On what sites do you get those pop up messages?

If you are no longer experiencing any other issues, your PC is now clean!

Double click on OTL to run it
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
  • This will remove itself and other tools we may have used.




Now that your PC is clean, I recommend you to create a new System Restore point then purge the old ones after.

For XP
How to create a Restore Point in XP
Delete all restore points except the most recent one




Keep your system updated
Keeping your programs (especially Adobe and Java products) updated is essential. Outdated programs make your PC more vulnerable to future malware threats. To help you:
  • Download and install Update Checker. It will notify you if any of your programs require an update.
  • Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office product bugs and vulnerabilities.
  • Please ensure you update your system regularly and have automatic updates on. You can learn how to turn Automatic Updates on here



In addition to your antivirus, you need additional protection such as a firewall and behavioural blocker. However, adding one of these programs may slow down performance. It is for you to decide the trade off between more security and a faster PC.


Other steps that you may want to do to further protect your system/files:
  • Sandboxie - "Quarantines" your browser so anything that you do in it will be isolated from your system.
  • Backup important files regulary to an external hard-drive or USB

Here are only a few suggestions that will improve your system security. Should you wish to allow us to make full recommendations and set your PC up with maximum security, please start a thread here. Our community of PC enthusiasts and experts will give you feedback and help you secure your system from future malware infections.

Should you want to try a product but don't know how it performs, here is a list of current reviews to help you decide.


Internet Explorer may be the most popular browser but it's definitely not the most secure browser. Consider using other browsers with addition add-ons to safeguard your system while browsing the internet.

Firefox is a more secure, faster browser than Internet Explorer. Firefox contains less vulnerabilities, reducing the risk of drive-by downloads. In addition, you can add the following add-ons to increase security.
  • KeyScramber - Encrypts your keystrokes to protect you against keyloggers that steals personal & banking information
  • AdBlock - Disable/blocks advertisements on websites so you won't accidentally click on a malicious ad.
  • NoScript - Disables Flash & Java contents to avoid exploits or drive-by attacks
  • Web of Trust - Shows the website rating by other users and blocks dangerous and poor-rated sites

Google Chrome is another good browser that is faster and more secure than Internet Explorer by having a sandbox feature. Additionally, you can add the following add-on to Chrome to heighten security.


Lastly, it is important to perform system maintenance on a regular basis. Here are a few tools and on-demand scanners that you should keep & use every 1-2 weeks to keep your system healthy.

Other than that, stay safe out there! If you have any other questions or concerns, feel free to ask :)

My virus removal help is always free. Should you wish to show your appreciation via a donation, it will be much appreciated.
 

jmar22LS

New Member
Thread author
Jun 23, 2013
9
Thank you again for all your help. I have been very busy and not had a chance to "clean" off all the tools we used. I guess it is a good thing, because I noticed that my computer has said it was doing windows updates each night for the last three nights when I shut off my computer. Today when I turned my computer on, my Microsoft security essentials is gone again. I immediately began scanning my computer.

Malwarebytes found nothing.

Hitmanpro only found tracking cookies.

Malwarebytes anti root kit = no malware found.

Roguekiller found nothing.

So I tried to reinstall mse and it says it is already installed.

Should I get rid of MSE and just use the other antivirus programs you suggested above?
 

jmar22LS

New Member
Thread author
Jun 23, 2013
9
I'm so sorry, MSE is running, the icon is just missing. I guess everything is still fine, I will follow up with your previous firewall and antimalware suggestions.
Thanks again for all your help!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top