Re: firewall disabled by a virus
- From: Malke <notreally@xxxxxxxxxxxxxxx>
- Date: Fri, 20 Jul 2007 06:59:24 -0700
maurizio.tappi@xxxxxxxxx wrote:
Hi you all,
I've a problem with my windows XP SP2 Home edition installed on a
Toshiba satellite S2450-401. The problem is that the windows firewall
get disabled by itself and when I try to activate it by the control
panel it remains deactivated!
Moreover there is a lot of cpu work (I can hear the fan going very
fast) with one of the prcesses svchost.exe that I can see in task
manager.
I attach a log by hijackthis where the file jhapri.dll seems to me
very malicious...
(snip HJT log)
Please don't post HijackThis logs here in the MS newsgroups. HJT logs take a great deal of time and expertise to analyze correctly and you will not get the attention you need here. Instead, post to one of the specialty forums listed below.
You indeed do have a worm. Here are general malware removal steps:
Go through these general malware removal steps systematically - http://www.elephantboycomputers.com/page2.html#Removing_Malware
Include scanning with David Lipman's Multi_AV and follow instructions to do all scans in Safe Mode.
http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://pcdid.com/Multi_AV.htm - download
When all else fails, run HijackThis and post your log in one of the specialty forums listed at the link above (not here, please).
Not all tools used will work in Vista and you will need to run them elevated. Since Vista is so new, it will be a while before removal techniques and tools are developed. If you are unable to remove the infection by following the general steps, register at one of the HijackThis forums as suggested.
Standard caveat: If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a professional computer repair shop (not your local version of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. Have all your data backed up before you take the machine into a shop.
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
.
- References:
- firewall disabled by a virus
- From: maurizio . tappi
- firewall disabled by a virus
- Prev by Date: firewall disabled by a virus
- Next by Date: RE: firewall disabled by a virus
- Previous by thread: firewall disabled by a virus
- Next by thread: RE: firewall disabled by a virus
- Index(es):
Relevant Pages
|
|
