Re: Restoring WindowsXP SP2 Firewall service after malicious software attack
- From: Malke <notreally@xxxxxxxxxxx>
- Date: Wed, 12 Jul 2006 07:28:20 -0700
Polanski24 wrote:
Hello!
My computer (WinXP SP2 fully patched - including yesterdays patches)
was compromised today with brand new attack vector which has done the
following:
1. Disabled built in WinXP firewall
2. Downloaded several trojans
3. Crashed system with bluescreen of death
4. After system reboot several applications were infected with trojans
5. Permanently damaged WinXP firewall by uninstalling its service
6. Damaged internet connection sharing service
This new vector was send to KasperskyLabs and confirmed to be new
malicious software (lab singature [KLAB-1097372]).
I am still trying to recover full system functionality after attack and
have performed several scans with:
1) rootkit detectors,
2) anitvirus software.
3) sfc tool which was used to restore original windows files
Tried to reinstall SP2 as well (orirginal system was SP1) but it did
not help in restoring firewall and internet connection sharing
services.
Anyone have an idea how to restore original firewall/internet
connection services? MS documentation is obviously missing in that area
and I would prefer to avoid system reinstallation or repair
installation.
I don't know why you say there isn't any documentation. There's plenty.
Start here:
Start>Run cmd [enter]
netsh winsock reset catalog [enter]
Follow prompts and reboot.
FIREWALL DEAD, or other network issues -
http://support.microsoft.com/kb/892350
Windows XP Service Pack 2 problems/The Service Pack 2 firewall -
http://www.michna.com/kb/WxSP2.htm#The_Service_Pack_2_firewall
Troubleshooting Windows Firewall in XPSP2 - http://tinyurl.com/3tnkt
MS Firewall Reference Guide -
http://www.microsoft.com/technet/security/topics/networksecurity/firewall.mspx
Windows cannot display Windows Firewall settings error (Ramesh) -
http://windowsxp.mvps.org/sharedaccess.htm
Although if you think you've been rooted and damage is extensive, the
smartest thing to do is to back up your stuff and flatten the system.
http://michaelstevenstech.com/cleanxpinstall.html - Clean Install How-To
http://www.elephantboycomputers.com/page2.html#reinstall_Windows - What you
will need on-hand
Malke
--
MS-MVP Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"
.
- References:
- Prev by Date: Re: looking for a suitable proxy
- Next by Date: Re: HELLO
- Previous by thread: Restoring WindowsXP SP2 Firewall service after malicious software attack
- Next by thread: Re: Restoring WindowsXP SP2 Firewall service after malicious software attack
- Index(es):
Relevant Pages
|
