Re: Virus cleanup - fix compromised windows firewall settings

Hi Cloud9Flyer,

First of all, get your AV vendor envolved!
If your box gets reinfected, it means that it is not properly cleaned or that there is still other malware envolved controlling your box.
Inform your AV vendor about the reinfection and provide them with the binary of the virus (if possible).

You can run below online scanners to verify if your box is clean, as said by Leythos, there is never a guarantee that your system is clean after a compromise.

OneCare: http://safety.live.com
Kaspersky: http://www.kaspersky.com/virusscanner
eTrust Antivirus Web Scanner: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Trend Micro HouseCall: http://housecall.trendmicro.com/
Panda ActiveScan: http://www.pandasoftware.com/activescan/com/activescan_principal.htm
McAfee FreeScan: http://us.mcafee.com/root/mfs/default.asp?cid=9914
F-Secure Online Virus Scanner: http://support.f-secure.com/enu/home/ols.shtml

Also, raise a case with Microsoft http://www.microsoft.com/protect/support/default.mspx.

Thanks,
Kurt Sarens [MSFT]
Security Resources online: http://support.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.

This e-mail address does not receive e-mail, but is used for newsgroup postings only.
"Cloud9Flyer" <sean.blaes@xxxxxxxxxx> wrote in message news:1187751401.123992.58790@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 21, 8:10 pm, Leythos <v...@xxxxxxxxxxx> wrote:
In article <1187719486.791080.45...@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
sean.bl...@xxxxxxxxxx says...

> I totally agree, normally. But regretfully we're dealing with a
> horrible ISP that will take weeks to wipe the box. We also have no
> clean area to do a reinstall in because it's remote. Also, it's
> supposed to be behind a firewall, but I just don't think the ISP has
> very strict rules on the firewall.

Why are you using ISP's hardware if they have shown they can't protect
the OS/apps?

Either get your own servers and firewall or find another ISP to host
your applications.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999f...@xxxxxxxxxx (remove 999 for proper email

It's political. The client's CEO and the owner of the ISP are old
drinking buddies. I've tried to get the servers moved, but the boss
won't let it happen.

At any rate, my hands being tied how they are, we're way off-topic. I
would LOVE to move the server to a better ISP, and I would LOVE to
have the machine rebuilt, but I cannot make that happen in any
reasonable amount of time. So, I have to work with the cards I'm
dealt. I don't like it more than anybody else.

Does anybody have any ideas on how to clean this up? I need to get
this port out of the firewall, but I can't figure out where it's
hiding. I deleted a registry entry for windows Firewall, and it now
shows the policy = none when I do the show state, so that's good.
But, that open port is still open and grayed out so I can't modify
it. Does anybody have any idea where this might be hiding.


.

Relevant Pages

  • Re: Virus cleanup - fix compromised windows firewall settings
    ... Inform your AV vendor about the reinfection and provide them with the binary ... horrible ISP that will take weeks to wipe the box. ... very strict rules on the firewall. ... that open port is still open and grayed out so I can't modify ...
    (microsoft.public.windows.server.security)
  • Re: Starting up problem
    ... It contains advice ... It may help speed up your system, but it should be clean ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: question about the new service pack 2
    ... It contains advice ... It may help speed up your system, but it should be clean ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.newusers)
  • Re: Hey
    ... Secure it, clean it, and that way you know you have done what you could... ... It contains advice ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: xp sp2
    ... Can I uninstall or fix this? ... > Windows XP, I suggest you clean up your system first. ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.perform_maintain)