Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Firewall Authorization Driver - not present, not working, etc

02 Sep 2011   #31
boweasel

Windows 7 home premium 64 bit
 
 

Re-ran the full version of MalwareBytes. Re-running Super Anti-Spyware. Will set a restore point after that's finished. Then I guess I'm on my own


My System SpecsSystem Spec
.
02 Sep 2011   #32
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

C:\Windows\Temp\213087.exe a variant of Win32/TrojanDownloader.Delf.QPN trojan cleaned by deleting - quarantined
C:\Windows\Temp\767930.exe a variant of Win32/TrojanDownloader.Delf.QRH trojan

Uggh! ... Trojan.Downloader.Win32.Delf.qrh is a very malicious item that is designed to allow remote access to your computer to largely occupy precious system resource, trace your Internet habits to record/steal your personal information

Print these instructions out so you don't miss a step:

You will need to change all your passwords, using a known 'clean' machine. Do Not use this infected one to do that!

Next, Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as Administrator. Your computer will reboot itself.

Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

This is NOT a Windows problem ... it is a user problem with outdated security! Windows 7 is not infallible to Trojans, viruses and other malware. It's up to the user to pre-arm themselves against such.

After doing the above instructions, you NEED an anti-virus program. Download and install MSE as posted earlier. Once you've done that and updated (run a full scan),
I would like to see a Combofix log.

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.


This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe
My System SpecsSystem Spec
02 Sep 2011   #33
boweasel

Windows 7 home premium 64 bit
 
 

Will do this as soon as Super-Anti-Spyware is finished. I am currently using an old (reliable) XP desktop that hasn't given one-tenth of the problems in 7 years as the Windows 7 has in 17 months.

I do see, however, that you're recommending I run ComboFix. My understanding is that the product does not work with 64 bit versions of Windows, and armed with that knowledge, I'm reluctant to run TFC.

Feedback please!
My System SpecsSystem Spec
.

02 Sep 2011   #34
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Hi Boweasel,

You are extremely lucky to have Jacee helping you with this - she specialises in the malware area, and has been voted a Microsoft MVP in the area of consumer security for the past 5 years. She is one of two or three regulars here that are recognised as professionals in this area, and the fact that she does it in here own free time is a real bonus for us. In all aspects of security, I would follow Jacee's advise without hesitation or question.

Windows 7 wasn't responsible for the malware infection. Stick with Jacee, and she will get you to the end of this.

Regards,
Golden
My System SpecsSystem Spec
02 Sep 2011   #35
boweasel

Windows 7 home premium 64 bit
 
 

Well Super Anti-Spyware finished, found another 55 errors (mostly adware), I removed them and set a restore point. Then, even though you hadn't responded, I downloaded and ran TPC, which prompted me to reboot.

And BTW, since I had to do a restore, Norton is back. or at least the icon and the empty folder. Once again I cannot run the removal tool. If I right click on it and click Troubleshoot Compatibility, say that it worked on Windows XP SP3, apply the settings, and run the pgm, I still get those 2 tasks in taskmgr, but no tangible removal screen. If I click on 'this problem has not been fixed, report it to Microsoft', I get a Troubleshooting has completed box that says Incompatible Application Detected.

Since Norton has apparently not been completely removed because of the restore, I don't know if I can install MSE, but I guess I'll try.
My System SpecsSystem Spec
02 Sep 2011   #36
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

No doubt Norton and Windows firewall was disabled with the Trojan/Malware you have on that machine.

Combofix is not to be used, unless an instructor who knows how to use it, advises so. It will run on Windows 7 64 bit, if you follow my *above instructions*.

If you want to throw in the towel and be on your own, then do so ... otherwise I'm offering free help. It's totally up to you and I'm not *begging* you to do anything you don't want to do.
My System SpecsSystem Spec
02 Sep 2011   #37
boweasel

Windows 7 home premium 64 bit
 
 

Quote   Quote: Originally Posted by Golden View Post
Hi Boweasel,

You are extremely lucky to have Jacee helping you with this - she specialises in the malware area, and has been voted a Microsoft MVP in the area of consumer security for the past 5 years. She is one of two or three regulars here that are recognised as professionals in this area, and the fact that she does it in here own free time is a real bonus for us. In all aspects of security, I would follow Jacee's advise without hesitation or question.
Look, I'm not saying I don't appreciate the help, but...
here's a link to the BleepingComputer article about ComboFix on 64 bit systems
64 bit Vista & 7 - Combofix?

And there's the incompatbility issue with the Norton Removal Tool, the fact that some of the instructions she gave me were obviously for Windows XP, and the Java screen she had me link to did not match her instructions to the point where I just updated it myself in my own way.

So yeah, I appreciate the help, but some of it's been hard to follow, some of it wrong, and yet you want me to blindly follow the advice I'm given. I don't see why questioning things can't do anything but help everybody - even the person offering advice
My System SpecsSystem Spec
02 Sep 2011   #38
boweasel

Windows 7 home premium 64 bit
 
 

I guess I stand corrected, and so does BleepingComputer. ComboFix ran to the end. Here's the log:


Attached Files
File Type: txt ComboFix.txt (20.5 KB, 47 views)
My System SpecsSystem Spec
02 Sep 2011   #39
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You did see this, then ... A guide and tutorial on using ComboFix

I will analyze the log and get back to you when I can. It's Friday night and we need to eat dinner!
My System SpecsSystem Spec
02 Sep 2011   #40
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

boweasel,
There are many "experts" out there. There is much "advice" out there.

You stick with Jaycee. Do what she says and nothing more than what she says and nothing less than what she says.

You will end up with a clean machine.
My System SpecsSystem Spec
Reply

 Windows Firewall Authorization Driver - not present, not working, etc




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows firewall authorization file missing
JACEE please. I've read a bunch on the sevenforums trying to solve this issue but I'm over my head and need professional help. If possible I'd like to have JACEE help solve this. Most posts I've read about solving this issue she has authored. It all started when I tried to turn Windows...
System Security
Help , Windows 7 Firewall not working?!
This is what it does in the picture O:!!!! any ideas guaise! thanks brandon~
System Security
Windows Firewall not working
Hi I have Windows 7 Ultimate x64 and my windows firewall will not work. I just click use recommended settings and it freezes for a while and then does nothing. I have tried Microsoft fix-its, registry fixes, and have been researching and trying methods all day, none have worked. The firewall...
System Security
Windows Firewall won't start (authorization driver problem)
I just removed a fake AV from a Win7 machine, and now the firewall won't start. At first the BFE and firewall weren't showing up in services, found a forum thread fixing it, and they show up. BFE runs but the firewall doesn't; the firewall authorization driver won't start (code 24). All the...
System Security
Windows Firewall Authorization Driver - not present(Code24)
I was recently infected by Win7 Internet Security 2012 and with the help of bleepingcomputer.com I was able to get rid of it. I had Malwarebytes installed, which didn't find the malware after 2 scans, but RKill found it when it terminated it, and, using the Shredder that was installed on my...
Drivers
Windows 7 Firewall not working following removal of Fortinet
OS Version: Microsoft Windows 7 Professional , 64 bit Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, Intel64 Family 6 Model 37 Stepping 2 Processor Count: 4 RAM: 6004 Mb Graphics Card: ATI Mobility Radeon HD 5470 , 1024 Mb Hard Drives: C: Total - 458899 MB, Free - 375346 MB; ...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:37.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App