Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: W7 64-bit possible rootkit infection Error Code 0x80070424 on Firewall

30 May 2012   #11
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You can try this http://support.microsoft.com/kb/2530126
Quote:
Method 3: Start associated services



To stop and then restart these services by using a batch file, follow these steps:
  1. Click Start, type Notepad in the Search box and then click Notepad in the programs list.
  2. Select the following text, right click the selected text, and then click Copy. Right-click anywhere in the Notepad window, and then click Paste.sc config MpsSvc start= autosc config KeyIso start= autosc config BFE start= autosc config FwcAgent start= autonet stop MpsSvc net start MpsSvc net stop KeyIso net start KeyIsonet start Wlansvcnet start dot3svcnet start EapHostnet net stop BFE net start BFEnet start PolicyAgentnet start MpsSvcnet start IKEEXTnet start DcaSvcnet net stop FwcAgent net start FwcAgent
  3. In Notepad, Click File, click Save As, and then type in the File name box
  4. Click the Save as type box, and then click All Files (*.*).
  5. In the left pane, click Desktop, and then click Save.
  6. On the File menu, click Exit.
  7. On your desktop, right-click the Repair.bat file that you saved in step 5, and then click Run as administrator.

    Important If you are prompted for confirmation to stop a service, press Y on the keyboard, and then press Enter.
  8. Try to start Windows Firewall again. If you can start Windows Firewall, delete the Repair.bat file. To do this, right-click Repair.bat, click Delete, and then click Yes.
Quote:
Trojan Win32.Sirefef is a malicious bot trojan family that uses security exploitation to drop other viruses and spyware onto compromised local and network machines. Usually, Win32.Sirefef opens a security backdoor which allows remote attackers access to upload and activate further malware on the system. The Win32.Sirefef trojan may also monitor users browsing activities and transmit sensitive personal information like banking data and passwords to outside hacker websites. Win32.Sirefef is usually distributed through corrupted e-mail attachments, IRC, P2P and social networks. It may also spread via malicious drive-by downloads installed onto hacked or malware websites
Be sure you change ALL passwords using a known 'clean' machine ... not the infected one.


My System SpecsSystem Spec
.
30 May 2012   #12
Simcut

Windows 7 Ultimate 64-Bit
 
 

I tried making the repair.bat but it didnt work, I wasnt able to start Windows Firewall

Any more suggestions please?

As for passwords, I just use random passwords with a password generator software, so will just login and generate a new one for everything just to be on the safe side
My System SpecsSystem Spec
30 May 2012   #13
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Perhaps this:
Quote   Quote: Originally Posted by Jay Pilarta
Windows 7 Firewall Error 0x8007042c

Error code 0x8007042c is an error for "The dependency service or group failed to start".
This will indicate that there may not be a problem with the Windows Firewall Service (MpsSvc) but instead with other Services that it needs so that it can start itself.
So here are the necessary Services that Windows Firewall needs on Windows 7:
1. Base Filtering Engine (BFE)
2. Windows Firewall Authorization Driver (MPSDRV)

The two services/drivers should be started or running. BFE can be easily seen through the Services Console. But MPSDRV is not visually available in the same console window and instead available only by querying the service in a Command Prompt window.
Repairing services and drivers can be done via the command line of SFC /SCANNOW on an Elevated Command Prompt.

If the command did not fix the issue then reinstalling the drivers might be the best way to do it.
Although to accomplish this will not be an easy feat since both the Base Filtering Engine and Windows Firewall Authorization Driver could not be reinstalled on Windows 7 unless we repair install the Operating System.
Try running the following commands if SFC /SCANNOW did not resolve the issue with the Windows Firewall:
1. Open a Command Prompt as Administrator. To do this, type CMD in Start Search from the Start Menu. Right click on the result and choose "Run as Administrator".
2. Run now the following command lines:
a. netsh advfirewall reset
b. net start mpsdrv
c. net start bfe
d. net start mpssvc
e. regsvr32 firewallapi.dll
3. Confirm any boxes that comes up by clicking OK. The result on the last entry should say that it succeeded.
Note: If you receive any errors on any of the command lines, then there is definitely something wrong with any of the drivers and service. This may indicate a Registry error or a Corrupted file.
4. Reboot the system.
My System SpecsSystem Spec
.

30 May 2012   #14
Simcut

Windows 7 Ultimate 64-Bit
 
 

Some of those net start commands failed, so it seems like my only choice is to do a repair install, will go ahead with that if you agree that its the best course of action.

Cheers!
My System SpecsSystem Spec
30 May 2012   #15
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

@Simcut: Which cmds failed?

--> edit: Did SFC report anything?

-->edit: @Jacee: I'm not that familiar with all of the command line utils, but what you posted looked weird and neat. I wondered can you execute all of that on one line? The answer is nope. Between MS and Seven forums - the difference btwn cr/lf - yours and subsequently my own copy / paste joined the lines. I notice the link back to MS before I posted Jay Pilarta's information. anyway, it seems as though the MS information is the better bet - Thanks.
My System SpecsSystem Spec
30 May 2012   #16
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Sorry, just saw Jacee's post refered to a Ms page.

Try the batch attached. RepairWinFire.bat

sc config MpsSvc start= auto
sc config KeyIso start= auto
sc config BFE start= auto
sc config FwcAgent start= auto
net stop MpsSvc
net start MpsSvc
net stop KeyIso
net start KeyIso
net start Wlansvc
net start dot3svc
net start EapHostnet
net stop BFE
net start BFE
net start PolicyAgent
net start MpsSvc
net start IKEEXT
net start DcaSvcnet
net stop FwcAgent
net start FwcAge


Run in elevated command prompt


Attached Files
File Type: bat RepairWinFire.bat (402 Bytes, 217 views)
My System SpecsSystem Spec
30 May 2012   #17
Simcut

Windows 7 Ultimate 64-Bit
 
 

Hi

I just tried the RepairWinFire bat and here are the results of it.

Regards

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Simon\Desktop>repairwinfire

C:\Users\Simon\Desktop>sc config MpsSvc start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Users\Simon\Desktop>sc config KeyIso start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Users\Simon\Desktop>sc config BFE start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Users\Simon\Desktop>sc config FwcAgent start= auto
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Users\Simon\Desktop>net stop MpsSvc
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

C:\Users\Simon\Desktop>net start MpsSvc
System error 1068 has occurred.

The dependency service or group failed to start.

C:\Users\Simon\Desktop>net stop KeyIso
The following services are dependent on the CNG Key Isolation service.
Stopping the CNG Key Isolation service will also stop these services.

   WLAN AutoConfig
   Wired AutoConfig
   Extensible Authentication Protocol

Do you want to continue this operation? (Y/N) [N]: y
The WLAN AutoConfig service is stopping.
The WLAN AutoConfig service was stopped successfully.

The Wired AutoConfig service is stopping.
The Wired AutoConfig service was stopped successfully.

The Extensible Authentication Protocol service is stopping.
The Extensible Authentication Protocol service was stopped successfully.

The CNG Key Isolation service is stopping.
The CNG Key Isolation service was stopped successfully.

C:\Users\Simon\Desktop>net start KeyIso
The CNG Key Isolation service is starting.
The CNG Key Isolation service was started successfully.

C:\Users\Simon\Desktop>net start Wlansvc
The WLAN AutoConfig service is starting.
The WLAN AutoConfig service was started successfully.

C:\Users\Simon\Desktop>net start dot3svc
The Wired AutoConfig service is starting.
The Wired AutoConfig service was started successfully.

C:\Users\Simon\Desktop>net start EapHostnet
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Users\Simon\Desktop>net stop BFE
The Base Filtering Engine service is not started.

More help is available by typing NET HELPMSG 3521.

C:\Users\Simon\Desktop>net start BFE
The Base Filtering Engine service is starting.
The Base Filtering Engine service could not be started.

A system error has occurred.

System error 5 has occurred.

Access is denied.

C:\Users\Simon\Desktop>net start PolicyAgent
System error 1068 has occurred.

The dependency service or group failed to start.

C:\Users\Simon\Desktop>net start MpsSvc
System error 1068 has occurred.

The dependency service or group failed to start.

C:\Users\Simon\Desktop>net start IKEEXT
System error 1068 has occurred.

The dependency service or group failed to start.

C:\Users\Simon\Desktop>net start DcaSvcnet
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Users\Simon\Desktop>net stop FwcAgent
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Users\Simon\Desktop>net start FwcAgent
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Users\Simon\Desktop>
My System SpecsSystem Spec
30 May 2012   #18
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

@simcut: The remainder of method 3 states
Quote   Quote: Originally Posted by http://support.microsoft.com/kb/2530126
If you still receive error 0x8007042c when you try to start Windows Firewall, you may want to contact Microsoft Consumer Security Support Center. To do this, go to https://consumersecuritysupport.microsoft.com.
I'm glad I was able to get the batch file squared away for you, but I think that's about as far as I can help. Other folks around here have more knowledge and experience on the correct command line utils than I do. It may very well end up beinr a repair install, or someone else might suggest the one command that will get you over the hump.

Last thing from me - have you restarted?

Good luck. sorry I couldn't help more.
My System SpecsSystem Spec
30 May 2012   #19
karlsnooks

MS Windows 7 Ultimate SP1 64-bit
 
 

Simcut,

Under the circumstances, I'm going to recommend what I call a 100% clean install which means:
1. Backup any data dear to your heart
2. Use DiskPart and its CLEAN ALL command to write zeroes to each and every byte on your hard disk.
That will get rid of anything evil on your computer.
3. Install Win 7 using your Win 7 DVD/usb stick.

here are a couple of tutorials which will help you.
Disk - Clean and Clean All with Diskpart Command

Clean Reinstall - Factory OEM Windows 7

And immediately after that:
1. install MSE
2. update 100% your Win 7
3. Never use any P2P software, such as BitTorrent, VUZE, µTorrent
4. Don't visit questionable sites such as porn sites. Use WOT.
My System SpecsSystem Spec
30 May 2012   #20
F5ing

Windows 7 Ultimate x64
 
 

If you're still having problems starting the firewall check out the following link:

Error 0x8007042c, cannot start Windows Firewall - Microsoft Answers
My System SpecsSystem Spec
Reply

 W7 64-bit possible rootkit infection Error Code 0x80070424 on Firewall




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Receiving error code: 0x80070424 Windows Firewall can't change some...
Originally I wanted to turn my Windows firewall off because I heard I can get a better online experience when playing a game, but when I go "turn Windows Firewall on or off" in the Control Panel, it tells me "Windows is not using recommended settings to protect your computer", so I click on " use...
System Security
Windows 7 Firewall Error 0x80070424
Recently I have decided to check up on my firewall and I noticed an error message 0x80070424 if I try to start it. I have run malwarebytes and Microsoft Security Essential scans and there were no signs of any viruses. I have no idea when this happened, but any information on how to fix this problem...
System Security
window 7 firewall error code 0x80070424
my computer is window7 ultimate 32 bit. Recently, I just got error code of firewall. I could not change firewall at all. the code error is like this. error code 0x80070424 when I try to change it in Window Normal Start. error code 0x6D9 when I try to change it in Safe Mode. here are the...
System Security
Possible rootkit infection - Error Code 0x80070424 with Windows
I cannot open Firewall, Defender or any security functions within windows without this error message popping up. However, I have run Anti-rootkit utility TDSSKiller as well as Sophos anti-rootkit, but they both say that my machine is clean. I am running Win 7 64 bit. I read this in another...
System Security
Problem with Firewall,error 0x80070424
I cannot control my Firewall. Here is on English!! http://www.zaslike.com/files/ht6ud7w1wdwcz6c2wms.png
System Security
Win7 Firewall won't turn on error code 0x6D9 and error code 0x80070424
Ok - I'm trying to fix my friends' computer - Toshiba Satellite L455-S5975 running Windows 7 32-bit Windows firewall is off and I need to "Update Firewall Settings". When I click use recommended settings, I get a message that says it "can't change some of your settings. Error code 0x80070424" I...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:29.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App