Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Windows Firewall + Defender Services deactivated from system, no hangs


25 Feb 2013   #1

Windows 7 Ultimate x64
 
 
Windows Firewall + Defender Services deactivated from system, no hangs

hi guys,

just last week i noticed that on my win 7 laptop, i could not switch on "network discovery" & "file and printer sharing", after further analysis, windows firewall and windows defender services have gone completely from the services list (services.msc) and that made me wonder that i got some sort of spyware/malware on my system.

after doing a bit of cleaning/fixing, i managed to restore network discovery, file sharing, firewall and defender services, ran a few scans and eventually found a trojan (actually defender found it!!) and another threat in a keygen file i found on my PC and i deleted everything, the PC however has been working perfectly, i never had any BSOD or strange hangs, redirects etc etc.

i ran the sfc /scannow and finished OK although it found a few corrupt files that i couldn't fix in any way, nothing seems to affect the pc in though.

now, since something obviously happened i changed the password of my machine but i was wondering:

- would it be best to format the machine and install Windows 7 fresh?
- is there a list of "dangerous ports" so that i can check if there's still someone listening where they shouldn't?

thanks a lot
gab


My System SpecsSystem Spec
.

25 Feb 2013   #2

Windows 7 Home Premium
 
 

gabriolinari,


Let's see what your system shows with the following short scan...


Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version for your system: 64-bit (button with x64)
Click the applicable dark-blue button to download.
Save to the Desktop.


Close all windows and browsers.
Right-click the downloaded file and select: Run as Administrator


At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished)

Press: SCAN


When done, a report opens on the Desktop: RKreport.txt


Please provide the RKreport.txt (Mode: Scan) in your reply.





~~~~
Also, download Farbar Service Scanner


Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
My System SpecsSystem Spec
25 Feb 2013   #3

Windows 7 Ultimate x64
 
 

hi there,

i have attached the reports, please have a look and thanks a lot for the help! i haven't applied any action, but it seems i have this "Zeroaccess" infection...when you exit RogueKillerX64 he is asking to delete files, shall i go for it?

thanks
gabrio


Attached Files
File Type: txt RKreport[1]_S_02252013_02d2125.txt (3.4 KB, 3 views)
File Type: txt FSS.txt (2.2 KB, 3 views)
My System SpecsSystem Spec
.


25 Feb 2013   #4

Windows 7 Home Premium
 
 

Please run RogueKiller once again:
Wait until Prescan finishes
(The Status box shows: PreScan Finished )

Click on: Delete

Wait until the Status box shows: Deleting Finished

Click on Report and provide the content of the new Rkreport (Mode: Remove) in your reply.
My System SpecsSystem Spec
26 Feb 2013   #5

Windows 7 Ultimate x64
 
 

hi Cottonball,

i had to run another scan to get the "delete" button to work, anyway, please have a look at the 2 files, number 4 is the report after the deletion, then i restarted and ran it again, hence another report, 5. seems clean now!

good idea to change win 7 password again now yeah?

gab


Attached Files
File Type: txt RKreport[4]_D_02262013_02d0813.txt (3.6 KB, 3 views)
File Type: txt RKreport[5]_S_02262013_02d0818.txt (2.7 KB, 2 views)
My System SpecsSystem Spec
26 Feb 2013   #6

Windows 7 Home Premium
 
 

Let's take an additional step...

Please download Malwarebytes Anti-Rootkit:
Malwarebytes : Malwarebytes Anti-Rootkit
Save to the Desktop (easy to find)

Right-click the file and select: Extract here...

Follow ithe Usage instructions on the website from Step 3 to Step 7.
For now, please stop at Step 7.

When the program is done, two reports are created in the mbar folder:
1. system-log.txt
2. mbar-log-2013-02-18 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)

Please provide the mbar-log containing information on what was detected and removed.
My System SpecsSystem Spec
26 Feb 2013   #7

Windows 7 Ultimate x64
 
 

quite shockingly, mbar found something and then cleaned it, then restarted and no more infection...

please see attached files, one is pre infection and one after with the cleaning done..

seriously, do you think that it's safe to run the system moving forward or a good old format would be best? i am thinking we're playing cat and mouse here....

thanks a lot!!!
gabrio


Attached Files
File Type: txt mbar-log-2013-02-26 (15-08-28).txt (2.2 KB, 4 views)
File Type: txt mbar-log-2013-02-26 (16-05-08).txt (1.6 KB, 3 views)
My System SpecsSystem Spec
26 Feb 2013   #8

Windows 7 Home Premium
 
 

gabriolinari,

Have read different opinions on removing, or not removing Rootkits.
There are quite a number of forums that deal with Rootkits on a daily basis, successfully! The option to reformat is always there, but, there seem to be more Users cleaning the computer (with assistance from the forums) than doing a wipe and clean install.

There are tools available to remove Rootkits that do a great job, and experts agree that more than one should be used to confirm removal.

Bottom line appears to be that it is up to you whether to clean the computer, or do a total wipe and clean install.

My goal is to clean the infection using tools that target the issue.


If you wish to proceed, let's do the following...

Please download the latest version of TDSSKiller:
http://support.kaspersky.com/downloa...tdsskiller.exe
Save to the Desktop. <<<---

Right-click the file and select: Run as Administrator

In the TDSSKiller console, click on: Change parameters
Check the box besides: Detect TDLFS file system
Click: OK

Press the button: Start Scan



When the scan is over, the tool outputs a list of detected objects: (Malicious or Suspicious)
  • If suspicious entries are detected, the default action is Skip. Click on: Continue
  • If malicious objects are found, they show in the Scan results.
  • Ensure Cure (default) is selected, then click: Continue > Reboot now to finish the cleaning process.
  • If Cure is not available, select: Skip
  • Please, do not select: Delete
By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system,
normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_22.02.2013_15.31.43_log.txt

Please post the TDSSKiller log in your reply.


If you wish to think this over, or reformat, that is fine also!
My System SpecsSystem Spec
27 Feb 2013   #9

Windows 7 Ultimate x64
 
 

hi Cotton,

once again, thanks for your patience, i just scanned with tdsskiller and reports shows "no threats found" therefore no correction action was presented....attached report..

now it seems all clear, only thing left was few corrupt files that sfc /scannow found which i mentioned at the beginning (but i can live with that if there's no issue), the first one was "iassdo.dll.mui" corrupted, i ran the same on my other desktop pc (same OS) and same error came up, plus seems many users have that error.

i searched a bit and it seemed to be the language pack files C:\Windows\System32\en-US so i tried to replace that folder from the Windows 7 dvd but without success and it seems i cannot reinstall the language pack files either since is the main language of the system.

that being said, i don't have any hangs or weird things and PC is actually fast so we could leave it like it is...

thanks!
gabrio


Attached Files
File Type: txt TDSSKiller.2.8.16.0_27.02.2013_09.10.50_log.txt (142.1 KB, 3 views)
My System SpecsSystem Spec
27 Feb 2013   #10

Windows 7 Home Premium
 
 

gabrio,

On theiassdo.dll.mui issue...


Looked at a few places, and the only success stories found involved a Repair Install of Windows:
Repair Install

Don't know if you want to go that route or not.

On the malware, use the computer for a week or two, and if you experience any problems, come back and we will take it from there.

Good luck, gabrio!
My System SpecsSystem Spec
Reply

 Windows Firewall + Defender Services deactivated from system, no hangs




Thread Tools



Similar help and support threads for2: Windows Firewall + Defender Services deactivated from system, no hangs
Thread Forum
Windows Firewall missing from Services Menu and Error 0x80070424 System Security
Huge issues with Windows Installer, Backup, Firewall and services Performance & Maintenance
Solved Win Defender hangs System Security
Windows Defender services missing?! Software
Windows Firewall and Defender missing files System Security
Are Windows Defender and Firewall good/sufficient? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:20 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33