W7 64-bit possible rootkit infection Error Code 0x80070424 on Firewall

Page 2 of 3 FirstFirst 123 LastLast

  1. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #11

    You can try this http://support.microsoft.com/kb/2530126
    Method 3: Start associated services



    To stop and then restart these services by using a batch file, follow these steps:
    1. Click Start, type Notepad in the Search box and then click Notepad in the programs list.
    2. Select the following text, right click the selected text, and then click Copy. Right-click anywhere in the Notepad window, and then click Paste.sc config MpsSvc start= autosc config KeyIso start= autosc config BFE start= autosc config FwcAgent start= autonet stop MpsSvc net start MpsSvc net stop KeyIso net start KeyIsonet start Wlansvcnet start dot3svcnet start EapHostnet net stop BFE net start BFEnet start PolicyAgentnet start MpsSvcnet start IKEEXTnet start DcaSvcnet net stop FwcAgent net start FwcAgent
    3. In Notepad, Click File, click Save As, and then type in the File name box
    4. Click the Save as type box, and then click All Files (*.*).
    5. In the left pane, click Desktop, and then click Save.
    6. On the File menu, click Exit.
    7. On your desktop, right-click the Repair.bat file that you saved in step 5, and then click Run as administrator.

      Important If you are prompted for confirmation to stop a service, press Y on the keyboard, and then press Enter.
    8. Try to start Windows Firewall again. If you can start Windows Firewall, delete the Repair.bat file. To do this, right-click Repair.bat, click Delete, and then click Yes.
    Trojan Win32.Sirefef is a malicious bot trojan family that uses security exploitation to drop other viruses and spyware onto compromised local and network machines. Usually, Win32.Sirefef opens a security backdoor which allows remote attackers access to upload and activate further malware on the system. The Win32.Sirefef trojan may also monitor users browsing activities and transmit sensitive personal information like banking data and passwords to outside hacker websites. Win32.Sirefef is usually distributed through corrupted e-mail attachments, IRC, P2P and social networks. It may also spread via malicious drive-by downloads installed onto hacked or malware websites
    Be sure you change ALL passwords using a known 'clean' machine ... not the infected one.
      My Computer
    Quote Quote

  3. Simcut
    Posts : 40
    Windows 7 Ultimate 64-Bit
    Thread Starter
       New #12

    I tried making the repair.bat but it didnt work, I wasnt able to start Windows Firewall

    Any more suggestions please?

    As for passwords, I just use random passwords with a password generator software, so will just login and generate a new one for everything just to be on the safe side :)
      My Computer
    Quote Quote

  4. Slartybart
    Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       New #13

    Perhaps this:
    Jay Pilarta said:
    Windows 7 Firewall Error 0x8007042c

    Error code 0x8007042c is an error for "The dependency service or group failed to start".
    This will indicate that there may not be a problem with the Windows Firewall Service (MpsSvc) but instead with other Services that it needs so that it can start itself.
    So here are the necessary Services that Windows Firewall needs on Windows 7:
    1. Base Filtering Engine (BFE)
    2. Windows Firewall Authorization Driver (MPSDRV)

    The two services/drivers should be started or running. BFE can be easily seen through the Services Console. But MPSDRV is not visually available in the same console window and instead available only by querying the service in a Command Prompt window.
    Repairing services and drivers can be done via the command line of SFC /SCANNOW on an Elevated Command Prompt.

    If the command did not fix the issue then reinstalling the drivers might be the best way to do it.
    Although to accomplish this will not be an easy feat since both the Base Filtering Engine and Windows Firewall Authorization Driver could not be reinstalled on Windows 7 unless we repair install the Operating System.
    Try running the following commands if SFC /SCANNOW did not resolve the issue with the Windows Firewall:
    1. Open a Command Prompt as Administrator. To do this, type CMD in Start Search from the Start Menu. Right click on the result and choose "Run as Administrator".
    2. Run now the following command lines:
    a. netsh advfirewall reset
    b. net start mpsdrv
    c. net start bfe
    d. net start mpssvc
    e. regsvr32 firewallapi.dll
    3. Confirm any boxes that comes up by clicking OK. The result on the last entry should say that it succeeded.
    Note: If you receive any errors on any of the command lines, then there is definitely something wrong with any of the drivers and service. This may indicate a Registry error or a Corrupted file.
    4. Reboot the system.
      My Computer
    Quote Quote

  6. Simcut
    Posts : 40
    Windows 7 Ultimate 64-Bit
    Thread Starter
       New #14

    Some of those net start commands failed, so it seems like my only choice is to do a repair install, will go ahead with that if you agree that its the best course of action.

    Cheers!
      My Computer
    Quote Quote

  7. Slartybart
    Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       New #15

    @Simcut: Which cmds failed?

    --> edit: Did SFC report anything?

    -->edit: @Jacee: I'm not that familiar with all of the command line utils, but what you posted looked weird and neat. I wondered can you execute all of that on one line? The answer is nope. Between MS and Seven forums - the difference btwn cr/lf - yours and subsequently my own copy / paste joined the lines. I notice the link back to MS before I posted Jay Pilarta's information. anyway, it seems as though the MS information is the better bet - Thanks.
    Last edited by Slartybart; 30 May 2012 at 16:11. Reason: add SFC ? and jacee
      My Computer
    Quote Quote

  8. Slartybart
    Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       New #16

    Sorry, just saw Jacee's post refered to a Ms page.

    Try the batch attached. RepairWinFire.bat

    sc config MpsSvc start= auto
    sc config KeyIso start= auto
    sc config BFE start= auto
    sc config FwcAgent start= auto
    net stop MpsSvc
    net start MpsSvc
    net stop KeyIso
    net start KeyIso
    net start Wlansvc
    net start dot3svc
    net start EapHostnet
    net stop BFE
    net start BFE
    net start PolicyAgent
    net start MpsSvc
    net start IKEEXT
    net start DcaSvcnet
    net stop FwcAgent
    net start FwcAge


    Run in elevated command prompt
    W7 64-bit possible rootkit infection Error Code 0x80070424 on Firewall Attached Files
      My Computer
    Quote Quote

  10. Simcut
    Posts : 40
    Windows 7 Ultimate 64-Bit
    Thread Starter
       New #17

    Hi

    I just tried the RepairWinFire bat and here are the results of it.

    Regards

    Code:
    Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Simon\Desktop>repairwinfire

C:\Users\Simon\Desktop>sc config MpsSvc start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Users\Simon\Desktop>sc config KeyIso start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Users\Simon\Desktop>sc config BFE start= auto
[SC] ChangeServiceConfig SUCCESS

C:\Users\Simon\Desktop>sc config FwcAgent start= auto
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

C:\Users\Simon\Desktop>net stop MpsSvc
The Windows Firewall service is not started.

More help is available by typing NET HELPMSG 3521.

C:\Users\Simon\Desktop>net start MpsSvc
System error 1068 has occurred.

The dependency service or group failed to start.

C:\Users\Simon\Desktop>net stop KeyIso
The following services are dependent on the CNG Key Isolation service.
Stopping the CNG Key Isolation service will also stop these services.

   WLAN AutoConfig
   Wired AutoConfig
   Extensible Authentication Protocol

Do you want to continue this operation? (Y/N) [N]: y
The WLAN AutoConfig service is stopping.
The WLAN AutoConfig service was stopped successfully.

The Wired AutoConfig service is stopping.
The Wired AutoConfig service was stopped successfully.

The Extensible Authentication Protocol service is stopping.
The Extensible Authentication Protocol service was stopped successfully.

The CNG Key Isolation service is stopping.
The CNG Key Isolation service was stopped successfully.

C:\Users\Simon\Desktop>net start KeyIso
The CNG Key Isolation service is starting.
The CNG Key Isolation service was started successfully.

C:\Users\Simon\Desktop>net start Wlansvc
The WLAN AutoConfig service is starting.
The WLAN AutoConfig service was started successfully.

C:\Users\Simon\Desktop>net start dot3svc
The Wired AutoConfig service is starting.
The Wired AutoConfig service was started successfully.

C:\Users\Simon\Desktop>net start EapHostnet
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Users\Simon\Desktop>net stop BFE
The Base Filtering Engine service is not started.

More help is available by typing NET HELPMSG 3521.

C:\Users\Simon\Desktop>net start BFE
The Base Filtering Engine service is starting.
The Base Filtering Engine service could not be started.

A system error has occurred.

System error 5 has occurred.

Access is denied.

C:\Users\Simon\Desktop>net start PolicyAgent
System error 1068 has occurred.

The dependency service or group failed to start.

C:\Users\Simon\Desktop>net start MpsSvc
System error 1068 has occurred.

The dependency service or group failed to start.

C:\Users\Simon\Desktop>net start IKEEXT
System error 1068 has occurred.

The dependency service or group failed to start.

C:\Users\Simon\Desktop>net start DcaSvcnet
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Users\Simon\Desktop>net stop FwcAgent
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Users\Simon\Desktop>net start FwcAgent
The service name is invalid.

More help is available by typing NET HELPMSG 2185.

C:\Users\Simon\Desktop>
      My Computer
    Quote Quote

  11. Slartybart
    Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       New #18

    @simcut: The remainder of method 3 states
    http://support.microsoft.com/kb/2530126 said:
    If you still receive error 0x8007042c when you try to start Windows Firewall, you may want to contact Microsoft Consumer Security Support Center. To do this, go to https://consumersecuritysupport.microsoft.com.
    I'm glad I was able to get the batch file squared away for you, but I think that's about as far as I can help. Other folks around here have more knowledge and experience on the correct command line utils than I do. It may very well end up beinr a repair install, or someone else might suggest the one command that will get you over the hump.

    Last thing from me - have you restarted?

    Good luck. sorry I couldn't help more.
      My Computer
    Quote Quote

  12. karlsnooks
    Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       New #19

    Simcut,

    Under the circumstances, I'm going to recommend what I call a 100% clean install which means:
    1. Backup any data dear to your heart
    2. Use DiskPart and its CLEAN ALL command to write zeroes to each and every byte on your hard disk.
    That will get rid of anything evil on your computer.
    3. Install Win 7 using your Win 7 DVD/usb stick.

    here are a couple of tutorials which will help you.
    Disk - Clean and Clean All with Diskpart Command

    Clean Reinstall - Factory OEM Windows 7

    And immediately after that:
    1. install MSE
    2. update 100% your Win 7
    3. Never use any P2P software, such as BitTorrent, VUZE, µTorrent
    4. Don't visit questionable sites such as porn sites. Use WOT.
      My Computer
    Quote Quote

  13. F5ing
    Posts : 2,171
    Windows 7 Ultimate x64
       New #20

    If you're still having problems starting the firewall check out the following link:

    Error 0x8007042c, cannot start Windows Firewall - Microsoft Answers
      My Computer
    Quote Quote

 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Originally I wanted to turn my Windows firewall off because I heard I can get a better online experience when playing a game, but when I go "turn Windows Firewall on or off" in the Control Panel, it tells me "Windows is not using recommended settings to protect your computer", so I click on " use...
Recently I have decided to check up on my firewall and I noticed an error message 0x80070424 if I try to start it. I have run malwarebytes and Microsoft Security Essential scans and there were no signs of any viruses. I have no idea when this happened, but any information on how to fix this problem...
my computer is window7 ultimate 32 bit. Recently, I just got error code of firewall. I could not change firewall at all. the code error is like this. error code 0x80070424 when I try to change it in Window Normal Start. error code 0x6D9 when I try to change it in Safe Mode. here are the...
I cannot open Firewall, Defender or any security functions within windows without this error message popping up. However, I have run Anti-rootkit utility TDSSKiller as well as Sophos anti-rootkit, but they both say that my machine is clean. I am running Win 7 64 bit. I read this in another...
Ok - I'm trying to fix my friends' computer - Toshiba Satellite L455-S5975 running Windows 7 32-bit Windows firewall is off and I need to "Update Firewall Settings". When I click use recommended settings, I get a message that says it "can't change some of your settings. Error code 0x80070424" I...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 07:10.
Find Us