Re: warning conficker clever- "cleaned" but disabling MS firewalls, et

One way to determine if malicious software is on your machine is to boot
to Safe Mode with networking. If issues aren't present in that "minimal"
mode then your machine still has either the infector or is suffering
artifact
damage from it's removal.
Sometimes after an infection the ONLY way to have a clean setup is to
do a full system load.
Also the virus products you listed aren't as effective as others. I'd do a
full system scan with either Kaspersky or NOD32's online scans.

"engrcharlie" <engrcharlie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A4596682-4142-48EB-AD86-0B84614C1611@xxxxxxxxxxxxxxxx
Hi,
One of my laptops was infected by conficker. I have no idea how, as I
don't
do downloads, careful with email attachments, have a WEP protected home
wireless system, have a firewall and etc. I realize I should have updated
my
XP, so I have repentance of that.
Anyway, I used the microsoft tool for conficker, McAfee, Symantec, AVG,
and
malwarebytes, all of which, with full scans, say the computer is now
clean.

However,
I still can only get on the internet on occasion. Windows Firewall, if
selected "no exceptions" becomes closed and not re-startable after some
time
after restarting computer. Not only this, but if exceptions are allowed,
something is still adding exceptions and checking the boxes. I am also
using
ZoneAlarm firewall, but whatever it is, is somehow capable of either going
around it or adding a "loopback" zone which is "trusted". And yes, on the
rare occasions each day I can get internet to work by some combination of
ending processes or just luck, I do update windows, IE, and each
antivirus,
so this is with the latest any of these antiviruses have come up with.

I have seen nothing which states that conficker is this clever, to
manipulate two firewalls including windows and go completely undetected by
several malware/antivirus programs and tools, and believe it is
underrated--

Any advice on securing windows firewall, and what may be going on here?
If
nothing else- a warning to microsoft that even with the patch and daily
updated antiviruses and firewalls, that this virus, or something, is still
manipulating people's computers...


.

Relevant Pages

  • Re: Firewall Blocking even though its off!
    ... having him boot into Safe Mode with networking to see if the problem goes ... You also can use the command netsh firewall show state to verify ... I can't gain access even though the Windows Firewall is ...
    (microsoft.public.windowsxp.security_admin)
  • warning conficker clever- "cleaned" but disabling MS firewalls, et
    ... One of my laptops was infected by conficker. ... have a firewall and etc. ... so this is with the latest any of these antiviruses have come up with. ... Any advice on securing windows firewall, and what may be going on here? ...
    (microsoft.public.windowsxp.general)
  • Re: Remove Firewall
    ... Did you try booting into Safe Mode with networking to see if that works. ... >> I tend to doubt it is the Windows Firewall if it is disabled. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Fred W - re NOD32 and Online Armor
    ... Comodo has it in their older v2.4 but dropped it in their new v3 firewall that now include HIPS. ... The firewall just got added in version 2 of Online Armor so it will need some fixing or features to get up to speed with other firewalls. ... But they have lots of fixes to make and other more security-related updates to make to their product so they aren't promising when to deliver on parent-child control. ... Online Armor does not load under Safe Mode so even if they protect those registry key then they won't be protected if you reboot into Safe Mode. ...
    (alt.comp.anti-virus)
  • Re: Fred W - re NOD32 and Online Armor
    ... Comodo has it in their older v2.4 but dropped it in their new v3 firewall that now include HIPS. ... The firewall just got added in version 2 of Online Armor so it will need some fixing or features to get up to speed with other firewalls. ... But they have lots of fixes to make and other more security-related updates to make to their product so they aren't promising when to deliver on parent-child control. ... Online Armor does not load under Safe Mode so even if they protect those registry key then they won't be protected if you reboot into Safe Mode. ...
    (alt.comp.anti-virus)
Loading