Re: Win Firewall off briefly
- From: "Twayne" <nobody@xxxxxxxxxxx>
- Date: Sat, 19 Dec 2009 17:25:16 -0500
In news:AE0A70DD-3204-4DAE-B1A5-DCB6714E13B2@xxxxxxxxxxxxx,
Evan Weiner <EvanWeiner@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Win firewall is on all the time except for the brief off-on periods
when it happens by itself.
Sorry to be so wordy, but this may be the last I can try to assist you becuase from what I've read in your post, you are dismally protected from malware due to the way you use the computer and a lack of facilities to keep Security levels in place. I'm pretty much convinced you are the victim of malware (wish I was wrong, but don't think so) and even worse. Your being an online gamer with the minimal protection you have in place almost guarantees you are infected, possibly by multiple sources, whether your scanners are finding them or not. I can even see the possibility now that the off/on of the firewall could be a game controlling the firewall and exposing one or several or all ports to the public. Who knows how many things are being controlled by malware.
In the end I think, and seldom recommend this, that a full return to factory-delivered setup is the only sure way to get things working again. And since it's a media center machine, only recover it using the mfr's instructions or you could lose the media center features.
OK, that said:
I'm going to have to vote for malware I'm afraid, with more confidence than I had before now. It's too bad you didn't run the other spyware programs suggested or at least additional ones because in the spyware world, no single program catches everything; each have their otwn strengths in discovering malware.
I can think of NO setting or legitimate way to cycle the XP firewall off/on randomly as you describe. That fact that it does so leads me to believe you are already infected with something and part of it is a downloader: It's grabbed the firewall and is pulling in more pieces of most likely more malware each time that "off" cycle occurs.
In the event it stops happening, do NOT feel comfortable! It might stop simply because it has finished assembling whatever nefarious programs it wants to assemble. Not to scare you, but my research yesterday indicated that you -might- (not does) have some sort of infection that is about to turn your machine into a zombie ( http://en.wikipedia.org/wiki/Zombie_computer ) . These days they assemble viruses/trojans in small pieces to prevent users from noticing them so easily. If/when your ISP should notice zombie activity on your account (spamming usually, unbeknownst to you), your account will usually be just closed until you clean up your machine and get rid of it. Or, you could already be zombied and the short off periods are to collect further instructions from whoever placed the malware there.
I'm guessing at your level of expertise, but I suspect it might be more expedient and easier for you to do a backup of ALL your data and completely rebuild your C boot drive. Now that I know it's a media center machine, be CERTAIN to follow the machine recovery instructions provided by HP or you'll lose the media center capabilities. It's not a must to have the media center parts installed as everything media center can do can still be done without it, but when you don't know how to do that, the media center you've already learned can be pretty valuable.
Since the recovery is on a hidden partition, issue the command to initiate that method of recovery. If it's on the hard drive there will be a key sequence to make it start; CTRL-F12 or something like that; your computer documentation will tell you.
No other firewalls. Considering another just to see what happens.
Perhaps after you've fixed things that would be a good idea but right now you are probably already infected and a new firewall won't stop anything for long and might add complexity to your current efforts. Save firewall research for after you have this current issue worked out.
FYI, ZoneAlarm and Norton AV each say to uninstall the other in order to use them so they aren't compatible. Others work well though. Some people get them to live together, others do not.
HP support said SP3 will render my HP Pavillion/AMD unstable. Tried
installing SP3 before that & failed. Considering trying it again.
Go to the MS support web stie and get the instructions and preps and requirements for installing SP3. Your computer IS covered in those articles!!
I don't have the KB handy but Microsoft Support has instructions on how to manage this, I'm pretty sure. It's in one of the prerequisites to installing SP3 articles. My sister has the same machine you do and works fine with SP3. But, she visited MS and used the instructions they provided. That tech seems to be a bit behind the times.
There's always Restore or reformat. I'm gun-shy with the reformat
having done it with Win 98 on an older machine and seeing no
improvement.
Bad way to judge things. Fixing the keyboard won't fix a printer<g>. The most certain way to be sure there are no viruses, trojans, worms, etc., and no file corruption plus no missing files is to do a clean install of the operating system. If nothing else it almost always results in a faster machine and in this case I think it may be the only viable solution you have available to you. It even prevents the situation where some tiny piece of code sits somewhere that is able to rebuild the malware and have it show up again days or weeks later.
If you discover malware after a clean install, then you can be sure that it was you or some other user that brought it in. When you get the opportunity, simply be sure to delete/recreate partitions. Most on-disk restoration does that for you.
Installing Win updates on notification, usually same day. Ditto HP,
Java. Firefox 3.5.6 beta seems to update itself. HP updates
periodically.
FF BETA? Uninstall it for the rest of your troubleshooting efforts, and see what happens. BETA software as you probably know can still be buggy and make strange things happen! When you have a problem, never allow BETA software to be installed; it may be running a lot of background tasks you're not aware of!
Killing offf BETA ware should be the first thing one does when problems arise. They're easy enough to reinstall later on and might be the root cause of the problems. Get rid of it until this is fixed.
Semantec AV 10.1 in place with Auto-protect enabled.
I assume that's Norton 2010? I don't see it off hand on the products page.
Whenever you need to test anything with auto-protect disabled be ABSOLUTELY CERTAIN you disconnect from the internet!! It only takes a split second for a drive-by to discover the opened ports and to dive into your innards; and bingo, you're infected. Never, ever allow a connection without AV running; it's more important than firewall or even spyware detectors, though not a lot of difference in importance.
Online games and unsafe surfing are another way to unintentionally download malware. http://www.claymania.com/safe-hex.html
If you're a GAMER, you are very poorly set up to protect yourself. Infections and malware are simply a way of life for gamers who fiddle with new games and try out different games online. Almost any online game you run opens ports to the public, making all kinds of accesses into your machine possible. I'm a little surprised your current MWB and AV didn't find a few, at least, problems. Also be sure to do full, deep scans when you run scanners.
The keyword there is online. Games that don't connect to the internet aren't usually problems but that said I've never seen one that didn't report home somehow even if just to supposedly record high scores. I have my modem on a switch and always kill it whenever I'm playing games or the like. If that stops the game from running, then it also stops the game from living on my computer<g>. Obviously I'm not a gamer.
No router or gateway. Have Verizon DSL.
So; you're directly connected to the phone lines? There is no box of any kind between your machine and the phone line? It'll work, but I'm real curious why you didn't use the Verizon-supplied gateway or router? Most of them have NAT http://www.farpost.com/glossary/nat.php , which provides an additional layer of firewall protection. Not enough protection, but still a lot.
Will try net disconnect, firewall off, restart, firewall on, restart
after current wait/test.
SAV, Defender, Malwarebyte all up-to-date. Full scans periodically
after firewall off-on behavior started.
Try some additional spyware detectors as I mentioned before and see if they find anything. If you're not sure of the reputation of a scanner, just ask here. There are a LOT of junk and malware ones out there.
It's entirely possible that, even if these scanners do find something now, however, that they will not completely clean the machine. A lot of times a machine may appear to have been cleaned, but there will still be something stashed away somewhere that allows the malware to rebuild and reinstall itself. But then again, maybe not too.
Sfwr: Office 2003 (getting updates), Mathcad, emptemp2, FS9, Acronis
bkup, Skype, Firefox 3.5.6 (beta), IE7
ACRONIS!! Good! Copy your most recent image to DVDs so no matter what you can always get back to this current point, even though it has a problem.
Then start working your way backwards re-imaging the drive with older and older images (assuming you have them) until the problem disappears! Then go ONE MORE image back to the preceding day, and if that's still clean you MIGHT have a point, though out of date, that you can manually rebuild and get back a working machine.
You might not have enough images, depending, to get back far enough in time; it seems like somewhere you said this was a long-suffering problem? IMO it's worth taking a look at though if you have the old data available. I create DVDs of my Ghost images every seconc month just for this kind of use. It's a pain to do but it paid off for me once, making it all worthwhile.
Current testing is disabling startup stuff: DISC processes associated
with XP Win Media Center game tryouts (DISCover, DiscUpdateMgr,
MyFTP), jqs (Java Quick Start), Win Defender scheduled & real-time
scans. All proved negative except Defender which hasn't been tested
long enough (at least 1 hr).
Not sure I understand all that, but now it's known to be a media center machine. ONLY REINSTALL per the instructions provided for your machine or you'll lose the media center capabilities. This is a case where, much as I hate them, the on-disk hidden recovery partition is an advantage! Assuming it hasn't been damaged, which would be pretty unlikely.
See Security Flaws at: http://en.wikipedia.org/wiki/Skype_security
http://share.skype.com/sites/security/2009/09/a_little_bit_about_trojanpesky.html
Twayne
"Twayne" wrote:
In news:975E360D-0E3C-4D21-A758-00AECE8233C9@xxxxxxxxxxxxx,
Evan Weiner <EvanWeiner@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
XP Win Firewall-off balloon comes up every hour or so Verified
firewall off when balloon shows and on when it goes away 10-20 sec
later. Annoying. How to track this down? Replace it? Have
disabled a few msconfig startup items - slow & unsuccessful.
Win XP SP2 (HP Pavillion) MCE
Symantec AV, no firewall, Auto-protect on.
Malwarebyte
Win Defender, considering turning off real-time protection
You say above no firewall, but above that you say the firewall is
turning off/on by itself. Do you have the firewall on or not?
Do you have a firewall other than the XP firewall installed? If so,
you need to turn OFF the XP firewall.
Any particular reason why you aren't at SP3?
Are you allowing updates to be installed each week or whenever
they come out? If you aren't allowing updates then all bets are off
and you might as well start over again from scratch. Never access
the 'net without AV and firewall in place first. It may only take a
split second for a drive-by to discover your machine and infect it
with some sort of malware. A lot of malware these days then opens
you up to receiving even more by inviting it in.
Are you by any chance behind a router or gateway with NAT services?
If so that will help the situation until whatevr is wrong gets
figured out and it is a firewall too, of sorts.
Although the firewall may be the less imortant of the protections,
the fact that it's turning off and on apparently on its own is IMO
likely to be a sign of some sort of malware infection.
Have you tried disconnecting from the 'net, turning the win
firewall off, doing a Restart, turn it back on, and do another
Restart? Kind of a straw-grab but I know of another situation where
that straightened it out.
Is your AV and malwarebyte up to date? Have you run it and AV in
full scan modes? If so and they've found no problems, you might
want to also download, update and run full scans with Spybot Search
& Destroy and Adaware or two others if you have favorites you want
to use.
Then if there is still a problem, come on back with the details
of the tests so far and list them. Include the names and versions
of each program you run along with whether it found any problems or
not, and be sure to have checked for updates before running each
one, even if you've just downloaded it. Very often downloaded
programs still need to be updated after installation.
Good luck,
Twayne`
--
Live in the moment;
be open to the possibilities
that life has to offer.
.
--
--
Live in the moment;
be open to the possibilities
that life has to offer.
.
- References:
- Win Firewall off briefly
- From: Evan Weiner
- Re: Win Firewall off briefly
- From: Twayne
- Re: Win Firewall off briefly
- From: Evan Weiner
- Win Firewall off briefly
- Prev by Date: programs multi opening
- Next by Date: HOW TO?
- Previous by thread: Re: Win Firewall off briefly
- Next by thread: Re: Win Firewall off briefly
- Index(es):
Relevant Pages
|
