TechSpot

Virus turned off firewall - nothing is working

By boardrat
Dec 8, 2006
  1. I caught the flu....and I can get it working. I admit I am a novice - Please help. I caught a bug that turned off my firewall and cannot get it removed - internet is intermittent on machine at best.

    Please help.

    thanks
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


    Regards Howard :wave: :wave:


    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. boardrat

    boardrat TS Rookie Topic Starter

    Hijack log

    still working on getting an AVG log...here is my hijack log... I had an error or warning that came up that said something like....ip address does not match, but the warning went away. I followed the directions and ran every program...ran them in safe mode as well. I am still in the same boat....

    where do i go now?

    brad
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    PC MightyMax<This is not nasty, but it`s not a very good reg cleaner and can cause problems.

    Close control panel.

    Click on the processes tab and end process for(if there).

    pcmm.exe
    olgisdg.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [WINDOWS] C:\olgisdg.exe

    O4 - HKLM\..\Run: [PCMMRealtime] C:\Program Files\PC MightyMax\pcmm.exe /R

    O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

    O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

    O16 - DPF: {CAFECAFE-0013-0001-0018-ABCDEFABCDEF} (JInitiator 1.3.1.18) -

    Fix all 018-Protocol entries.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\olgisdg.exe
    C:\Program Files\PC MightyMax<Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log as well as an AVG Antispyware log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. boardrat

    boardrat TS Rookie Topic Starter

    more hijack logs

    Here are my newest hijack logs - and AVG

    I did not find the olgisdg.exe
    PC mighty is gone....

    2 logs, 1 from my run during safe mode
    2nd one is after i rebooted and turned computer on, and changed system restore and files.

    still no firewall....i am hoping i didnt miss something.

    thanks

    brad
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    According to your HJT log, your firewall is working fine.

    Regards Howard :)

    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. boardrat

    boardrat TS Rookie Topic Starter

    windows firewall still off

    my windows firewall is still off....does this mean its running my zone labs now?
    it says:
    due to an unidentified problem, Windows cannot display windows firewall settings.

    i just want to make sure i am somewhat secure now...if Linux had more to offer I would switch
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    When you install a third party firewall it automatically disables Windows firewall. This is beacuse you wouldn`t want more that one firewall active at the same time. Plus Windows firewall is complete crap.

    You should uninstall Zonealarm and post a fresh HJT log. This is because, your Symantec/Norton programme already has it`s own firewall. I can`t see any evidence of Zonealarm running in your HJT log.

    Regards Howard :)

    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. boardrat

    boardrat TS Rookie Topic Starter

    Uninstall and here is new Hijack log

    uninstalled the zone labs....here is my log. But now Im not seeing my symantec, but my AVG is in its place

    thanks

    brad
     
  10. Rik

    Rik Banned Posts: 3,814

    Your HJT log is clean.

    I can see no firewall problems.


    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    You should not be running more than one antivirus programme at the same time. This will slow your system down and can cause conflicts. You need to get rid of either Symantec/Norton or AVG free. Personally, I recommend you get rid of Norton as it`s a real resource hog and isn`t that good anyway.

    Download Zonealarm or Kerio firewall programmes from within this link - http://www.techspot.com/vb/topic58138.html

    Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - http://www.techspot.com/vb/topic57112.html

    Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. boardrat

    boardrat TS Rookie Topic Starter

    internet connection outage

    I am in the process of removing symantec and just using AV and Kerio...however I get about 1 in 100 chances of connecting to the internet. I can see something at the bottom of my screen, it says loading google....

    but then it changes and is really fast and something else shows up, longer and then no internet connection available. I can log on to my wireless with my laptop, and other tower but not this one giving me problems...even when I am dorment I can watch my cpu usage go to 100% - I will run all my virus scan again....

    Thanks for all the help so far!

    brad
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Once you`ve completed getting rid of Norton and ran a full virus scan with AVG. let me know the results.

    Post a fresh HJT log and try and let me know what it is you`re seeing in your system tray.

    Regards Howard :)

    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. boardrat

    boardrat TS Rookie Topic Starter

    Symantec uninstalled, new log

    I uninstalled my Symantec completely, I have Kerio as my firewall....

    Interesting note about my AVG....I have installed this a couple of times, and no matter what it will not let me install the resident shield. This computer I am posting from, I have updated everything here, dumped Sym, added kerio, and AVG and it has the resident shield.

    Here is my Hijack log I ran after I uninstalled Sym, I ran a full system with AVG (after it was updated)....

    Just as a side note....since I installed Kerio my firewall now shows that it is turned on....however since AVG does not have the resident shield, it shows my anti-virus as turned off.

    AVG did detect 1 error

    Boot Sectore of disk c: Reading error

    Still no internet activity....
     
  15. boardrat

    boardrat TS Rookie Topic Starter

    Sorry....

    I forgot to say Thanks for all the time you have spent helping out with this project.....


    Thank you!!!!

    Brad
     
  16. Rik

    Rik Banned Posts: 3,814

    Your HJT log is clean.

    You may want to perform a scandisk just to be on the safe side tho.


    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. boardrat

    boardrat TS Rookie Topic Starter

    processes

    would you mind looking at my processes and see if anything is out of the ordinary?

    I just pulled this, nothing was open or running....
    I didnt know how else to save this....

    Thanks again, I'll try the scandisk too.

    brad
     
  18. Rik

    Rik Banned Posts: 3,814

    It looks fine to me!!:)

    Is your pc behaving itself now or do you still have any concerns??


    This thread is for the use of boardrat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. boardrat

    boardrat TS Rookie Topic Starter

    this is weird...but finally

    You guys are awesome....

    This is weird...but I finally think I got it!
    I unistalled AVG, and AVG spyware because I couldnt get the shield to come on or get installed, nothing I tried worked. So I removed, and installed the other anti-virus from my usb drive (whew glad those were made) and rebooted and it scanned my computer on start up....
    I am not exactly sure what it found, but I deleted it and now I am back online and seem to be doing fine....
    this is parts I picked up
    C:....system Volume information\_restore......win32:startup210 then at the end it said Trojan

    since this was removed I am back online...My firewall is on, my anti-virus is on

    awe....what a relief....you guys are awesome!!!

    Thanks so much for using your knowledge for GOOD and not EVIL!!!!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...