1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Windows Firewall

By RichH · 11 replies
Jul 27, 2012
Post New Reply
  1. My computer had Sirefef.R virus. Broni helped me to remove it, but Windows Firewall is still broken, and that is preventing my Sonos PC controller app from detecting Sonos hardware player on the network.

    Sonos hardware player works fine from its own remote control, and from Sonos desktop controller running on another PC (XP) on the same network. I can ping the hardware player from the broken firewall PC. I have stop/started the Firewall service. I have done a Restore Default in Firewall Settings Advanced Tab and erased all exceptions and created a new exception for Sonos. Even with firewall "turned Off" in GUI and even firewall service stopped the Sonos client can't connect to the hardware. I have removed the app with Revo and reinstalled it, but no change.

    The Sonos tech did a remote session on my PC and ran this command:
    "C:\Windows\system32\netsh advfirewall reset"
    which returned
    "An unrecoverable Windows Firewall error (0xd) occured."
    Then he recommended I get the firewall repaired.

    The original install of Sonos client before the virus worked fine. After the virus hit it started complaining that it couldn't reach any Sonos players and I should check the firewall. After I reset the firewall the Sonos client requested to be unblocked, and unblocking created an exception. So it is getting to the firewall, but not through it.

    Thanks for helping me out!
  2. Cobalt006

    Cobalt006 TS Evangelist Posts: 1,777   +242

    Have you tried running a windows repair of your os.? This virus you had is very bad one. Leaves a mess of problems behind after removed .
  3. Doctor John

    Doctor John TS Enthusiast Posts: 204   +15

    Agree with Cobalt006(y) , or at least try sfc /scannow from the command prompt (you might need install media), to replace & repair the damged files.
  4. RichH

    RichH TS Booster Topic Starter Posts: 132

    I did SFC yesterday with Broni's help. It said "Windows Resource Protection found corrupt files but was unable to fix some of them." It returned 58MB log file. I searched "corrupt" in the log file, found nothing. Don't know how to find out what's corrupt.

    I ran it again today, it returned 850KB log. I searched "Cannot repair" and found 4 instances that it could not repair settings.ini for Windows Sidebar.

    Do you know how to find the corrupt files looking at CBS.log? Or any other suggestions to repair firewall?
  5. Cobalt006

    Cobalt006 TS Evangelist Posts: 1,777   +242

    I Don't know of any one way to fix the firewall. Can not help you there Sorry. But running a windows repair may take care of your problems. Seems you have quit a few. In the long run you maybe better off ,just backing your personal stuff up. and reinstalling windows. Like I said before. The virus remove from your pc is a very bad one. If not removed quick enough will cause some damage to windows.
  6. RichH

    RichH TS Booster Topic Starter Posts: 132

    Thanks Cobalt.
    I turned off and disabled the firewall service and rebooted. It's working OK now. Sometimes Winders just needs a good kick in the a**. ;)
    Thanks everyone!
  7. Cobalt006

    Cobalt006 TS Evangelist Posts: 1,777   +242

    well I am glad to here that. Goodluck
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Rich, did you review this:
    There were 2 deletions in the Combofix log you ran for the Sirefef removal: These processes may mean an infected flash drive was used: I did not see them mentioned:

    If Drive Q and/or S are removable drives, I suggest you run the following on both:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
  9. jobeard

    jobeard TS Ambassador Posts: 10,432   +801

    fyi: The Panda USB link provides a great service - - however, at the bottom, it makes a statement which
    is not correct:
    This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows.​

    see this MS link for enable/disable autorun:

    I've done this clear back on XP/Pro and IMO is a great proactive protection for USB inserts
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thank you for clarifying that, jobeard. I missed seeing that line. Wouldn't you still encourage the member to use the Panda program also?
  11. jobeard

    jobeard TS Ambassador Posts: 10,432   +801

    sure, why not :) However, the important point is disabling WINDOWS-autorun. Making the application to the USB device
    is good ONLY for that device; mounting any other (eg a friends) would not provide protection.

    Personally, here's what I have done for a USB stick with a/v removal tools I take everywhere;
    • Format as NTFS to create the ACL functionality,
    • take ownership under a personal/admin user id (not the default admin) and set it full control
    • then add <everyone> as read,list,exec
    • now add one root folder (aka dropbox) and give <everyone> full control
    • add a tools directory for the a/v stuff.
    This ensures my tools don't get infect and the dropbox allows be to take config files back home.
    No other system will have my personal/admin-id so the tools directory stays clean.
    My personal PC then can rescan on mount to make sure the dropbox is still clean.
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm hoping Rich is still with us as there were indications of infected removable drives. I couldn't tell what the 2 drives were, but the deletions in his Combofix log almost always indicate infection.

    Thank you for the additional information for Autoruns. I know you have always stressed conservative UAC.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...