Windows Firewall

RichH

RichH

Posts: 144   +0
My computer had Sirefef.R virus. Broni helped me to remove it, but Windows Firewall is still broken, and that is preventing my Sonos PC controller app from detecting Sonos hardware player on the network.

Sonos hardware player works fine from its own remote control, and from Sonos desktop controller running on another PC (XP) on the same network. I can ping the hardware player from the broken firewall PC. I have stop/started the Firewall service. I have done a Restore Default in Firewall Settings Advanced Tab and erased all exceptions and created a new exception for Sonos. Even with firewall "turned Off" in GUI and even firewall service stopped the Sonos client can't connect to the hardware. I have removed the app with Revo and reinstalled it, but no change.

The Sonos tech did a remote session on my PC and ran this command:
"C:\Windows\system32\netsh advfirewall reset"
which returned
"An unrecoverable Windows Firewall error (0xd) occured."
Then he recommended I get the firewall repaired.

The original install of Sonos client before the virus worked fine. After the virus hit it started complaining that it couldn't reach any Sonos players and I should check the firewall. After I reset the firewall the Sonos client requested to be unblocked, and unblocking created an exception. So it is getting to the firewall, but not through it.

Thanks for helping me out!
Rich
 
Have you tried running a windows repair of your os.? This virus you had is very bad one. Leaves a mess of problems behind after removed .
 
Agree with Cobalt006(y) , or at least try sfc /scannow from the command prompt (you might need install media), to replace & repair the damged files.
 
I did SFC yesterday with Broni's help. It said "Windows Resource Protection found corrupt files but was unable to fix some of them." It returned 58MB log file. I searched "corrupt" in the log file, found nothing. Don't know how to find out what's corrupt.

I ran it again today, it returned 850KB log. I searched "Cannot repair" and found 4 instances that it could not repair settings.ini for Windows Sidebar.

Do you know how to find the corrupt files looking at CBS.log? Or any other suggestions to repair firewall?
Thanks!
 
I Don't know of any one way to fix the firewall. Can not help you there Sorry. But running a windows repair may take care of your problems. Seems you have quit a few. In the long run you maybe better off ,just backing your personal stuff up. and reinstalling windows. Like I said before. The virus remove from your pc is a very bad one. If not removed quick enough will cause some damage to windows.
 
Thanks Cobalt.
I turned off and disabled the firewall service and rebooted. It's working OK now. Sometimes Winders just needs a good kick in the a**. ;)
Thanks everyone!
Rich
 
Rich, did you review this:
http://www.sonos.com/support/help/3.4/en/Sonos_User_Guide/Chap02_new/Firewall_Information1.htm
Firewall Information
The Sonos Multi-Room Music System is designed to work with existing firewall software. Information for some common firewall software is listed below. If your software firewall is not listed, for the latest firewall information, go to http://faq.sonos.com/firewall.

Microsoft Windows Firewall
1.When installing the Sonos Controller for PC, select Unblock in the Windows Firewall.
2. If the dialog box does not appear, go to Start>Settings>Control Panel.
3.Click Security Center>Windows Firewall.
4.Click the Exceptions tab.
5.Make sure Sonos Controller for PC has a check mark next to it.
6.If you don’t see Sonos Controller for PC and you have already installed the Sonos Controller for PC, click the Add Program button and browse until you find Sonos Controller for PC.
7.Click to highlight, and then click OK.
Click to expand...
======================================
There were 2 deletions in the Combofix log you ran for the Sirefef removal: These processes may mean an infected flash drive was used: I did not see them mentioned:

Q:\AUTORUN.INF
S:\Autorun.inf
Click to expand...
If Drive Q and/or S are removable drives, I suggest you run the following on both:
  • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
 
Bobbye said:
If Drive Q and/or S are removable drives, I suggest you run the following on both:
  • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
Click to expand...
fyi: The Panda USB link provides a great service - - however, at the bottom, it makes a statement which
is not correct:
This is a very useful tool as there is no simple way of disabling the AutoRun feature in Windows.​

see this MS link for enable/disable autorun:

I've done this clear back on XP/Pro and IMO is a great proactive protection for USB inserts
 
Thank you for clarifying that, jobeard. I missed seeing that line. Wouldn't you still encourage the member to use the Panda program also?
 
sure, why not :) However, the important point is disabling WINDOWS-autorun. Making the application to the USB device
is good ONLY for that device; mounting any other (eg a friends) would not provide protection.

Personally, here's what I have done for a USB stick with a/v removal tools I take everywhere;
  • Format as NTFS to create the ACL functionality,
  • take ownership under a personal/admin user id (not the default admin) and set it full control
  • then add <everyone> as read,list,exec
  • now add one root folder (aka dropbox) and give <everyone> full control
  • add a tools directory for the a/v stuff.
This ensures my tools don't get infect and the dropbox allows be to take config files back home.
No other system will have my personal/admin-id so the tools directory stays clean.
My personal PC then can rescan on mount to make sure the dropbox is still clean.
 
I'm hoping Rich is still with us as there were indications of infected removable drives. I couldn't tell what the 2 drives were, but the deletions in his Combofix log almost always indicate infection.

Thank you for the additional information for Autoruns. I know you have always stressed conservative UAC.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Sonos plans to enter four new product categories starting next year
Replies
1
Views
560
Uncle Al
Uncle Al
B
Windows 11 not connecting remotely to server
Replies
0
Views
439
blakhatter
B
H
WINDOWS 10 : Administrator - Elevated Command Prompt
Replies
2
Views
197
Hikermann
H

Latest posts

Back