Firewall ICF appears to be enable, but not! (also posted in EZNewsgroups)

[Guest]

I have XP Home, and ICF enabled. Today I've received a Virus Alarm from norton AV. NAV eliminated the file, then, a few minutes later, another Virus Alarm (a peer to peer virus). So, I decided to see what was registered in pfirewall.log. Surprise! there is not register since Feb19th, just the date when I changed my ADSL provider. Mi ICF appears to be on, but it is obvious that it is off. I confirmed that pinging my IP from other location: my ICF is not enabled, although it appears to be OK

I would like to know the following

1) Should I to change some ICF's paramethers since I changed ADSL provider? How? or
2) if is there any actualization for this ICF (I've just seen a download for a "IPv6 Internet Connection Firewall SDK", but I'm not sure if that firewall is compatible with my system
3) Should I had to restore the whole XP to repair that problem
4) Could be recomendable to forget that ICF and download zonealarm

Thanks a lot in advance. The attacks to my address today has been continuous and I'm very scare, because is a new virus and I could not find enough information on it.

 

[Rehan]

Look in your Network Connections, how many connections are there? Make sure
that the ICF is enabled for all connections.

Assuming you are working on the correct Connection in your Network
Connections:

First, disable ICF, reboot, and re-enable ICF. Now remove all network
connections. Reboot. Make sure no network is present (by trying to browse
etc). Re-create the network for your new ADSL connection. Enable ICF.

hope this works

Rehan

I have XP Home, and ICF enabled. Today I've received a Virus Alarm from

norton AV. NAV eliminated the file, then, a few minutes later, another Virus
Alarm (a peer to peer virus). So, I decided to see what was registered in
pfirewall.log. Surprise! there is not register since Feb19th, just the date
when I changed my ADSL provider. Mi ICF appears to be on, but it is obvious
that it is off. I confirmed that pinging my IP from other location: my ICF
is not enabled, although it appears to be OK.

I would like to know the following:

1) Should I to change some ICF's paramethers since I changed ADSL provider? How? or
2) if is there any actualization for this ICF (I've just seen a download

for a "IPv6 Internet Connection Firewall SDK", but I'm not sure if that
firewall is compatible with my system)

3) Should I had to restore the whole XP to repair that problem.
4) Could be recomendable to forget that ICF and download zonealarm?

Thanks a lot in advance. The attacks to my address today has been

continuous and I'm very scare, because is a new virus and I could not find
enough information on it.

 

[Doug Knox MS-MVP]

If you received a virus warning from Norton, it was likely something you downloaded, not that got through your firewall. If you want to test your firewall, see https://grc.com/x/ne.dll?bh0bkyd2 for some quick, simple tests to see what ports, if any, on your system are open and vulnerable to attack.

 

[Guest]

I checked it in Symantec, and results were a total disaster: "AT RISK!" on Hacker Exposure Check (4 open ports), Windows Vulnerability Check (it showed my user name, machine number, etc) and Trojan Horse Check (3 open ports). The ICF was "enable" at the moment of test. Simmilar results were showed in test suggested by Doug Knox.

I have to point out that ICF shows "enabled" over the same connection that I am currently using.

In addition, I must say that twice NAV alerts of virus were displayed yesterday at the very beggining of my session, i.e, I did not download nothing at all that could justify the virus (Outlook is disabled too, and Im not user of Kazaa, etc). By the way, virus is W32.HLLW.Rirc, which is listed in NAV site but there is no additional information.

So, I guess I will follow Rehan advice first (maybe ICF is now configurated with parameters from the former ADSL provider, who knows...). If those procedures don't work, I will disable ICF and then, I will install Zonealarm...what do you think about the "blue print"?

I'm not enough fluent in English, and as I am obviously not an expert in computer things, I REALLY THANK your advice (John, Doug and Rehan).

Anyway, I think it is very weird (?) that ICF doesn't work, albeit it displays a message showing is enable. Thanks to this anonymous hacker I could realize that ICF was not working. If no intromission ocurred, I had never known that, because with my former provider ICF had a huge log report....but since I installed this new connection, there is nothing, no events at all (in fact, last modification of pfirewall.log was ten days ago)

Thank you again! if you have any other comment, PLEASE do it

Susanita

(I made a mistake posting the original message twice, sorry about it, but as I received different answers in each post, I will send this answer twice too, sorry again for spam the board)