Firewall ON... Well, "No!"

[Haggis]

Hi Kelly,

I have used SymNRT.exe more than once in this process. In
addition, I have used two other removal tools that Symantec
provided.

Nothing worked...

Thanks for any further thoughts you might have,

do you still have reg entries that you could not remove ? reboot and try to
remove in "safe mode"

also check these for entries that may be reloading the Symantec product

With Windows XP, There are 13+ places that programs can start from and
they are executed in the following order:

Before Logon
1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
2) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

After Logon
3)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
4) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
5) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
6) WIN.INI [Windows] Load
7) WIN.INI [Windows] Run
8) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
9) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
10) C:\Documents and Settings\All Users\Start Menu\Programs\Startup
or %allusersprofile%\Start Menu\Programs\Startup
11) C:\Documents and Settings\Your Name Here\Start Menu\Programs\Startup
or %userprofile%\Start Menu\Programs\Startup
12) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

[Kelly]

Most welcome, Kenneth.

See what info you can gain from here: Start/Run/CMD

Type each of these separately:

netsh firewall show state
netsh firewall show config

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool
http://www.kellys-korner-xp.com/taskbarplus!.htm

 

[Kenneth]

Hi Kelly,

I have used SymNRT.exe more than once in this process. In
addition, I have used two other removal tools that Symantec
provided.

Nothing worked...

Thanks for any further thoughts you might have,

do you still have reg entries that you could not remove ? reboot and try to
remove in "safe mode"

also check these for entries that may be reloading the Symantec product

With Windows XP, There are 13+ places that programs can start from and
they are executed in the following order:

Before Logon
1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
2) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

After Logon
3)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
4) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
5) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
6) WIN.INI [Windows] Load
7) WIN.INI [Windows] Run
8) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
9) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
10) C:\Documents and Settings\All Users\Start Menu\Programs\Startup
or %allusersprofile%\Start Menu\Programs\Startup
11) C:\Documents and Settings\Your Name Here\Start Menu\Programs\Startup
or %userprofile%\Start Menu\Programs\Startup
12) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Howdy,

I just spent a few minutes looking at all of this from Safe
Mode.

Indeed, there were two instances of Symantec in the registry
that I was not able to remove, and when in Safe Mode, they
were deleted properly.

Despite that, and despite checking every location you
suggested with care, the problem remains:

When I go into XP Security Center, it tells me that Norton
Internet Worm Protection is running even though it is not on
my system.

I am truly appreciative of your suggestions, and would be
happy to hear from you again if you have further thoughts
about all this.

All the best,

 

[Kenneth]

Most welcome, Kenneth.

See what info you can gain from here: Start/Run/CMD

Type each of these separately:

netsh firewall show state
netsh firewall show config

Hi Kelly,

Well, this may be getting interesting...

I ran each of the commands with Windows Firewall OFF. So, in
that state, I have no firewall running (because the only
"other" firewall, Norton Internet Worm Protection is a
phantom in that it is not on the system.)

So, that said...

I don't know what I should be looking for, but I did notice
something:



"netsh firewall show state" gives me a ton of stuff that
starts with:

Profile: Standard
Operational Mode: Disable

"netsh firewall show config" gives me several tons of stuff
and starts with:

Operational Mode: Enable

which I found odd...

Can you suggest what I should be looking for in these
listings?

Sincere thanks, as before,

 

[Kelly]

Hi Kenneth,

Quick question, other than the firewall settings stating that it is "on",
are you having any other issues at all? Related to that setting, is what I
am referred to.

--

All the Best,
Kelly (MS-MVP/DTS&XP)

Taskbar Repair Tool
http://www.kellys-korner-xp.com/taskbarplus!.htm

 

[Kenneth]

Hi Kenneth,

Quick question, other than the firewall settings stating that it is "on",
are you having any other issues at all? Related to that setting, is what I
am referred to.

Hi Kelly,

The simple answer is... "I don't know."

Here's what I mean:

Right now, as you know, I have only one software firewall
available on the system: Windows Firewall.

If I turn it OFF, and look in Security Center, I see that I
have a firewall ON, and it is Norton Internet Worm
Protection.

If, instead, I turn the Windows Firewall ON, I see in
Security Center that I may have trouble because I have two
firewalls running.

So the problem is that if I run the Windows Firewall, I do
not know if it is running properly because I get the error I
have described.

Thanks again for all your help,