O.T. - Temporary firewall problem at boot up:

[magineer02]

I have a Dell Dimension 8200(Seagate Barracuda 7200 160Gb Hd)
with XP, SP3, Spywareblaster, CcCleaner, Avast and Windows firewall.

I have a recent log-on on problem; the last 3 times when the computer
logs on I get a red shield and a message that my computer may be at
risk. When I check, my firewall is turned off then it automatically
resets itself and it's back to normal.

Thoughts/ Suggestions?

Thanks,
Robert

 

[magineer02]

OK, I need to re-state the computer problem; when
I logon everything is fine but when I click Firefox
to logon the internet that's when I get the message
that my computer might be at risk and the firewall
turns off/on.

Robert

 

[magineer02]

In answer to Paul's question there is no network icon.

Also, I went to check my firewall settings under
Control Panel and Firefox is not listed under the
exceptions tab.


Thoughts/Suggestions,
Robert

 

[Paul]

In answer to Paul's question there is no network icon.

Also, I went to check my firewall settings under
Control Panel and Firefox is not listed under the
exceptions tab.


Thoughts/Suggestions,
Robert

It doesn't sound like this one, covers enough causes.

http://support.microsoft.com/mats/windows_firewall_diagnostic/en-us

I know little to nothing about the firewall, and we need
someone else to throw in some comments.

1) A third-party firewall can disable the built-in Firewall (unlikely).
2) AV software can meddle with the running state of the firewall.
Such as quarantine a file that should not be quarantined.
3) Malware can change the firewall.

The above diagnostic only considers the "tame" things,
such as the service not being in the right state or whatever.
Or the rules needing to be reset to defaults, so stuff
like browsers can be made to work again.

*******

If it was me, about the only thing I could do at this
point (while waiting for more suggestions), is to check
the Event Viewer. That's the control panel under
Administrative Tools. See if the Firewall is leaving
any informative messages. If we had an error number,
things might go a bit faster.

I tried looking through my own Event Viewer, by using
the Action to Save As a text file, and using Notepad,
I can't see anything in the various logs that is Firewall
related. So mine didn't leave any traces to work with.

Paul

 

[magineer02]

Hello Paul,

I tried running the link but it said I do not have the correct
permission to run the program even though I entered my admin.
password.

I checked the event viewer and this is what it gave me:

Summary of administrative events

Event Type Last Hour 24 hours 7 days
critical 0 0 0
error 188 7,274 27,639
warning 2 9 117
information 983 33,164 70,586


Under Log Summary I found these were disabled.

Cisco-EAP-FAST/Debug
Cisco-EAP-LEAP/Debug
Cisco-EAP-PEAP/Debug
Forwarded Events
Microsoft-Windows-Application Server-Applications/Admin
Microsoft-Windows-Application Server-Applications/Operational
Microsoft-Windows-Biometrics/operational
Microsoft-Windows-Bits-client/analytic
Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
CertPolEng/Operation log
Microsoft Windows-DHCP ClientEvents\Operational
Microsoft Windows-DHCPNap/Admin
Microsoft Windows-DHCPNap/Operational
Microsoft Windows-DHCP Client Events/Operational
Microsoft Windows-DisplayColorCaliabration/operational
Microsoft Windows-DNS Client Events/Operationa
Microsoft Windows-HttpService/Http Service Channel
Microsoft Windows-MSPaint/Admin
Microsoft Windows-NDIs/Operational
Microsoft Windows-PrintService/Operational
IdentityLister/Operation log
Microsoft Windows-Service Reporting API/Debug
Microsoft Windows- StickyNotes/Admin
Microsoft Windows-TaskScheduler/Operational
NDF/Diagnostic
Microsoft Windows-Windows Firewall with Advance Security/FirewallVerbose
Microsoft Windows-WindowsColorSystem/Operational
Microsoft Windows-Winscok Network Event/Operational
Microsoft Windows

Thoughts/Suggestions
Robert

 

[Paul]

Hello Paul,

I tried running the link but it said I do not have the correct
permission to run the program even though I entered my admin.
password.

I checked the event viewer and this is what it gave me:

Summary of administrative events

Event Type Last Hour 24 hours 7 days
critical 0 0 0
error 188 7,274 27,639
warning 2 9 117
information 983 33,164 70,586


Under Log Summary I found these were disabled.

Cisco-EAP-FAST/Debug
Cisco-EAP-LEAP/Debug
Cisco-EAP-PEAP/Debug
Forwarded Events
Microsoft-Windows-Application Server-Applications/Admin
Microsoft-Windows-Application Server-Applications/Operational
Microsoft-Windows-Biometrics/operational
Microsoft-Windows-Bits-client/analytic
Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational
CertPolEng/Operation log
Microsoft Windows-DHCP ClientEvents\Operational
Microsoft Windows-DHCPNap/Admin
Microsoft Windows-DHCPNap/Operational
Microsoft Windows-DHCP Client Events/Operational
Microsoft Windows-DisplayColorCaliabration/operational
Microsoft Windows-DNS Client Events/Operationa
Microsoft Windows-HttpService/Http Service Channel
Microsoft Windows-MSPaint/Admin
Microsoft Windows-NDIs/Operational
Microsoft Windows-PrintService/Operational
IdentityLister/Operation log
Microsoft Windows-Service Reporting API/Debug
Microsoft Windows- StickyNotes/Admin
Microsoft Windows-TaskScheduler/Operational
NDF/Diagnostic
Microsoft Windows-Windows Firewall with Advance Security/FirewallVerbose
Microsoft Windows-WindowsColorSystem/Operational
Microsoft Windows-Winscok Network Event/Operational
Microsoft Windows

Thoughts/Suggestions
Robert

There's one near the end of the list.

"Windows Firewall with Advance Security"

Just because there's an entry, doesn't mean we get "paydirt".
It's a place to look, until someone comes up with a better idea.

When services start up, they leave messages, and those
aren't too interesting.

If there's an error number, post it.

Paul

 

[magineer02]

sorry Paul, I did this on my 8500 without thinking,
I'll have to redo it for the 8200, sorry.

Robert

 

[magineer02]

Hello Paul,

I went back to the 8200 event Viewer and this is what I found:

Under Application:

There are (2) errors (no number) for Application Hang
There are (3) errors (no number) for Windows Search Service
There are (3) errors for .Net Runtime Optimization Service
and a fair number of yellow triangles with exclamation point)

under system

There are (15) errors (no number) for Dhcp
There are (103) errors (no number) for Windows Service Control Manager
there are (3) errors (no number)for DCOM


Robert

 

[magineer02]

Hello Paul,



I went back to the 8200 event Viewer and this is what I found:



Under Application:



There are (2) errors (no number) for Application Hang

There are (3) errors (no number) for Windows Search Service

There are (3) errors for .Net Runtime Optimization Service

and a fair number of yellow triangles with exclamation point)



under system



There are (15) errors (no number) for Dhcp

There are (103) errors (no number) for Windows Service Control Manager

there are (3) errors (no number)for DCOM





Robert

Paul,

Since there are no error numbers to go by is it
possible that this will resolve itself with the
next update?

The only program I added recently was CcCleaner.

Thoughts/suggestions,
Robert

 

[Paul]

Paul,

Since there are no error numbers to go by is it
possible that this will resolve itself with the
next update?

The only program I added recently was CcCleaner.

Thoughts/suggestions,
Robert

Googling shows, CCleaner had problems with Firewalls,
around 2009. But this is four years later, so those
problems would be fixed.

One thread I read, suggested going to the Firewall Control Panel.
If you can't find it, try Start : Run : firewall.cpl

The Advanced tab on the right, has at the bottom,
a "Default Settings" area. To the right is a
"Restore Defaults", which I presume, puts the
allow and deny rules back to what they were
in the beginning. If you had done any customizations,
those would be lost.

*******

In Command Prompt...

http://answers.microsoft.com/en-us/...s-xp-sp3/1e829738-9bd2-4f5d-95b4-467d3945930a

Netsh firewall reset
firewall.cpl (then click to turn it on)

The "netsh firewall" has a bunch of things it can do,
like add rules to the firewall. The examples on the left
side of the items here, show the syntax for WinXP.

http://support.microsoft.com/kb/947709

And this page says essentially, all that the "reset" does,
is the same as the "Restore Defaults" button.

http://technet.microsoft.com/en-us/library/cc771046(v=ws.10).aspx#bkmk_reset

As I read it, "Netsh firewall reset" won't do anything
more than the button in the Firewall control panel.

*******

In the same thread...

http://answers.microsoft.com/en-us/...s-xp-sp3/1e829738-9bd2-4f5d-95b4-467d3945930a

the reply by "GUARDIANG7" shows how to do the "nuclear
option". I.e. Reinstall the firewall. I'm not convinced though,
that the nuclear option will solve anything. My suspicion
is, something else in your environment is doing this,
and not the Microsoft firewall code itself. Malware
can tip over the firewall, but I don't suspect malware
in this case, because you report no other "interesting"
symptoms. We already discussed the .NET code problem,
and we don't think it's that either. What else is left ?

You can try the GUARDIANG7 suggestion, if you do a backup
first. As then, you can put your system back later, if
there is trouble.

If you're going to do your own maintenance on the computer
(in the same way that I fumble around here), you need to
at least become very fluent with some kind of backup/restore
method. You can test your prowess with the backup/restore
stuff, by making a fake data partition, and checking whether
you can put it back or not. I.e. Pretend you had an accident,
the fake data partition is deleted, and now you're relying
on your restore software to put it back.
Once you're more comfortable with doing that sort of
thing (like a "fire drill"), you'll be better
prepared for experiments like the GUARDIANG7 one.
Confident you can put your C: back together, using
a backup you made five minutes ago.

One reason I keep my C: partition so small, is so I
can run a backup quickly. It's only 20GB and takes
maybe ten minutes to back up. And then I can
"go nuts with the commands"

Paul

 

[Buffalo]

wrote in message

Paul,

Since there are no error numbers to go by is it
possible that this will resolve itself with the
next update?

The only program I added recently was CcCleaner.

Thoughts/suggestions,
Robert

If you used the Registry cleaner part in CCleaner and saved the 'registries
to be removed', restore them and see if it helps. If you didn't use the
Registry cleaner in CCleaner, disregard.
Always use the 'save' if you dare to use the Registry cleaner function. Many
feel that cleaning the Registry is a waste of time and can cause serious
problems
CCleaner is an excellent program IMHO, but beware of the Registry cleaner
part.

 

[magineer02]

I reset the firewall default settings
just to make sure but it did nothing.

I then opened a command prompt and typed
Netsh firewall reset and it came back
with ok. Then typed firewall.cpl but
the firewall was already connected.

I can't do a backup because I have no
backup software. The most I can do at
this point is a System Restore. In fact,
before all this started I was about to
start a post on free back-up program
recommendations(CNET)because I thought
I had gotten the 8200 to the point where
it was good to go. (sigh)

Your getting over my head with making
fake partitions etc.

@Buffalo regarding CcCleaner I have not
gone into the registry, nor plan to.

Robert

 

[Buffalo]

wrote in message

I reset the firewall default settings
just to make sure but it did nothing.

I then opened a command prompt and typed
Netsh firewall reset and it came back
with ok. Then typed firewall.cpl but
the firewall was already connected.

I can't do a backup because I have no
backup software. The most I can do at
this point is a System Restore. In fact,
before all this started I was about to
start a post on free back-up program
recommendations(CNET)because I thought
I had gotten the 8200 to the point where
it was good to go. (sigh)

Your getting over my head with making
fake partitions etc.

@Buffalo regarding CcCleaner I have not
gone into the registry, nor plan to.

Robert

Make sure you are only using one firewall, Windows or Avast.
I am using Avast free, but I use the MS firewall and do not use the Avast
firewall.
Something I noticed is that when Avast does a Program (not just
definitions), it sometimes changes your settings.

 

[magineer02]

Hello Paul,

I got to thinking, so I went back and
uninstalled CcCleaner, then went to the
firewall advanced tab and clicked to
restore default settings and restarted
the computer and the problem was gone!!!

Robert

 

[Buffalo]

wrote in message

Hello Paul,

I got to thinking, so I went back and
uninstalled CcCleaner, then went to the
firewall advanced tab and clicked to
restore default settings and restarted
the computer and the problem was gone!!!

Robert

Hard to believe that CCleaner was the problem, but I'm glad to hear the
firewall problem is fixed.
Did you have CCleaner (is CcCleaner a mistype or a rogue program) set to
check for updates automatically? Just curious.
I have had great experiences with CCleaner.

 

[Nil]

Hard to believe that CCleaner was the problem, but I'm glad to
hear the firewall problem is fixed.
Did you have CCleaner (is CcCleaner a mistype or a rogue program)
set to check for updates automatically? Just curious.
I have had great experiences with CCleaner.

I agree. I'm skeptical that CCleaner had anything to do with it. It
doesn't run resident. You run it and then exit - it should not
influence anything between sessions.

 

[magineer02]

After this post for some reason I was not able
to post messages. I've been trying for 3 weeks
to be able to post on here again and nothing worked
so after reading Pauls comments I downloaded and
installed Mozilla Firefox and it seems to be working
normally again.(knock on wood)

To make a long story short my computer became infected
with malware from CCcleaner (Optimizer Pro) which had
PUP malware. I've delted all the malware, uninstalled
CcCleaner and installed Microsoft Security Essentials
in place of malwarebytes since my free trial period
expired.

I've run scans everyday with Microsoft Security Essentials
and also Avast and it comes up clean.

Robert

 

[magineer02]

I meant I downloaded and installed Mozilla Thunderbird.

Robert

 

[BillW50]

After this post for some reason I was not able
to post messages. I've been trying for 3 weeks
to be able to post on here again and nothing worked
so after reading Pauls comments I downloaded and
installed Mozilla Firefox and it seems to be working
normally again.(knock on wood)

To make a long story short my computer became infected
with malware from CCcleaner (Optimizer Pro) which had
PUP malware. I've delted all the malware, uninstalled
CcCleaner and installed Microsoft Security Essentials
in place of malwarebytes since my free trial period
expired.

I've run scans everyday with Microsoft Security Essentials
and also Avast and it comes up clean.

Once a machine has been infected with malware, I would never trust any
AV product to check for being really cleaned. As if it is there and
running before the AV loads, you can't trust any AV products to find
anything.

What I do feel comfortable about is another OS scanning that drive(s)
for infection. This could be another machine or booting from CD, DVD,
USB or something.

Of course one could always reformat and reinstall everything from
scratch. This is a sure thing like 99.999% of the time. As there are
malware that can infect the BIOS which reformating and reinstalling
won't help. Also malware can be hidden on part of the hard drive that is
normally hidden. But those secure disk wipe utilities should be able to
kill those.

Of course, I maybe overly concern. You might be just fine. I'm just
saying about the worst cases that could happen.

 

[Nil]

To make a long story short my computer became infected with
malware from CCcleaner (Optimizer Pro) which had PUP malware.

The malware didn't come from Ccleaner, it came from the malicious
site you downloaded it from. If you had gotten it from the official
Ccleaner site (http://www.piriform.com/ccleaner), you wouldn't have
had a problem.

I've delted all the malware, uninstalled CcCleaner and installed
Microsoft Security Essentials in place of malwarebytes since my
free trial period expired.

You could have installed the free version of Malwarebytes. You
didn't need to install their "Pro" commercial trial version. Also,
Security Essentials is not a replacement for Malwarebytes Anti-malware.
They are not equivilent products. Security Essentials is a resident
virus scanner. Malwarebytes is an on-demand malware scanner. They do
different (but related) jobs.

Also, Security Essentials for Windows XP will become obsolete after
After April 8, 2014.