"Really" Expert Help needed!

[Guest]

I really don't want to reinstall my windows xp because I'm seriously busy and
don't have the time to do it.
I'm currently facing this very complex problem regarding windows firewall/
Internet connection sharing (ICS).
I used to on my windows firewall and norton antivirus. Due to whatever
changes I'm not awared of, my firewall is being "disabled"
Now, I can't open up my norton antivirus and update it (it gives no response
when i start it). When I start the windows firewall applet, it gives "due to
an unidentified problem, windows cannot display firewall settings." When I
start the security center applet, there is a warning saying "the security
center is currently unavailable because the 'security center' service has not
started or was stopped. Please close this window, restart the computer, and
then open the security center again."
So I end up searching for solutions in the net but all the solutions failed.
Those failed solutions included: http://windowsxp.mvps.org/sharedaccess.htm,
keying in other commands.
I realised that the problem lies in the local windows firewall/internet
connection sharing(ics) service. Apparently it has not started for some
reason.

Using SC command to check service status.
C:\>sc query sharedaccess
SERVICE_NAME: sharedaccess
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 3 (0x3)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Starting the service manually.
C:\Documents and Settings\Owner>net start sharedaccess
System error 3 has occurred.
The system cannot find the path specified.

Upon checking the property of the service, an error "the system cannot find
the file specified" returned. The system file for this service has obviously
gone.

How do I repair this service problem?

I really need some expert help on this problem. Thanks much.

 

[dsteel0]

I really don't want to reinstall my windows xp because I'm seriously busy and
don't have the time to do it.

Reinstalling XP SP2 would be my first suggestion, which will replace
any ICS/Firewall files.

DSt.

 

[Ramesh, MS-MVP]

Steven,

See if the file ipnathlp.dll (324KB) is present in the %windir%\system32
folder. If it's missing, extract a new copy from the source.

--
Regards,

Ramesh Srinivasan, Microsoft MVP [Windows XP Shell/User]
Windows® XP Troubleshooting http://www.winhelponline.com


I really don't want to reinstall my windows xp because I'm seriously busy
and
don't have the time to do it.
I'm currently facing this very complex problem regarding windows firewall/
Internet connection sharing (ICS).
I used to on my windows firewall and norton antivirus. Due to whatever
changes I'm not awared of, my firewall is being "disabled"
Now, I can't open up my norton antivirus and update it (it gives no response
when i start it). When I start the windows firewall applet, it gives "due to
an unidentified problem, windows cannot display firewall settings." When I
start the security center applet, there is a warning saying "the security
center is currently unavailable because the 'security center' service has
not
started or was stopped. Please close this window, restart the computer, and
then open the security center again."
So I end up searching for solutions in the net but all the solutions failed.
Those failed solutions included: http://windowsxp.mvps.org/sharedaccess.htm,
keying in other commands.
I realised that the problem lies in the local windows firewall/internet
connection sharing(ics) service. Apparently it has not started for some
reason.

Using SC command to check service status.
C:\>sc query sharedaccess
SERVICE_NAME: sharedaccess
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 3 (0x3)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Starting the service manually.
C:\Documents and Settings\Owner>net start sharedaccess
System error 3 has occurred.
The system cannot find the path specified.

Upon checking the property of the service, an error "the system cannot find
the file specified" returned. The system file for this service has obviously
gone.

How do I repair this service problem?

I really need some expert help on this problem. Thanks much.

 

[Guest]

Yes, it is present.

 

[Guest]

Last night I uninstalled Norton Antivirus because it isn't working (no
response). I installed Trend Micro PC-cillin Internet Security 2006. I
updated it to the lastest. I checked for virus. There are 2 trojans in the
computer: TROJ_AGENT.DQP infecting c:\program files\windows nt\svchost.exe,
TROJ_KILLAV.CZ infecting c:\program files\windows nt\lsass.exe. I think it
could be these 2 trojans causing the problem.
Unfortunately, these 2 trojans cannot be cleaned, deleted or quarrantined. I
searched on the net but there is little or none information on these 2
trojans.
Can someone help me to get rid of these please?

 

[---Fitz---]

Try David Lipman's great site.

http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

 

[Guest]

I tried to delete the trojans but to no avail and instead I think I've
agitated the trojans. The windows firewall/internet connection sharing
service is now totally gone. I don't see it under the services applet.

Checking the status.
C:\>sc query sharedaccess
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.

Activating it manually.
C:\>net start sharedaccess
The service name is invalid.
More help is available by typing NET HELPMSG 2185.

Arggghhh. Help??

 

[dsteel0]

I tried to delete the trojans but to no avail and instead I think I've
agitated the trojans. The windows firewall/internet connection sharing
service is now totally gone. I don't see it under the services applet.

Checking the status.
C:\>sc query sharedaccess
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.

Activating it manually.
C:\>net start sharedaccess
The service name is invalid.
More help is available by typing NET HELPMSG 2185.

Arggghhh. Help??

Unless you have installed Windows deliberately into C:\Windows nt\ then
I suggest you delete this folder, as the default XP install is to
C:\Windows. If it won't delete, you can try bringing the computer up in
safe mode then deleting it (if they still won't delete, you can try
deleting it from a DOS prompt, or try deleteing it once you have
changed the attributes on the folder/files using the attrib command,
especially if they show as read only). If you *have* deliberately
installed it to C:\Windows nt\, then google for the specific trojans
you have - symantec or sophios will usually have relaible, detailed
information on how to get rid of them.
Good luck.
DSt.

 

[Steven L Umbach]

Make sure that you also scan for malware and spyware in Safe Mode being sure
to use the latest definitions for whatever you scan with. Also logon as an
administrator and make sure that administrators and system have full control
permissions to the folders/files you can not delete. You may need to first
take ownership of those folders if you can not change permissions to them.
The links below help explain how to do that and also try Ewido for your
Trojans..

http://support.microsoft.com/default.aspx?scid=kb;en-us;308421
http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
http://www.ewido.net/en/ --- Ewido

If you get things cleaned up and you do not want to do a pristine install
just yet try do a repair install that should preserve you applications and
data [though always keep backups of your data] but require that you first
install your service pack level if it is not slipstreamed into the install
disk and then go to Windows Updates to be current on all critical security
updates. The link below explains more on how to do that.

Steve

http://www.michaelstevenstech.com/XPrepairinstall.htm --- be sure to read
the whole article.

 

[cquirke (MVP Windows shell/user)]

steven wrote:
Yep.

Unless you have installed Windows deliberately into C:\Windows nt\ then
I suggest you delete this folder, as the default XP install is to
C:\Windows. If it won't delete, you can try bringing the computer up in
safe mode then deleting it (if they still won't delete, you can try
deleting it from a DOS prompt, or try deleteing it once you have
changed the attributes on the folder/files using the attrib command,
especially if they show as read only).

Let's get serious here.

Don't play on a level field with malware, i.e. while they are active.
They are in a position to make you lose, and you cannot count on them
failing to make proper use of this opprtunity.

Instead, make sure the malware is NOT active when you scan to find it,
or manually remove it.

Malware can be within existing code files, or replace such files, or
use other techniques so that it is running even in Safe Cmd Only. In
fact, BY DESIGN Windows XP allows code to be integrated so that it
runs in Safe Mode, and I'm not just talking about "drivers" either.

So you need a maintenance OS that boots and runs entirely
independently of the hard drive, as that is the only way you can be
sure of not running the malware.

If the following are true...
- file systems are FATxx, not NTFS
- HD < 137G
....then you can use DOS Mode via 1.44M boot diskette; ideally, an EBD
made from a clean Win98 system. There are still several antivirus
scanners for DOS, such as F-Prot, McAfee's Scan and ScanPM, NOD32,
Sophos, and perhaps Kaspersky and you can scan with those.

In DOS Mode, you would have no native support for Long File Names.
There are three ways to add such support:
- a non-buggy driver TSR
- a buggy TSR that is OK if you don't create new LFNs
- a non-TSR set of replacement commands, e.g. LCopy etc. (Odi)

See http://cquirke.mvps.org/whatmos.htm

If NTFS, but HD is < 137G, then you can access the NTFS from DOS Mode
via one of three tools:
- a free read-only TSR
- a payware read/write TSR
- a non-TSR file manager (ReadNTFS)

If you first load the non-buggy LFN TSR, then the free NTFS TSR, you
can see and preserve Long File Names on NTFS.

In my experience, Odi's LFN Tools and the non-buggy LFN TSR work very
well, but NTFS support for DOS Mode works considerably less well. The
TSR is enormous and fails to properly traverse the file system, and
all sorts of internal NTFS structure is revealed as files. The
ReadNTFS is better, but slow to list dirs and capable of copying files
or subtrees one at a time (no multi-select).

Note that DOS-based scanners cannot access the registry!



Google( Bart PE )

A better bet is to use a bootable XP CDR or DVDR made by Bart's PE
Builder, into which a number of defensive tools may be built. You can
use RunScanner to apply these to the inactive registry on the hard
drive, thus supporting tools like HiJackThis, Nirsoft Utilities and
anti-spyware scanners such as AdAware.

Out the box, Bart is useful, and with a small amount of work to
complete some of the plugins, you can scan from it. The process of
adding additional tools is a bit involved, but well worth the effort
if you have to this sort of thing fairly often. My current Bart CDR
has 7 av scanners, 2 anti-spyware, and a huge battery of integration
scanners including old faves MSConfig and HJT.


The other approach is to use Linux bootable CDR or USB stick, and that
I don't have much experience with. I did try using BitDefender Live a
few years ago, and it never completed a scan without crashing. More
to the point, NTFS support in Linux is dodgy; the Capture project was
abandoned before attaining safe writable access. Caveat Emptor.

------------ ----- --- -- - - - -

Drugs are usually safe. Inject? (Y/n)