warning conficker clever- "cleaned" but disabling MS firewalls, et

[engrcharlie]

Hi,
One of my laptops was infected by conficker. I have no idea how, as I don't
do downloads, careful with email attachments, have a WEP protected home
wireless system, have a firewall and etc. I realize I should have updated my
XP, so I have repentance of that.
Anyway, I used the microsoft tool for conficker, McAfee, Symantec, AVG, and
malwarebytes, all of which, with full scans, say the computer is now clean.

However,
I still can only get on the internet on occasion. Windows Firewall, if
selected "no exceptions" becomes closed and not re-startable after some time
after restarting computer. Not only this, but if exceptions are allowed,
something is still adding exceptions and checking the boxes. I am also using
ZoneAlarm firewall, but whatever it is, is somehow capable of either going
around it or adding a "loopback" zone which is "trusted". And yes, on the
rare occasions each day I can get internet to work by some combination of
ending processes or just luck, I do update windows, IE, and each antivirus,
so this is with the latest any of these antiviruses have come up with.

I have seen nothing which states that conficker is this clever, to
manipulate two firewalls including windows and go completely undetected by
several malware/antivirus programs and tools, and believe it is underrated--

Any advice on securing windows firewall, and what may be going on here? If
nothing else- a warning to microsoft that even with the patch and daily
updated antiviruses and firewalls, that this virus, or something, is still
manipulating people's computers...

 

[R. McCarty]

One way to determine if malicious software is on your machine is to boot
to Safe Mode with networking. If issues aren't present in that "minimal"
mode then your machine still has either the infector or is suffering
artifact
damage from it's removal.
Sometimes after an infection the ONLY way to have a clean setup is to
do a full system load.
Also the virus products you listed aren't as effective as others. I'd do a
full system scan with either Kaspersky or NOD32's online scans.

 

[John Inzer]

Hi,
One of my laptops was infected by conficker. I have no idea how, as
I don't do downloads, careful with email attachments, have a WEP
protected home wireless system, have a firewall and etc. I realize I
should have updated my XP, so I have repentance of that.
Anyway, I used the microsoft tool for conficker, McAfee, Symantec,
AVG, and malwarebytes, all of which, with full scans, say the
computer is now clean.

However,
I still can only get on the internet on occasion. Windows Firewall,
if selected "no exceptions" becomes closed and not re-startable after
some time after restarting computer. Not only this, but if
exceptions are allowed, something is still adding exceptions and
checking the boxes. I am also using ZoneAlarm firewall, but whatever
it is, is somehow capable of either going around it or adding a
"loopback" zone which is "trusted". And yes, on the rare occasions
each day I can get internet to work by some combination of ending
processes or just luck, I do update windows, IE, and each antivirus,
so this is with the latest any of these antiviruses have come up
with.

I have seen nothing which states that conficker is this clever, to
manipulate two firewalls including windows and go completely
undetected by several malware/antivirus programs and tools, and
believe it is underrated--

Any advice on securing windows firewall, and what may be going on
here? If nothing else- a warning to microsoft that even with the
patch and daily updated antiviruses and firewalls, that this virus,
or something, is still manipulating people's computers...

==================================
FWIW...it's not a good idea to run more than
one firewall.

And...Comodo is getting good reviews now.

Download Comodo Firewall + AntiVirus for Windows
http://personalfirewall.comodo.com/download_firewall.html

It may return the same result but here is
a Conficker Removal Tool from BitDefender.

Conficker Removal Tool
http://www.bdtools.net/

--


John Inzer MS-MVP
Digital Media Experience

Notice
This is not tech support
I am a volunteer

Solutions that work for
me may not work for you

Proceed at your own risk

 

[sgopus]

I'm not sure, it seemed you said you used two firewall softwares at the same
time, if so this is a no no, only use one, windows or ZA, whichever you
choose, disable the other, they can cause conflicts and no internet access if
both are active.

 

[Alister]

However,
I still can only get on the internet on occasion. Windows Firewall, if
selected "no exceptions" becomes closed and not re-startable after some
time
after restarting computer. Not only this, but if exceptions are allowed,
something is still adding exceptions and checking the boxes. I am also
using
ZoneAlarm firewall, but whatever it is, is somehow capable of either going
around it or adding a "loopback" zone which is "trusted". And yes, on the
rare occasions each day I can get internet to work by some combination of
ending processes or just luck, I do update windows, IE, and each
antivirus,
so this is with the latest any of these antiviruses have come up with.

I doubt very much whether the problems you are experiencing are much to do
with conficker.
It is almost certain that what you are seeing is the result of trying to run
two firewalls together.
Try turning off Zone Alarm all together and use just the Windows Firewall.
Then see if you still get issues.
If you don't, try running Zone Alarm with Windows Firewall switched off -
and see if you get any issues.
Then decide which you are going to use, and stick with just one!

Alister