All,
my firewall XP protection has been attaked by a trojan horse. I cannot
restore and enable my Firewall XP again. If i try to restore my Firewall XP
it says unable to retore due to an unknonw problem. I am running without
firewall
Pls can you help me?
many thx
Alessandro
Alessandro Sinigaglia
> my firewall XP protection has been attaked by a trojan horse. I cannot
> restore and enable my Firewall XP again. If i try to restore my
> Firewall XP it says unable to retore due to an unknonw problem. I am
> running without firewall
Take the box offline *immediately*. Backup your data, format and
reinstall.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Alessandro Sinigaglia wrote:
>my firewall XP protection has been attaked by a trojan horse. I cannot
>restore and enable my Firewall XP again. If i try to restore my Firewall XP
>it says unable to retore due to an unknonw problem. I am running without
>firewall
You need to do quite a bit of security research fairly quickly. There
are loads of AV apps and trojan removers about that might inform you
about your problem. And there are loads of software firewalls about
that might be installable and stop your trojan dialling out - perhaps
it only messes with the useless XP FW... ?
You are in entirely the wrong group with your problem, you need to be
in a security group of some kind, or on some web forum or other.
Here, these days, you are simply bait for a linux drone who will tell
you to delete windoze.
If at all possible you stay offline until you can contain your problem
and work out a solution.
Alessandro Sinigaglia wrote:
> All,
>
> my firewall XP protection has been attaked by a trojan horse. I cannot
> restore and enable my Firewall XP again. If i try to restore my Firewall XP
> it says unable to retore due to an unknonw problem. I am running without
> firewall
>
> Pls can you help me?
> many thx
You can try to reset the XP FW.
http://www.winxptutor.com/sp2/resetfw.htm
But on the other hand, you resetting the XP FW may not be enough and you
might want to wipe out the machine.
http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx
You should practice safe hex.
http://www.claymania.com/safe-hex.html
For a computer that has a direct connection to the modem, then you
should harden the XP O/S to attack as much as possible.
http://labmice.techtarget.com/articles/winxpsecuritychecklis t.htm
Duane :)
On 26 Nov 2006 22:07:12 GMT, Ansgar -59cobalt- Wiechers wrote:
> Alessandro Sinigaglia
>> my firewall XP protection has been attaked by a trojan horse. I cannot
>> restore and enable my Firewall XP again. If i try to restore my
>> Firewall XP it says unable to retore due to an unknonw problem. I am
>> running without firewall
>
> Take the box offline *immediately*. Backup your data, format and
> reinstall.
>
> cu
> 59cobalt
Yea, and next time run under a limited user account when online. Nothing
can disable the firewall while under a limited user account.
Post removed (X-No-Archive: yes)
"Sebastian Gottschalk"
news:4supiaF11oi2dU1@mid.dfncis.de...
> jon wrote:
>
>> Alessandro Sinigaglia wrote:
>>
>>>my firewall XP protection has been attaked by a trojan horse. I cannot
>>>restore and enable my Firewall XP again. If i try to restore my Firewall
>>>XP
>>>it says unable to retore due to an unknonw problem. I am running without
>>>firewall
>>
>> You need to do quite a bit of security research fairly quickly. There
>> are loads of AV apps and trojan removers about that might inform you
>> about your problem. And there are loads of software firewalls about
>> that might be installable and stop your trojan dialling out
>
> Yeah, just like the magic fairies.
>
>> - perhaps it only messes with the useless XP FW... ?
>
> Why do you think it's useless? And various "software firewalls" aren't?
> Now, that doesn't make any sense at all.
Because the win firewall doen´t monitor outgoing traffic its garbage.
>> You are in entirely the wrong group with your problem, you need to be
>> in a security group of some kind, or on some web forum or other.
>
> Nah, that's not clear yet. The big question is: Did he run as a restricted
> user? If so, then it might be really just a configuration issue and the
> trojan horse was just coincidentially related.
Users that use the win firewall usually have no clue to work as a restricted
user.
>> Here, these days, you are simply bait for a linux drone who will tell
>> you to delete windoze.
>
> Nah, you may reinstall Windows as well. In any case, if the system was
> compromised, reinstallation is unavoidable.
Just in case of a rootkit is a freh installatuon unavoidable.
>> If at all possible you stay offline until you can contain your problem
>> and work out a solution.
>
> And the most common consequence of such an evaluation is: flatten and
> rebuild!
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
jon
> Alessandro Sinigaglia wrote:
>> my firewall XP protection has been attaked by a trojan horse. I
>> cannot restore and enable my Firewall XP again. If i try to restore
>> my Firewall XP it says unable to retore due to an unknonw problem. I
>> am running without firewall
>
> You need to do quite a bit of security research fairly quickly. There
> are loads of AV apps and trojan removers about that might inform you
> about your problem. And there are loads of software firewalls about
> that might be installable and stop your trojan dialling out - perhaps
> it only messes with the useless XP FW... ?
That is ILL advice and does NOT solve the problem.
http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
arja
> "Sebastian Gottschalk"
>> jon wrote:
>>> Alessandro Sinigaglia wrote:
>>>> my firewall XP protection has been attaked by a trojan horse. I
>>>> cannot restore and enable my Firewall XP again. If i try to restore
>>>> my Firewall XP
>>>> it says unable to retore due to an unknonw problem. I am running
>>>> without firewall
>>>
>>> You need to do quite a bit of security research fairly quickly.
>>> There are loads of AV apps and trojan removers about that might
>>> inform you about your problem. And there are loads of software
>>> firewalls about that might be installable and stop your trojan
>>> dialling out
>>
>> Yeah, just like the magic fairies.
>>
>>> - perhaps it only messes with the useless XP FW... ?
>>
>> Why do you think it's useless? And various "software firewalls"
>> aren't? Now, that doesn't make any sense at all.
>
> Because the win firewall doen?t monitor outgoing traffic its garbage.
If you want to monitor outgoing traffic: there's Port Reporter [1]. If
you want to block outgoing traffic: that can't be done reliably on
Windows. Not for a restricted user, and much less for an administrator.
>>> You are in entirely the wrong group with your problem, you need to
>>> be in a security group of some kind, or on some web forum or other.
>>
>> Nah, that's not clear yet. The big question is: Did he run as a
>> restricted user? If so, then it might be really just a configuration
>> issue and the trojan horse was just coincidentially related.
>
> Users that use the win firewall usually have no clue to work as a
> restricted user.
But users who install other software firewalls do? Yeah, right.
>>> Here, these days, you are simply bait for a linux drone who will
>>> tell you to delete windoze.
>>
>> Nah, you may reinstall Windows as well. In any case, if the system
>> was compromised, reinstallation is unavoidable.
>
> Just in case of a rootkit is a freh installatuon unavoidable.
The system is compromised [2,3]. What exactly makes you believe that no
rootkit was installed? And if you can't be sure about that: why do you
believe a reinstall was avoidable?
[1] http://support.microsoft.com/kb/837243
[2] http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx
[3] http://www.microsoft.com/technet/archive/community/columns/s ecurity/essays/10imlaws.mspx
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich