Win Firewall off briefly

XP Win Firewall-off balloon comes up every hour or so  Verified firewall off 
when balloon shows and on when it goes away 10-20 sec later.  Annoying.  How 
to track this down?  Replace it?  Have disabled a few msconfig startup items 
- slow & unsuccessful.

Win XP SP2 (HP Pavillion) MCE
Symantec AV, no firewall, Auto-protect on.
Malwarebyte
Win Defender, considering turning off real-time protection



0
Utf
12/19/2009 12:07:01 AM
windowsxp.general 3897 articles. 1 followers. Follow

9 Replies
667 Views

Similar Articles

[PageSpeed] 55


"Evan Weiner" wrote:

> XP Win Firewall-off balloon comes up every hour or so  Verified firewall off 
> when balloon shows and on when it goes away 10-20 sec later.  Annoying.  How 
> to track this down?  Replace it?  Have disabled a few msconfig startup items 
> - slow & unsuccessful.
> 
> Win XP SP2 (HP Pavillion) MCE
> Symantec AV, no firewall, Auto-protect on.
> Malwarebyte
> Win Defender, considering turning off real-time protection
> 

Control Panel, Security Center, left side of pane, Change the way Security 
Center alerts me. Uncheck the firewall box.

SP2 and no firewall? You're already infected. Wipe and reload. Install SP3 
and at least turn on the Windows firewall. 
0
Utf
12/19/2009 1:06:01 AM
In news:975E360D-0E3C-4D21-A758-00AECE8233C9@microsoft.com,
Evan Weiner <EvanWeiner@discussions.microsoft.com> typed:
> XP Win Firewall-off balloon comes up every hour or so  Verified
> firewall off when balloon shows and on when it goes away 10-20 sec
> later.  Annoying.  How to track this down?  Replace it?  Have
> disabled a few msconfig startup items - slow & unsuccessful.
>
> Win XP SP2 (HP Pavillion) MCE
> Symantec AV, no firewall, Auto-protect on.
> Malwarebyte
> Win Defender, considering turning off real-time protection

You say above no firewall, but above that you say the firewall is turning 
off/on by itself.  Do you have the firewall on or not?
Do you have a firewall other than the XP firewall installed? If so, you need 
to turn OFF the XP firewall.
   Any particular reason why you aren't at SP3?
   Are you allowing updates to be installed each week or whenever they come 
out? If you aren't allowing updates then all bets are off and you might as 
well start over again from scratch. Never access the 'net without AV and 
firewall in place first. It may only take a split second for a drive-by to 
discover your machine and infect it with some sort of malware.  A lot of 
malware these days then opens you up to receiving even more by inviting it 
in.

Are you by any chance behind  a router or gateway with NAT services?  If so 
that will help the situation until whatevr is wrong gets figured out and it 
is a firewall too, of sorts.

Although the firewall may be the less imortant of the protections, the fact 
that it's turning off and on apparently on its own is IMO likely to be a 
sign of some sort of malware infection.

Have you tried disconnecting from the 'net,  turning the win firewall off, 
doing a Restart, turn it back on, and do another Restart?  Kind of a 
straw-grab but I know of another situation where that straightened it out.

Is your AV and malwarebyte up to date? Have you run it and AV in full scan 
modes?  If so and they've found no problems, you might want to also 
download, update and run full scans with Spybot Search & Destroy and Adaware 
or two others if you have favorites you want to use.

   Then if there is still a problem, come on back with the details of the 
tests so far and list them.  Include the names and versions of each program 
you run along with whether it found any problems or not, and be sure to have 
checked for updates before running each one, even if you've just downloaded 
it.  Very often downloaded programs still need to be updated after 
installation.

Good luck,

Twayne`





-- 
Live in the moment;
be open to the possibilities
that life has to offer. 

0
Twayne
12/19/2009 3:00:53 AM
Win firewall is on all the time except for the brief off-on periods when it 
happens  by itself.

No other firewalls.  Considering another just to see what happens.

HP support said SP3 will render my HP Pavillion/AMD unstable.  Tried 
installing SP3 before that & failed.  Considering trying it again.  There's 
always Restore or reformat.  I'm gun-shy with the reformat having done it 
with Win 98 on an older machine and seeing no improvement.

Installing Win updates on notification, usually same day.  Ditto HP, Java.  
Firefox 3.5.6 beta seems to update itself.  HP updates periodically.

Semantec AV 10.1 in place with Auto-protect enabled.

No router or gateway.  Have Verizon DSL.

Will try net disconnect, firewall off, restart, firewall on, restart after 
current wait/test.

SAV, Defender, Malwarebyte all up-to-date.  Full scans periodically after 
firewall off-on behavior started.

Sfwr: Office 2003 (getting updates), Mathcad, emptemp2, FS9, Acronis bkup, 
Skype, Firefox 3.5.6 (beta), IE7

Current testing is disabling startup stuff: DISC processes associated with 
XP Win Media Center game tryouts (DISCover, DiscUpdateMgr, MyFTP), jqs (Java 
Quick Start), Win Defender scheduled & real-time scans.  All proved negative 
except Defender which hasn't been tested long enough (at least 1 hr).


"Twayne" wrote:

> In news:975E360D-0E3C-4D21-A758-00AECE8233C9@microsoft.com,
> Evan Weiner <EvanWeiner@discussions.microsoft.com> typed:
> > XP Win Firewall-off balloon comes up every hour or so  Verified
> > firewall off when balloon shows and on when it goes away 10-20 sec
> > later.  Annoying.  How to track this down?  Replace it?  Have
> > disabled a few msconfig startup items - slow & unsuccessful.
> >
> > Win XP SP2 (HP Pavillion) MCE
> > Symantec AV, no firewall, Auto-protect on.
> > Malwarebyte
> > Win Defender, considering turning off real-time protection
> 
> You say above no firewall, but above that you say the firewall is turning 
> off/on by itself.  Do you have the firewall on or not?
> Do you have a firewall other than the XP firewall installed? If so, you need 
> to turn OFF the XP firewall.
>    Any particular reason why you aren't at SP3?
>    Are you allowing updates to be installed each week or whenever they come 
> out? If you aren't allowing updates then all bets are off and you might as 
> well start over again from scratch. Never access the 'net without AV and 
> firewall in place first. It may only take a split second for a drive-by to 
> discover your machine and infect it with some sort of malware.  A lot of 
> malware these days then opens you up to receiving even more by inviting it 
> in.
> 
> Are you by any chance behind  a router or gateway with NAT services?  If so 
> that will help the situation until whatevr is wrong gets figured out and it 
> is a firewall too, of sorts.
> 
> Although the firewall may be the less imortant of the protections, the fact 
> that it's turning off and on apparently on its own is IMO likely to be a 
> sign of some sort of malware infection.
> 
> Have you tried disconnecting from the 'net,  turning the win firewall off, 
> doing a Restart, turn it back on, and do another Restart?  Kind of a 
> straw-grab but I know of another situation where that straightened it out.
> 
> Is your AV and malwarebyte up to date? Have you run it and AV in full scan 
> modes?  If so and they've found no problems, you might want to also 
> download, update and run full scans with Spybot Search & Destroy and Adaware 
> or two others if you have favorites you want to use.
> 
>    Then if there is still a problem, come on back with the details of the 
> tests so far and list them.  Include the names and versions of each program 
> you run along with whether it found any problems or not, and be sure to have 
> checked for updates before running each one, even if you've just downloaded 
> it.  Very often downloaded programs still need to be updated after 
> installation.
> 
> Good luck,
> 
> Twayne`
> 
> 
> 
> 
> 
> -- 
> Live in the moment;
> be open to the possibilities
> that life has to offer. 
> 
> .
> 
0
Utf
12/19/2009 3:03:01 PM
On Dec 18, 8:06=A0pm, Mark Adams <MarkAd...@discussions.microsoft.com>
wrote:
> "Evan Weiner" wrote:
> > XP Win Firewall-off balloon comes up every hour or so =A0Verified firew=
all off
> > when balloon shows and on when it goes away 10-20 sec later. =A0Annoyin=
g. =A0How
> > to track this down? =A0Replace it? =A0Have disabled a few msconfig star=
tup items
> > - slow & unsuccessful.
>
> > Win XP SP2 (HP Pavillion) MCE
> > Symantec AV, no firewall, Auto-protect on.
> > Malwarebyte
> > Win Defender, considering turning off real-time protection
>
> Control Panel, Security Center, left side of pane, Change the way Securit=
y
> Center alerts me. Uncheck the firewall box.
>
> SP2 and no firewall? You're already infected. Wipe and reload. Install SP=
3
> and at least turn on the Windows firewall.

Is that a recommendation to just disable the alerting mechanism of a
potential firewall issue instead of figuring it out and fixing it?

If someone is on SP2, is the procedure to solve the problem wipe and
reload?
0
Jose
12/19/2009 3:59:18 PM
Evan Weiner wrote:

> HP support said SP3 will render my HP Pavillion/AMD unstable.

Are you serious??!!

This issue has been know for a year and a half. You must have gotten a 
completely clueless HP support tech.

At any rate, assuming you have an HP with a factory-installed image 
(which has a flaw) *and* an AMD processor, in order to upgrade to SP3, 
you need to first run the executable from this page:

http://h10025.www1.hp.com/ewfrf/wc/genericSoftwareDownloadIndex?lc=en&dlc=en&cc=us&softwareitem=pv-60484-2

More information:

http://msinfluentials.com/blogs/jesper/archive/2008/05/08/does-your-amd-based-computer-boot-after-installing-xp-sp3.aspx

Furthermore, for best results, you should use the complete installation 
package from this page:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en

.... as well as making sure you configure a Clean Boot beforehand:

http://support.microsoft.com/kb/310353

Then again, you should not upgrade to SP3 until your system is stable. 
So if your firewall is getting turned off from time to time (a sign of 
malware), you need to address that first! 


0
Daave
12/19/2009 4:43:12 PM
Malware would be the first thing I would suspect.

Or I wonder if your Symantec program (or another program) is causing 
this behavior.

Check Event Viewer for unusual activity.

Also have a look here:

http://technet.microsoft.com/en-us/library/cc749262(WS.10).aspx

For more info on detecting and removing malware:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Evan Weiner wrote:
> Win firewall is on all the time except for the brief off-on periods
> when it happens  by itself.
>
> No other firewalls.  Considering another just to see what happens.
>
> HP support said SP3 will render my HP Pavillion/AMD unstable.  Tried
> installing SP3 before that & failed.  Considering trying it again.
> There's always Restore or reformat.  I'm gun-shy with the reformat
> having done it with Win 98 on an older machine and seeing no
> improvement.
>
> Installing Win updates on notification, usually same day.  Ditto HP,
> Java. Firefox 3.5.6 beta seems to update itself.  HP updates
> periodically.
>
> Semantec AV 10.1 in place with Auto-protect enabled.
>
> No router or gateway.  Have Verizon DSL.
>
> Will try net disconnect, firewall off, restart, firewall on, restart
> after current wait/test.
>
> SAV, Defender, Malwarebyte all up-to-date.  Full scans periodically
> after firewall off-on behavior started.
>
> Sfwr: Office 2003 (getting updates), Mathcad, emptemp2, FS9, Acronis
> bkup, Skype, Firefox 3.5.6 (beta), IE7
>
> Current testing is disabling startup stuff: DISC processes associated
> with XP Win Media Center game tryouts (DISCover, DiscUpdateMgr,
> MyFTP), jqs (Java Quick Start), Win Defender scheduled & real-time
> scans.  All proved negative except Defender which hasn't been tested
> long enough (at least 1 hr).
>
>
> "Twayne" wrote:
>
>> In news:975E360D-0E3C-4D21-A758-00AECE8233C9@microsoft.com,
>> Evan Weiner <EvanWeiner@discussions.microsoft.com> typed:
>>> XP Win Firewall-off balloon comes up every hour or so  Verified
>>> firewall off when balloon shows and on when it goes away 10-20 sec
>>> later.  Annoying.  How to track this down?  Replace it?  Have
>>> disabled a few msconfig startup items - slow & unsuccessful.
>>>
>>> Win XP SP2 (HP Pavillion) MCE
>>> Symantec AV, no firewall, Auto-protect on.
>>> Malwarebyte
>>> Win Defender, considering turning off real-time protection
>>
>> You say above no firewall, but above that you say the firewall is
>> turning off/on by itself.  Do you have the firewall on or not?
>> Do you have a firewall other than the XP firewall installed? If so,
>> you need to turn OFF the XP firewall.
>>    Any particular reason why you aren't at SP3?
>>    Are you allowing updates to be installed each week or whenever
>> they come out? If you aren't allowing updates then all bets are off
>> and you might as well start over again from scratch. Never access
>> the 'net without AV and firewall in place first. It may only take a
>> split second for a drive-by to discover your machine and infect it
>> with some sort of malware.  A lot of malware these days then opens
>> you up to receiving even more by inviting it in.
>>
>> Are you by any chance behind  a router or gateway with NAT services?
>> If so that will help the situation until whatevr is wrong gets
>> figured out and it is a firewall too, of sorts.
>>
>> Although the firewall may be the less imortant of the protections,
>> the fact that it's turning off and on apparently on its own is IMO
>> likely to be a sign of some sort of malware infection.
>>
>> Have you tried disconnecting from the 'net,  turning the win
>> firewall off, doing a Restart, turn it back on, and do another
>> Restart?  Kind of a straw-grab but I know of another situation where
>> that straightened it out.
>>
>> Is your AV and malwarebyte up to date? Have you run it and AV in
>> full scan modes?  If so and they've found no problems, you might
>> want to also download, update and run full scans with Spybot Search
>> & Destroy and Adaware or two others if you have favorites you want
>> to use.
>>
>>    Then if there is still a problem, come on back with the details
>> of the tests so far and list them.  Include the names and versions
>> of each program you run along with whether it found any problems or
>> not, and be sure to have checked for updates before running each
>> one, even if you've just downloaded it.  Very often downloaded
>> programs still need to be updated after installation.
>>
>> Good luck,
>>
>> Twayne`
>>
>>
>>
>>
>>
>> --
>> Live in the moment;
>> be open to the possibilities
>> that life has to offer.
>>
>> . 


0
Daave
12/19/2009 4:48:48 PM
On Dec 18, 7:07=A0pm, Evan Weiner <EvanWei...@discussions.microsoft.com>
wrote:
> XP Win Firewall-off balloon comes up every hour or so =A0Verified firewal=
l off
> when balloon shows and on when it goes away 10-20 sec later. =A0Annoying.=
 =A0How
> to track this down? =A0Replace it? =A0Have disabled a few msconfig startu=
p items
> - slow & unsuccessful.
>
> Win XP SP2 (HP Pavillion) MCE
> Symantec AV, no firewall, Auto-protect on.
> Malwarebyte
> Win Defender, considering turning off real-time protection

I have heard about and witnessed your issue a few times with my own
eyeballs.

It is wasting time to try to fix SP2 issues, so update to SP3.
Installing SP3 does not require any wipe and reinstall.

Here is a list of SP3 fixes you don't have:

http://support.microsoft.com/kb/946480

To eliminate questions and guessing, please provide additional
information about your system.

Click Start, Run and in the box enter:

msinfo32

Click OK, and when the System Summary info appears, click Edit, Select
All, Copy and then paste the information back here.

There will be some personal information (like System Name and User
Name), and whatever appears to be private information to you, just
delete it from the pasted information.

Perform some scans for malicious software, then fix any remaining
issues:

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM):  http://malwarebytes.org/
SUPERAntiSpyware: (SAS):  http://www.superantispyware.com/

They can be uninstalled later if desired.
0
Jose
12/19/2009 9:11:04 PM
In news:AE0A70DD-3204-4DAE-B1A5-DCB6714E13B2@microsoft.com,
Evan Weiner <EvanWeiner@discussions.microsoft.com> typed:
> Win firewall is on all the time except for the brief off-on periods
> when it happens  by itself.

Sorry to be so wordy, but this may be the last I can try to assist you 
becuase from what I've read in your post, you are dismally protected from 
malware due to the way you use the computer and a lack of facilities to keep 
Security levels in place.  I'm pretty much convinced you are the victim of 
malware (wish I was wrong, but don't think so) and even worse. Your being an 
online gamer with the minimal protection you have in place almost guarantees 
you are infected, possibly by multiple sources, whether your scanners are 
finding them or not.  I can even see the possibility now that the off/on of 
the firewall could be a game controlling the firewall and exposing one or 
several or all ports to the public.  Who knows how many things are being 
controlled by malware.
   In the end I think, and seldom recommend this, that a full return to 
factory-delivered setup is the only sure way to get things working again. 
And since it's a media center machine, only recover it using the mfr's 
instructions or you could lose the media center features.

OK, that said:

I'm going to have to vote for malware I'm afraid, with more confidence than 
I had before now.  It's too bad you didn't run the other spyware programs 
suggested or at least additional ones because in the spyware world, no 
single program catches everything; each have their otwn strengths in 
discovering malware.

I can think of NO setting or legitimate way to cycle the XP firewall off/on 
randomly as you describe.  That fact that it does so leads me to believe you 
are already infected with something and part of it is a downloader: It's 
grabbed the firewall and is pulling in more pieces of most likely more 
malware each time that "off" cycle occurs.
   In the event it stops happening, do NOT feel comfortable!  It might stop 
simply because it has finished assembling whatever nefarious programs it 
wants to assemble. Not to scare you, but my research yesterday indicated 
that you -might- (not does) have some sort of infection that is about to 
turn your machine into a zombie ( 
http://en.wikipedia.org/wiki/Zombie_computer ) .  These days they assemble 
viruses/trojans in small pieces to prevent users from noticing them so 
easily.  If/when your ISP should notice zombie activity on your account 
(spamming usually, unbeknownst to you), your account will usually be just 
closed until you clean up your machine and get rid of it.  Or, you could 
already be zombied and the short off periods are to collect further 
instructions from whoever placed the malware there.

I'm guessing at your level of expertise, but I suspect it might be more 
expedient and easier for you to do a backup of ALL your data and completely 
rebuild your C boot drive.  Now that I know it's a media center machine, be 
CERTAIN to follow the machine recovery instructions provided by HP or you'll 
lose the media center capabilities.  It's not a must to have the media 
center parts installed as everything media center can do can still be done 
without it, but when you don't know how to do that, the media center you've 
already learned can be pretty valuable.
 Since the recovery is on a hidden partition, issue the command to initiate 
that method of recovery.   If it's on the hard drive there will be a key 
sequence to make it start; CTRL-F12 or something like that; your computer 
documentation will tell you.

>
> No other firewalls.  Considering another just to see what happens.

Perhaps after you've fixed things that would be a good idea but right now 
you are probably already infected and a new firewall won't stop anything for 
long and might add complexity to your current efforts.  Save firewall 
research for after you have this current issue worked out.

FYI, ZoneAlarm and Norton AV each say to uninstall the other in order to use 
them so they aren't compatible. Others work well though. Some people get 
them to live together, others do not.

>
> HP support said SP3 will render my HP Pavillion/AMD unstable.  Tried
> installing SP3 before that & failed.  Considering trying it again.

Go to the MS support web stie and get the instructions and preps and 
requirements for installing SP3.  Your computer IS covered in those 
articles!!
 I don't have the KB handy but Microsoft Support has instructions on how to 
manage this, I'm pretty sure.  It's in one of the prerequisites to 
installing SP3 articles. My sister has the same machine you do and works 
fine with SP3.  But, she visited MS and used the instructions they provided. 
That tech seems to be a bit behind the times.

> There's always Restore or reformat.  I'm gun-shy with the reformat
> having done it with Win 98 on an older machine and seeing no
> improvement.

Bad way to judge things. Fixing the keyboard won't fix a printer<g>.  The 
most certain way to be sure there are no viruses, trojans, worms, etc., and 
no file corruption plus no missing files is to do a clean install of the 
operating system. If nothing else it almost always results in a faster 
machine and in this case I think it may be the only viable solution you have 
available to you.  It even prevents the situation where some tiny piece of 
code sits somewhere that is able to rebuild the malware and have it show up 
again days or weeks later.
   If you discover malware after a clean install, then you can be sure that 
it was you or some other user that brought it in.  When you get the 
opportunity, simply be sure to delete/recreate partitions.  Most on-disk 
restoration does that for you.

>
> Installing Win updates on notification, usually same day.  Ditto HP,
> Java. Firefox 3.5.6 beta seems to update itself.  HP updates
> periodically.

FF BETA?  Uninstall it for the rest of your troubleshooting efforts, and see 
what happens.  BETA software as you probably know can still be buggy and 
make strange things happen!  When you have a problem, never allow BETA 
software to be installed; it may be running a lot of background tasks you're 
not aware of!
   Killing offf BETA ware should be the first thing one does when problems 
arise.  They're easy enough to reinstall later on and might be the root 
cause of the problems.  Get rid of it until this is fixed.
>
> Semantec AV 10.1 in place with Auto-protect enabled.

I assume that's Norton 2010? I don't see it off hand on the products page.
   Whenever you need to test anything with auto-protect disabled be 
ABSOLUTELY CERTAIN you disconnect from the internet!!  It only takes a split 
second for a drive-by to discover the opened ports and to dive into your 
innards; and bingo, you're infected. Never, ever allow a connection without 
AV running; it's more important than firewall or even spyware detectors, 
though not a lot of difference in importance.
   Online games and unsafe surfing are another way to unintentionally 
download malware. http://www.claymania.com/safe-hex.html
If you're a GAMER, you are very poorly set up to protect yourself. 
Infections and malware are simply a way of life for gamers who fiddle with 
new games and try out different games online.  Almost any online game you 
run opens ports to the public, making all kinds of accesses into your 
machine possible.  I'm a little surprised your current MWB and AV didn't 
find a few, at least, problems.  Also be sure to do full, deep scans when 
you run scanners.
   The keyword there is online. Games that don't connect to the internet 
aren't usually problems but that said I've never seen one that didn't report 
home somehow even if just to supposedly record high scores.  I have my modem 
on a switch and always kill it whenever I'm playing games or the like.  If 
that stops the game from running, then it also stops the game from living on 
my computer<g>.  Obviously I'm not a gamer.

>
> No router or gateway.  Have Verizon DSL.

So; you're directly connected to the phone lines?  There is no box of any 
kind between your machine and the phone line?  It'll work, but I'm real 
curious why you didn't use the Verizon-supplied gateway or router?  Most of 
them have NAT http://www.farpost.com/glossary/nat.php , which provides an 
additional layer of firewall protection.  Not enough protection, but still a 
lot.

>
> Will try net disconnect, firewall off, restart, firewall on, restart
> after current wait/test.
>
> SAV, Defender, Malwarebyte all up-to-date.  Full scans periodically
> after firewall off-on behavior started.

Try some additional spyware detectors as I mentioned before and see if they 
find anything.  If you're not sure of the reputation of a scanner, just ask 
here.  There are a LOT of junk and malware ones out there.
   It's entirely possible that, even if these scanners do find something 
now, however, that they will not completely clean the machine. A lot of 
times a machine may appear to have been cleaned, but there will still be 
something stashed away somewhere that allows the malware to rebuild and 
reinstall itself. But then again, maybe not too.

>
> Sfwr: Office 2003 (getting updates), Mathcad, emptemp2, FS9, Acronis
> bkup, Skype, Firefox 3.5.6 (beta), IE7

ACRONIS!!  Good!  Copy your most recent image to DVDs so no matter what you 
can always get back to this current point, even though it has a problem.
   Then start working your way backwards re-imaging the drive with older and 
older images (assuming you have them) until the problem disappears!  Then go 
ONE MORE image back to the preceding day, and if that's still clean you 
MIGHT have a point, though out of date, that you can manually rebuild and 
get back a working machine.
   You might not have enough images, depending, to get back far enough in 
time; it seems like somewhere you said this was a long-suffering problem? 
IMO it's worth taking a look at though if you have the old data available. 
I create DVDs of my Ghost images every seconc month just for this kind of 
use.  It's a pain to do but it paid off for me once, making it all 
worthwhile.

>
> Current testing is disabling startup stuff: DISC processes associated
> with XP Win Media Center game tryouts (DISCover, DiscUpdateMgr,
> MyFTP), jqs (Java Quick Start), Win Defender scheduled & real-time
> scans.  All proved negative except Defender which hasn't been tested
> long enough (at least 1 hr).

Not sure I understand all that, but now it's known to be a media center 
machine.  ONLY REINSTALL per the instructions provided for your machine or 
you'll lose the media center capabilities.  This is a case where, much as I 
hate them, the on-disk hidden recovery partition is an advantage!  Assuming 
it hasn't been damaged, which would be pretty unlikely.

See Security Flaws at:  http://en.wikipedia.org/wiki/Skype_security
http://share.skype.com/sites/security/2009/09/a_little_bit_about_trojanpesky.html

Twayne




>
>
> "Twayne" wrote:
>
>> In news:975E360D-0E3C-4D21-A758-00AECE8233C9@microsoft.com,
>> Evan Weiner <EvanWeiner@discussions.microsoft.com> typed:
>>> XP Win Firewall-off balloon comes up every hour or so  Verified
>>> firewall off when balloon shows and on when it goes away 10-20 sec
>>> later.  Annoying.  How to track this down?  Replace it?  Have
>>> disabled a few msconfig startup items - slow & unsuccessful.
>>>
>>> Win XP SP2 (HP Pavillion) MCE
>>> Symantec AV, no firewall, Auto-protect on.
>>> Malwarebyte
>>> Win Defender, considering turning off real-time protection
>>
>> You say above no firewall, but above that you say the firewall is
>> turning off/on by itself.  Do you have the firewall on or not?
>> Do you have a firewall other than the XP firewall installed? If so,
>> you need to turn OFF the XP firewall.
>>    Any particular reason why you aren't at SP3?
>>    Are you allowing updates to be installed each week or whenever
>> they come out? If you aren't allowing updates then all bets are off
>> and you might as well start over again from scratch. Never access
>> the 'net without AV and firewall in place first. It may only take a
>> split second for a drive-by to discover your machine and infect it
>> with some sort of malware.  A lot of malware these days then opens
>> you up to receiving even more by inviting it in.
>>
>> Are you by any chance behind  a router or gateway with NAT services?
>> If so that will help the situation until whatevr is wrong gets
>> figured out and it is a firewall too, of sorts.
>>
>> Although the firewall may be the less imortant of the protections,
>> the fact that it's turning off and on apparently on its own is IMO
>> likely to be a sign of some sort of malware infection.
>>
>> Have you tried disconnecting from the 'net,  turning the win
>> firewall off, doing a Restart, turn it back on, and do another
>> Restart?  Kind of a straw-grab but I know of another situation where
>> that straightened it out.
>>
>> Is your AV and malwarebyte up to date? Have you run it and AV in
>> full scan modes?  If so and they've found no problems, you might
>> want to also download, update and run full scans with Spybot Search
>> & Destroy and Adaware or two others if you have favorites you want
>> to use.
>>
>>    Then if there is still a problem, come on back with the details
>> of the tests so far and list them.  Include the names and versions
>> of each program you run along with whether it found any problems or
>> not, and be sure to have checked for updates before running each
>> one, even if you've just downloaded it.  Very often downloaded
>> programs still need to be updated after installation.
>>
>> Good luck,
>>
>> Twayne`
>>
>>
>>
>>
>>
>> --
>> Live in the moment;
>> be open to the possibilities
>> that life has to offer.
>>
>> .



-- 
-- 
Live in the moment;
be open to the possibilities
that life has to offer. 

0
Twayne
12/19/2009 10:25:16 PM
On Fri, 18 Dec 2009 16:07:01 -0800, Evan Weiner
<EvanWeiner@discussions.microsoft.com> wrote:

>XP Win Firewall-off balloon comes up every hour or so  Verified firewall off 
>when balloon shows and on when it goes away 10-20 sec later.  Annoying.  How 
>to track this down?  Replace it?  Have disabled a few msconfig startup items 
>- slow & unsuccessful.
>
>Win XP SP2 (HP Pavillion) MCE
>Symantec AV, no firewall, Auto-protect on.
>Malwarebyte
>Win Defender, considering turning off real-time protection
>
>


In light of everything else that has been suggested I would be running
Avira anti-virus as my virus scanner all the time. In addition to that
you can run on-line scans from TrendMicro and Panda and Kaspersky.

No one virus scanner finds them all so trying to run the online scans
only helps you find things that Avira doesn't

Another good addtion but not a staple to your system is a program
called ThreatFire. There have  been occasions when installing this
small program will cause a conflict,IE: with AVG Free Antivirus. If
you find this to be true just remove it.

A great free un-installer is Revo..... it not only runs the programs
un-installer but it then looks at the registry and allows you to
remove left overs in there. Use your own discretion but it's never
taken anything out that it shouldn' have for me.

Good Luck!

Tinsby
0
Tinsby
12/19/2009 11:03:38 PM
Reply:

Similar Artilces:

Win 7...to..... Win XP??
Blank Is it possible to install Win XP over Win 7 in a laptop w/o causing any problems?? Thanxxxxx...Rudy//////// Rudy wrote: > Blank Is it possible to install Win XP over Win 7 in a laptop > w/o causing any problems?? Thanxxxxx...Rudy//////// "w/o causing any problems" is ill-defined. It's no problem for me to do a clean installation of Windows 7 over a Windows XP system and continue using it... Is it a problem for you to do a clean installation of Windows 7 over Windows XP, install your applications and restore your data so you can us...

Install WIN 98 after WIN XP
On my notebook i have installed WIN XPSP2 on partotion C(NTFS). Then I have created partition E on the same hard disk(D is CD drive), and format it to FAT32 situable for instalation of WIN 98. The problem for me is how to install WIN 98 to E drive, without deleting WIN XP, and with boot menu to choose which operating system want to use. I need to install WIN 98 for diagnostic software of some old devices that won´t work on WIN XP. I was thinking to solve this problem in next steps: - create an image of operating system(image of WIN XP) on NTFS file system with some backup a...

error encountered installing office pro plus 2010 Win 7 ultimate 3
Trying to install Office Pro Plus 2010 in Win 7 unltimate 32bit downloaded from technet as the installer was starting to run got this error "Error 2203. An internal error has occurred. (C:windows\installer\546ca7b.ipi -2147287035) ???? -- Thanks for the help Since Pro Plus is a volume license you would need to seek support from your Home IT dept, or via the phone numbers given with your 'purchase' of Pro Plus "pauldemo" <pauldemo@discussions.microsoft.com> wrote in message news:226448E2-498C-4D1B-A798-0D92E04D839A@microsoft.com... > Try...

Win 7 x64 and problems with ERUNT
I have, since loading Win 7 x64, not been able to use ERUNT to automatically backup the Registry at startup. It appears that if you elect for the ERUNT default configuration to save the 'backup' to %systemroot%\ERDNT the backup will fail. However, I have since learned, (Google where else?) that if you elect to save the backup to another folder it will succeed. In my case I save the backup to a USB drive (P:\ERDNT) and 'autobackup' runs as it should at startup. ...

Outlook Express 6.0 Win XP #2
How do I make a back-up of my messages on outlook express to burn on a CD ? Thanks ...

Printing in Win NT vs Win 2000
When printing a document in NT, it is coming out differently than from 2000. It doesn't matter what printer you print to. I've tried 4 different printers so far. The option in Excel is fit to 1x1 page. Any ideas? Thank you. Kathy I'm afraid it is difficult to get prints the same from different printers and operating systems as the drivers will be different all round. Excel uses setting from the drivers. You could try and ensure that all same printers have all same version of drivers for each operating system. (Normally manufacturers release them all together for Winx) ...

Ports to open on Firewall
I have bought a new Netgear router as I'm sure my old one was knackered... My router has just reset itself... is this normal? Anyway back to the subject... What ports do I need to keep open on my router, I am running Exchange with OWA on SBS03, nothing else really. Any help would be appreciated. Woady On Mon, 2 May 2005 16:32:00 +0100, "Me" <me@me.com> wrote: >I have bought a new Netgear router as I'm sure my old one was knackered... > >My router has just reset itself... is this normal? Anyway back to the >subject... > >What ports do I need...

Win a limited edition Google Water-Bottle!
Hi all, Did you know that Google Docs makes it easy to create forms and surveys? One of the least known, but most useful features of Google Docs is forms and we want your help in spreading the word. Now we want to do raffle among the participators of Google Doc survey after you come back to campus from the Thanksgiving! Please take seconds to fill out the Google Doc survey ( the link below) and you could win a limited edition Google water-bottle or a Google Wave account! Survey Link: http://spreadsheets.google.com/viewform?hl=en&formkey=dGsyVUdYSjhqUmF5dm9ZYjk3RVZoUVE6MA...

Remote controlling WMP over a Win 7 office network
Hi All, We have one machine in our office with Windows Media Player (latest version under Win7 Pro x64) with a massive music library and speakers distributed through the office. I'd like each computer in the office to be able to remote control that Windows Media Player - is that possible? If so, how? Thanks, Thomas. ...

Question about Win 2003 R2 OEM license key
I installed Win 2003 R2 with a used OEM license key and media. Obvious it cannot be activated with this key. I asked the vendor to get a new license key. What the vendor told me is even I get the new license key, I will need to re-install Win 2003 with the media it shippes! Is this true? My believe is as long as it is unused new OEM license, I can just put the key in, even the Win 2003 is installed with a media that tagged with a different license key. Am I right here? Sorry--you have landed in a MacWord newsgroup. You'll need to find a Windows newsgroup to ask your question. http:...

Win XP and Win 7
I apollogize if someone feels this it OT but I can't find an NG for Win 7. Regarding an "up-grade" from XP to 7. I OWN a stand alone ( not upgrade) retail copy of XP . I am going to build a new PC and retire my present one. I will be slaving my current hard drive to the new one so I can keep some of my files and have some extra storage. I want to install Win 7 on the new hard drive. Win XP will not be the bootable HD. I want to use Win 7 Pro Upgrade for my new OS and do a "clean" install. Does Win 7 verify the presence of Win XP by the ORIGINAL Win XP disc? (...

Win 2008 R2 File Server has "automatic" defrag every afternoon? NOT scheduled...
Hi all, I am getting an event log event 258 every afternoon at 2pm "Defrag analysis" on every drive on this W2K8 R2 box. The event is: "event 258" "The disk defragmenter successfully completed analysis on drivename (X:)" This is not the regular Defrag scheduled task, which I have set up to run on the weekends... This is a File Server and the time that this runs is in the afternoon when most users are runnig open files. I cannot find where to disable or reschedule this event. Does Anyone know about this? Thanks in advance! Hello ...

PS on Win Vista vs Win 2003
Hi Guys. If i run the following command on win Vista Get-ChildItem 'D:\FTP\public' -recurse | Where-Object {$_.PSIsContainer -eq $True} | Where-Object {$_.GetFiles().Count -eq 0} Everything works 100% and it list about 10 empty folders If i run the same command on windows 2003 it does not work, is there a difference? and it list every single folder. Why is that? GetFiles doesn't seem to have a dependency on a particular .NET version, but try this on your Windows 2003 Server in a few empty directories: PS>(get-item .).GetFiles().count Maybe there'...

Windows 7 FTP firewall
Hi, Setup a new client on W7 enterprise on a SBS 2003 ISA 2004 network. When I try to use Filezilla to upload some webpages it times out. Added filezilla to excluded programs on Windows firewall and opened port 21. Tried a different FTP program same problem. No joy. Another client running XP Pro works fine with Filezilla. Any suggestions would be welcomed. Thanks, Lyj Changing the firewall on W7 probably made no difference, since all outbound ports are open by default. Your problem probably lies with ISA. What does the realtime monitoring screen show in ISA? Have you inst...

access 2007 french / win vista home premium
Dear all, I have an application running on all access versions till now. However, this application has troubles running on access 2007 french, Windows Vista familial Premium french. The trouble occurs each time I set a control on a form with a control source expression beginning with "=", as for example: =IIf(DLookUp("[PSW1]";"Th�rapeutes";"[ID Th�rapeute]=Forms![Psw_Liste_Sec]![ID Th�rapeute]") =Generkey(Trim([Forms]![Menu G�n�ral]![Admin_1] &[NomT]));"Oui";"Non") In this case, the control value is not displayed, and &qu...

Win server crashes
Hi, We're dealing with a BOD and unexpected shutdown of a BL460 G5 server. All I get is the following error: The system has detected the following event: SNMP Trap: 18012 Date time: 12/10/2009 08:41:17 PM Computer: computer.domain.local Source: NIC Agents Type: Error Category: (5) Description: Details: Affected Adapter Slot 0 Affected Adapter Port 16 Could it be a driver issue or hardware? Any ideas what to look next? Regards, Miha Hello Miha, Doe...

win 7 64 bit blue screen error
can help me ,tnks Microsoft (R) Windows Debugger Version 6.11.0001.404 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\031110-33665-01.dmp] Mini Kernel Dump File: Only registers and stack trace are available Symbol search path is: SRV*c:\*http://msdl.microsoft.com/download/ symbols Executable search path is: Windows 7 Kernel Version 7600 MP (4 procs) Free x64 Product: WinNt, suite: TerminalServer SingleUserTS Built by: 7600.16385.amd64fre.win7_rtm.090713-1255 Machine Name: Kernel base = 0xfffff800`02a4d000 PsLoadedModul...

Win 7 Internet Explorer 8 error message on start up
when I open up IE 8 in windows 7 I get a message box that says "Your last browsing session closed unexpectedly. Do you want to restore your last session or go to your home page." This is not the case....I closed out Explorer in the normal fashion. What is causing this and how can I get this issue resolved??? Hi Eddy, You may have closed IE8 while a background process from one of your Addons was running. Make sure you have the latest versions of any Toolbar Addons installed, particularly the Google toolbar (must be v6 from toolbar.google.com). I have seen th...

ID of another process at Kernel level.....under win 98 environment
First of all I want to get the ID of another process.I want to do it at kernel level.I am writing a filter driver.PsGetCurrentProcessId() is available but its only for win2k onwards but not for win 98. plz suggest something. regds vinay ----- Vinay wrote: ---- First of all I want to get the ID of another process.I want to do it a kernel level.I am writing a filter driver.PsGetCurrentProcessId() i available but its only for win2k onwards but no for win 98 plz suggest something regd vina Hello http://ww...

Win.XP -Win.7 dual boot
I installed 7, now trying to install xp as a dual boot. I need to install SATA drivers via F6 during the XP install through Floopy Drive A. The problem is - I have no floppy drive. Do I have to go buy and install one? Is there a way around this? Now here is a weird side note....My Win 7 device manager says I DO have a floppy drive and its working properly, also "my Computer" shows I have one also. Whats up with that?? Thanks, Pat Pat Brown wrote: > I installed 7, now trying to install xp as a dual boot. I need to > install SATA drivers via F6 during...

Script to populate display name from Win AD?
Good afternoon, Would you happen to have a script to take the First Name and the Last Name in Windows AD 2003 Server to populate the Display Name in the profile? Would like to perform this across the domain for hundreds of users. Thank you, Bill Submitted via EggHeadCafe - Software Developer Portal of Choice Programming C# http://www.eggheadcafe.com/tutorials/aspnet/718b8580-cd75-4234-8764-db65bebbe8ad/programming-c.aspx "Bill Ewald" wrote in message news:2010111152931waepride@hotmail.com... > Good afternoon, > Would you happen to have a script to take the Fir...

OWA, IE8, and Win 7
I've successfully used Outlook Web Access for quite a while. Recently bought a machine running Windows 7, thus, IE 8. When I try to reply to a message or start a new message, there is no text box where I can type... Just greyed out with a red "X" in the upper left corner. The OWA site IS in my Trusted Sites. Pop-Up Blocker is OFF. I HAVE updated OWA's "S/MIME Control". Once I did that, I gained the ability to type a message in the box – but when I hit “Send”, it creates a fatal error in Internet Explorer either during or just after running the...

Missing Categories After Upgrade From XP to Win 7
I just updated to Win 7 from XP. I'm trying to overcome Microsoft's view of where to put things, which is VERY different to mine. For example, Outlook categories, where in my old system would those have been? It seems though I have all my contacts and THEIR individul categories, I've lost the "master list". What is the best way to recover the categories? Is there a way to recover the list by somehow rebuilding it from the 600 or so contacts I have and just creating it based on what I've used? Is there a way to find it from my copy of file from ...

SetTextColor() fails for Radio and Check controls on Win XP
We are using RadioButton and CheckBox controls derived from the MFC CButton class. The changing of the text color using SetTextColor() has worked for years on Win95, Win98, WinNT and Win2K systems. But, when running WinXP in "Windows XP style" the text is always black. Change to "Windows classic style" and the text is colored. Changing the background color and label text font work correctly on all versions Windows including XP. We have tried various combinations of message handling such as:: In OnChildNotify() detect WM_CTRLCOLORSTATIC At dialog level, in OnCt...

Cannot find ODBC driver for MS Access 2007 database on Win 7 64-bi
Hello. I've been trying to connect to a MS Access 2007 database through JDBC. My JDK is JDK 1.6u18 64-bit and OS is Windows 7 64-bit. But problem is I am unable to create a DSN using Windows\system32\odbcad32.exe because it doesn't show ODBC drivers for MS Access at all, it's only showing drivers for MS SQL Server. When tried to click on Configure for "MS Access Database" (which is an already created DSN, I guess), it first shows error message : "The setup routines for the Microsoft Access Drivers (*.mdb, *.accdb) ODBC Driver could not be found. P...