All,
my firewall XP protection has been attaked by a trojan horse. I cannot restore and enable my Firewall XP again. If i try to restore my Firewall XP it says unable to retore due to an unknonw problem. I am running without firewall
Pls can you help me? many thx Alessandro
Take the box offline *immediately*. Backup your data, format and reinstall.
cu
59cobalt
You need to do quite a bit of security research fairly quickly. There are loads of AV apps and trojan removers about that might inform you about your problem. And there are loads of software firewalls about that might be installable and stop your trojan dialling out - perhaps it only messes with the useless XP FW... ?
You are in entirely the wrong group with your problem, you need to be in a security group of some kind, or on some web forum or other.
Here, these days, you are simply bait for a linux drone who will tell you to delete windoze.
If at all possible you stay offline until you can contain your problem and work out a solution.
You can try to reset the XP FW.
Yea, and next time run under a limited user account when online. Nothing can disable the firewall while under a limited user account.
Yeah, just like the magic fairies.
Why do you think it's useless? And various "software firewalls" aren't? Now, that doesn't make any sense at all.
Nah, that's not clear yet. The big question is: Did he run as a restricted user? If so, then it might be really just a configuration issue and the trojan horse was just coincidentially related.
Nah, you may reinstall Windows as well. In any case, if the system was compromised, reinstallation is unavoidable.
And the most common consequence of such an evaluation is: flatten and rebuild!
Because the win firewall doen´t monitor outgoing traffic its garbage.
Users that use the win firewall usually have no clue to work as a restricted user.
Just in case of a rootkit is a freh installatuon unavoidable.
Huh? I still don't get your argument.
Monitoring outgoing traffic on a host-based packet filter is pretty useless. That's why it actually does so, but has an internal default rule to permit any traffic, captures the states and permit related inbound traffic. For any other packet filter, you'd have to add such a rule explicitly as well, so there's no difference.
So why exactly do you think anything else than permitting all outgoing traffic would make any sense?
Actually that's one positive argument for Windows firewall: It doesn't spend any effort (code, processing power) on useless stuff.
Bullshit. Competent users choose Windows Firewall as well, exactly because they understand why it's a good alternative.
And a rootkit-like cloaking functionality in malware is the default assumption.
But they don't trust it, if they are competent, because of all the applications/malare that can punch holes in the Exceptions list without any warning to the user.
That is ILL advice and does NOT solve the problem.
If you want to monitor outgoing traffic: there's Port Reporter [1]. If you want to block outgoing traffic: that can't be done reliably on Windows. Not for a restricted user, and much less for an administrator.
But users who install other software firewalls do? Yeah, right.
The system is compromised [2,3]. What exactly makes you believe that no rootkit was installed? And if you can't be sure about that: why do you believe a reinstall was avoidable?
[1]Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.