I could use some advice with an annoying firewall problem on my home system. I have a machine running WinXP Pro SP1, and Norton Internet Security. I'm on cablemodem but there's a Linksys router between the modem and the computer (and another machine, a Mac). I have Windows firewall turned off, and Windows automatic updates turned off. I leave Norton's liveupdate turned on. For about a year this configuration has been working well for me - no problems. Well, for the past few months I've been mildly annoyed by the firewall popping up to let me know something outside is requesting a connection with my svchost.exe and do I want to block or permit it. I always say block because I know that even though this is a Windows utility, badguys frequently use windows utilities to do bad things. (Oh I always knew this was the case also because nothing *I* was doing needed svchost to connect to the net. Frequently this would pop up when the machine was idle. After several of these in a short period of time, I'd run Adaware to clean off the spyware that seemed to be triggering it.) I had already turned off many services that I knew I didn't need, and this weekend (after the real problem described below) my fiancee turned off more. Is there a good source out there that documents which Windows utilities are most often hijacked by worms/spambots? This is really frustrating because sometimes you can't tell if it's a legitimate access request when it's a Windows utility. Sometime this weekend I was busy on the machine when one of these popups happened. I too quickly clicked it away only to discover that I'd broken my firewall. It now refused to let any network traffic pass. After fussing with it, I believe I'd accidentally clicked not only on "Deny", but "always take this action" on the popup. I spent many hours fussing with the firewall trying to find the rule I'd accidentally made so I could delete it - to no avail. Ended up deleting all the rules I could find, thinking I'd just make it start over creating rules. Still couldn't access the net. I very carefully and methodically turned off each portion of the Internet Security program to try to figure out where the block was, and found that it's definitely the firewall. If I leave all the other parts turned on but the firewall off then I can access the net. Went to Norton's knowledge base and found the item that most closely matched my problem (can't access the network with firewall turned on). I followed it's suggestions for things to change and fix, none of them made a difference, until it ended up telling me that my problem was I "can't access the net with firewall turned off" which wasn't the case. So dead-end. Part of that process was running a program that supposedly reset the firewall to it's initial default settings, but didn't change a thing that I could see. I spent part of the weekend surfing and emailing with my firewall turned off. My fiancee claims that the router is an effective enough firewall that it should be ok. (I doubt this - it has a lame configuration interface as far as I can tell.) Noticed last night that the machine is constantly streaming data out the network connection, so I think it's been compromised into a spambot. I left the stinking thing turned off this morning before I went to work. So, unless you guys have better suggestions, here's what I plan to do. I hope you can help me fix it without this, though. I'm one of those people who customize my environment so I hate rebuilding the system because it takes so long.
- Uninstall and re-install NIS. (I hope I can do this without having to purchase a new subscription. I need to dig out the box, but when I renewed the sub two weeks ago, it said the number was only good for 30 days or something like that. I'm being sent on a 2-week biz trip so timing may be rough, if so.)
- Backup all my data and customizations. Wipe the disk and re-install my XP pro. I might also install SP2 at this point. (I was only waiting for any bugs to be found by everyone else!)
- Reinstall all my apps, NIS, and re-customize the machine. Do I hafta?
Are there any other precautions I should take to prevent this happening again?
Sharon