stevezygote
2007-03-11, 14:16
I've searched the Spybot S & D forums and can find nothing that specifically addresses this issue.
Saturday, yesterday, I noticed that my firewall had inexplicably been turned off. About a month ago I got a severe worm infection which hijacked my browser. I had become complacent and had let my guard down. What I didn't realize that at that time something had turned off my firewall then. Anyway, long and short of it was that I had to do a destructive reformat in order to get ride of the virus.
Now I notice that my firewall is being constantly turned off. F-Secure (marketed to me by my ISP as Shaw Secure) warns me of these attempts which I disallow. I did a full system scan with Microsoft's One Care System and it identified at least one serious issue but did not (that I can see) provide me with a report. I subsequentally did a "Shaw Secure" full system scan and it found nothing. I did a Spybot S & D scan and it gave me the report below...
I can't seem to turn my firewall back on. It states something about group policies. I am "owner" and have administrative rights on my XP Home Edition SP2 box. Every ten minutes or so I get a warning from Shaw Secure that a system change attempt is being made and I disallow it.
My next steps will be, among other things, to go to Microsoft's Update Site to see if I'm required any updates, although I have automatic updates turned on. If anyone can offer ANY insights, short of having to do a destructive reformat again, I'd be MOST appreciative.
--- Search result list ---
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\domainprofile\enablefirew all!=dword:1
Microsoft.WindowsSecurityCenter.FirewallDisabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\standardprofile\enablefir ewall!=dword:1
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
Microsoft.WindowsSecurityCenter.SP2Update: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2!=dw ord:0
Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2
Saturday, yesterday, I noticed that my firewall had inexplicably been turned off. About a month ago I got a severe worm infection which hijacked my browser. I had become complacent and had let my guard down. What I didn't realize that at that time something had turned off my firewall then. Anyway, long and short of it was that I had to do a destructive reformat in order to get ride of the virus.
Now I notice that my firewall is being constantly turned off. F-Secure (marketed to me by my ISP as Shaw Secure) warns me of these attempts which I disallow. I did a full system scan with Microsoft's One Care System and it identified at least one serious issue but did not (that I can see) provide me with a report. I subsequentally did a "Shaw Secure" full system scan and it found nothing. I did a Spybot S & D scan and it gave me the report below...
I can't seem to turn my firewall back on. It states something about group policies. I am "owner" and have administrative rights on my XP Home Edition SP2 box. Every ten minutes or so I get a warning from Shaw Secure that a system change attempt is being made and I disallow it.
My next steps will be, among other things, to go to Microsoft's Update Site to see if I'm required any updates, although I have automatic updates turned on. If anyone can offer ANY insights, short of having to do a destructive reformat again, I'd be MOST appreciative.
--- Search result list ---
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.AntiVirusOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\domainprofile\enablefirew all!=dword:1
Microsoft.WindowsSecurityCenter.FirewallDisabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windowsfirewall\standardprofile\enablefir ewall!=dword:1
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallOverride: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0
Microsoft.WindowsSecurityCenter.SP2Update: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2!=dw ord:0
Microsoft.WindowsSecurityCenter.UpdateDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start!=W=2