Windows Firewall seems to have been broken on my machine

Running Windows 7.

I had some kind of trojan attack today. Malwarebytes Anti-Malware seems to have taken care of most of the problem. But Windows Firewall now seems to be on the blink. When I click on Windows Firewall in the Control Panel, there appears a message in the Contro Panel window that Windows Firewall isn’t using the recommended settings. It offers a button to reset the Firewall to recommended settings. But when I hit that button, it says 'Windows Firewall can’t change some of your settings" and as far as I can tell, nothing has changed at all.

As far as I can tell, the firewall isn’t active at all in fact, but I don’t see a way to reactivate it. I typed “services” in my search box in the start menu, and Windows Firewall appears nowhere in the list of services! I think my firewall has just been completely got rid of by the trojan, or something.

Can’t find any info online, though, about any way to simply re-install the thing. Any suggestions?

http://www.google.com/search?q=reenable+windows+7+firewall

Not sure if that will help.

Yes, I’ve already tried that. It sends me right back to the “recommended settings” dialogue and subsequent error message.

Like I said, there’s not even a Windows Firewall service listed in my services!

You might want to run the Microsoft Safety Scanner to see if there are any lurking nasties. http://www.microsoft.com/security/scanner/en-us/default.aspx

Running it now, though it appears to me to be the same scan as the one run by Microsoft Security Essentials, which I’ve already done.

The same trojan took over this morning. I don’t know if it’s lurking on my computer, or just re-infecting because my freaking firewall doesn’t exist anymore.

BTW here’s something creepy: I am afraid this thing came through via something claiming to be an Adobe Flash update. It had a signed certificate. But the trojan installation happened right after I said “yes” last night–and this morning, I got the very same Flash Update notice, and hit “no”–and the very same notice came up again immediately. It came back every time I hit “no,” almost making my computer unusable. It would only stop if I managed to quickly click on the start menu after clicking “no”. No idea why that would do the trick, but it worked several times. Anyway, though, after a thousand "no"s the trojan did eventually install itself anyway so the flash update might not have been the problem after all, but that’s certainly very strange behavior in the UAC that occured just before both trojan installations…

It’s probably not what you want to hear, but my advice is to reinstall Windows. I don’t think that you can easily (if at all) reinstall just the firewall, and who knows what else might be affected that you haven’t discovered yet?

Yes, backing up data, reinstalling the OS, reinstalling apps, and restoring data takes a while. But how long do you want to spend fighting this thing?

You might want to try using a restore point from before the Adobe “update” and see if that helps.

By the way, make sure your data is backed up already.

System Restore’s a great idea. (Assuming you’d enabled it – it’s off by default, more’s the pity.)

And, actually, no worries about that data. System Restore only acts on Windows settings and system files, it doesn’t affect your data.

Thanks for reminding me about system restore… I’ll just restore it back a few days and see if the firewall’s back. If not, I’ll try restoring it back quite a ways.

If that doesn’t work, I’ll have to go buy windows and install it. (Reinstallation disc disappeared long long ago.)

Hah, well shit. System Restore is on and active–but it only goes back as far as when I installed SP1. And I did that yesterday.

Can I, say, just use the firewall from Comodo Security and use MSE for everything else? Or would I have to switch all malware protection over to Comodo if I used any part of it?

My vote is, once you hopefully get back running, forget about Windows Firewall and get the free version of Zone Alarm. I’ve been using it continuously for nearly a decade and its never failed me. I’d use the c|net link rather than their website because they’ll do their best to get you to download, not the free version, but their paid - with a free 30 day trial - version. :smiley:

Thanks for this. When I used it last night, it found two Java trojans. Or something. It said the threat was ‘severe.’