昨天我访问了某个网站,显然是通过某个Flash漏洞被感染了。Microsoft Security essentials立即启动,并显示了四个项目的警告。
> Trojan:Win64/Sirefef.B
> DDoS:Win32/Fareit.gen!A
> Rogue:Win32/FakeRean
> PWS:Win32/Karagany.A
我把它们都删了,我以为安全要领能在它造成任何伤害之前就抓住了感染。但今天发现Windows防火墙服务完全消失了,在控制面板中无法访问防火墙,"基础过滤引擎 “服务被标记为禁用。在进程资源管理器中看了一下,没有看到任何可疑的东西。额外的杀毒软件扫描也没发现什么。
问题:
-如何才能让我的防火墙重获新生?
-这些病毒还会破坏什么,我可以检查一下我是否受到影响?
我知道最好的办法是重新安装Windows或从备份中恢复。我想知道是否还有其他选择…
您可能应该运行Malware Bytes或SpyBot S&D来确保没有其他东西(恶意软件/间谍软件/广告软件)干扰您的系统。在eSet进行免费的在线扫描,以确保其全部消失,这可能是一个好主意。
一旦你知道系统是干净的,打开一个高位命令提示符并运行SFC /SCANNOW来运行系统文件检查。当它完成后,重新启动,看看你的防火墙服务是否恢复了。
如果SFC不起作用,你可以试试微软的这个【诊断】(http://support.microsoft.com/mats/windows_firewall_diagnostic/en-us)。
方法1:调用 “Setup API InstallHinfSection "函数安装Windows Firewall 要安装Windows Firewall,请按照以下步骤进行。
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command line, and then press ENTER:
Rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf
Restart Windows,
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER:
Netsh firewall reset
Click Start, click Run, type firewall.cpl, and then press ENTER. In the Windows Firewall dialog box, click On (recommended), and then click OK.
方法2:将Windows Firewall条目添加到注册表中 重要的是 本节、方法或任务包含了告诉你如何修改注册表的步骤。但是,如果您不正确地修改注册表,可能会出现严重的问题。因此,请确保您仔细遵循这些步骤。为了加强保护,在修改注册表之前,请先备份注册表。然后,如果出现问题,您可以恢复注册表。有关如何备份和恢复注册表的更多信息,请单击以下文章编号查看微软知识库中的文章。322756 如何在Windows中备份和恢复注册表
要将Windows防火墙条目添加到注册表中,请按照以下步骤操作。
Copy the following text into Notepad, and then save the file as Sharedaccess.reg:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"DependOnGroup"=hex(7):00,00
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00002cd0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\LEGACY_SHAREDACCESS\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
Double-click Sharedaccess.reg to merge the contents of this file into the registry and to create the Windows Firewall entry.
Restart Windows.
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER:
Netsh firewall reset
Click Start, click Run, type firewall.cpl, and then click OK.
Configure the Windows Firewall settings that you want to use.
如果这些方法不起作用,请重新安装Windows XP SP2。
在成功清除上述病毒后,如果你发现Windows防火墙无法工作,出现一些800错误。那么有可能是BFE、sharedaccess等依赖关系与防火墙服务一起被删除或损坏。
服务可以在从可靠的源头下载后重建,我相信 哔哔电脑 。重建服务后,他们可能无法启动,并抛出错误,如访问被拒绝。为此,你应该去hkey_local_machine\system\currentcontrolset\services\bfe&sharedaccess,给指定的用户添加权限。
或者你可以去 Firewall will not start on Windows 7 。
我看到一些被删除的答案提到了一些有用的东西
显然slhck建议使用Bleeping Computer的Windows Repair (All In One)
http://www.bleepingcomputer.com/download/windows-repair-all-in-one/
这对上位机有效。
还有人建议 http://heresjaken.com/windows-firewall-service-is-missing-in-windows-7/
那有一个可能是针对特定错误的注册修复,但它也提到了另一个叫远吧的哔哔电脑工具,似乎有两个。 http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ http://www.bleepingcomputer.com/download/farbar-service-scanner/ 。