Author Topic: windows 8 firewall problems caused by bitcoin miner trojan  (Read 47359 times)

0 Members and 1 Guest are viewing this topic.

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #25 on: August 21, 2013, 05:44:33 am »
tried the *bat file - no luck

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #26 on: August 21, 2013, 11:34:58 am »
Quote
Ive changed the permissions - still no luck!  I noticed that in the users/groups box on the share access service sevices there was an entry with a figure of a person (not 2) with a red question mark and it was called  s-1-5-32-547   this seems strange because ive never created a user with that name.  in fact i should only have 1 user and 1 admin.

That normally shows the sid of an account that is no longer on the system, something the virus may have done. You can remove it. Also did you take owner ship of the keys as well?

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #27 on: August 21, 2013, 12:05:26 pm »
Hi,

How do I take ownership?

thanks

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #28 on: August 21, 2013, 12:10:04 pm »
Same way you take permissions, you will see another tab at the top :wink:

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #29 on: August 21, 2013, 12:21:25 pm »
no you got me on that one - i cant see any tab.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #30 on: August 21, 2013, 12:26:19 pm »
Sorry, forgot to say you have to click the advanced button :-)

That is also where you can tell it to apply the permissions to all sub keys :wink:

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #31 on: August 21, 2013, 12:56:19 pm »
hi,

i can see the advanced button, but in that screen i dont know what im doing - i dont really have that much know how in these things

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #32 on: August 22, 2013, 12:54:49 am »
Hi,

I have attached those files below.  Im going to try the *bat file again because i cant be sure i didn turn off norton - i think i did

I took a look at the FSS files and it seems to be OK. It also shows that the Firewall isn't running.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #33 on: August 22, 2013, 02:30:06 pm »
The firewall isnt running because of permissions error.

On Windows 8 my reset reg permissions is disabled because of the DRM in Windows 8 and if you touch certain reg keys the app store will break.

I am going to be updating the Windows repair tool to run the reg permissions on just the keys the firewall uses (This will be part of the Repair Firewall) and then that way this will still work for Windows 8 users.

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #34 on: August 23, 2013, 04:31:05 am »
When im in the advanced tab how do i take owndership?  Or will this be in the updated WR tool?

thanks

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #35 on: August 23, 2013, 11:45:43 pm »
I will have it int he update to the Windows repair tool, hoping to have an update out in a week or so. Right now working on an update to the reg backup, and then to the Windows repair.

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #36 on: August 24, 2013, 11:23:55 am »
ok ill wait for it and try it out and ill let you know what happens later on.  thanks for the time you spent on this

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #37 on: August 26, 2013, 06:52:21 pm »
Always happy to help :-)

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #38 on: September 06, 2013, 04:09:14 am »
hi,

ive got the new release but i cant remember which boxes need to be checked cos its only got three boxes checked at the moment

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #39 on: September 06, 2013, 08:22:44 am »
Delete the old log file, run WR with only two boxes ticked: "Repair Firewall" & "Restore Important Services". And post the new log file.

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #40 on: September 06, 2013, 01:49:39 pm »
ive attached the log below

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #41 on: September 06, 2013, 03:46:07 pm »
Windows firewall also uses WMI, just do all the repairs, make sure to do a reg backup first and see how it goes.

Make sure to use the new version 1.9.16

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #42 on: September 07, 2013, 05:56:58 am »
done all the repairs here's the log

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #43 on: September 07, 2013, 07:09:08 am »
@Pablo204: I see you ran all the repairs.
- Does your firewall work again like it did before ? Is the problem solved ?
- Open the folder with the WR log files. Are there're any *.txt files with "hkey_local_machine_services_" in the name of the file(s) ? If yes, then post them in this thread. The content of those files will show which permissions of what reg keys weren't reset.

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #44 on: September 07, 2013, 07:27:51 am »
hi,

Im not sure I know what you mean.  Do you mean the log file that is created after doing the repairs (the one attached to the previous email).  If so there is no mention of HKEY in there.

Thanks

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #45 on: September 07, 2013, 09:11:42 am »
There're a number of files in the WR log file folder. There's always the usual WR log file. (That's the one you attached to a previous post) But when some commands, used by WR, generate one or more other errors then those errors will show up in other, additional log files, located in that folder as well. These errors won't show up in the standard WR log file.

Do you have one or more of those additional files ? If so, then take all the files that have "_services_" in the name (!!!) of the files and attach them to your next post.

If you don't have two or more files, as described above, then I would assume your Firewall is back to normal. Is your Firewall, after running "Repair WMI", "Repair Firewall" & "Restore Important Services" now back to normal ?

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #46 on: September 08, 2013, 04:31:48 am »
yeah theres no other file there.  I downloaded Skype for Windows 8 in the store and it works fine.  Thanks very much the problem seems to be resolved.  Thanks for you time and help.  However there does seem to be a problem with some other apps downloaded from the store but they are non-essential things like a journey planner or something like that.  When I load them it just goes off the screen and back to the Windows App panel, if I click on it again the same thing happens the load page sflashes up but the automaticlly changes back to the app page.  But these things are not important things to me - maybe it is a different problem.  The main thing is that the firewall seems to be fixed and its allowing Skype to run.  Thanks

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #47 on: September 09, 2013, 11:44:59 am »
Good to hear the firewall is working again.

Was it the new version of the Windows repair or something else that got it working?

Shane

Offline pablo204

  • Newbie
  • *
  • Join Date: Aug 2013
  • Posts: 47
  • Karma: 0
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #48 on: September 09, 2013, 12:17:42 pm »
It was the new version  of Windows Repair.  Thanks very much for that!

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: windows 8 firewall problems caused by bitcoin miner trojan
« Reply #49 on: September 10, 2013, 09:30:32 am »
Excellent :-)

Shane