I've reinstalled XP on a customers computer (which is what they wanted) but firewall services keeps turning off.

Darkmatterx

Distinguished
Apr 8, 2003
574
7
19,015
Hi, I've reinstalled XP on a customers computer (which is what they wanted) but firewall services keeps turning off. If I put it to automatic and force start it its fine but when I reboot, or sometimes just give it some time it shows and disabled again. i know this sounds like a virus or malware but I haven't found one so far. using Avast and Malware Bytes, What should I do now?

Thanks
 
Solution
So, I get home and I already KNOW my USB key is infected at least a bit because the past 2 evenings Avast has caught 2 things trying to get onto my system. So instead of risking my system I pull out my previous system and hook it up and update Avast. I put my USB in and sure enough, the same 2 viruses try to get onto my PC and Avast smacks them down. But at this point I've seen enough of whats going on with my customers computer that I'm not convinced that's all there is, so I run a full complete, every possible option checked, scan on my USB key. End result?

147 infected files. How many different viruses? I didn't even bother to look. Avast was able to remove the viruses from most files without damaging them but some needed to be...
I wouldn't give up looking for malware, possibly a rootkit.
If you google offline USB bootable malware tools you'll see several sites that post lists of good offline malware scanners.

Try that approach.

Malware bytes Rootkit scanner
downloads.malwarebytes.org/file/mbar

 
Thanks I'll try those.

It also could be a corrupt file issue. I figured out AFTER the install that their CD ROM Drive was going south. I found out because I did an SFC/ Scannnow due to getting some relatively minor errors even after a fresh install and I had already ruled out the hard drive with a chkdsk /r that came back 100% error free (much to my surprise.) SFC would tell me it couldn't read a file every once and a while which I thought was because of errors on the CD. The (now long out of business) lazy ah heck that built there machine gave them a burned "backup" copy of XP as he called it. Yes it has a real key, which is really all that MS cares about but when the scan gave me problems I knew this was either 1. the CD, 2. the CD Drive, or 3, the memory. BTW, this guy who built it was SO lazy he didn't even put the 1 screw in the back of the case that would keep the motherboard tray from sliding. So whenever I would plug something into the back it would push the motherboard in... The solution was ONE screw in the back of the case that didn't even require one of the side panels to be removed. So I went with what was quickest for me so I hooked up one of my old CD ROM drives and never got the error msg again. But of course this was AFTER I had used the dying drive install Windows. Now that they have a working CD drive I'm going to also do another SFC /Scannnow and see if that fixes the issue. If it DOESN"T, do you guys know what files I might be able to copy over manually from the i386 folder on the CD to overwrite the possibly corrupt files that run that 1 service?

Thanks!

Edit: Also, I randomly get this error, "Procedure entry point strnlen could not be located in the dynamic link library msvcrt.dll"
 
Damn, they've given me a deadline of today. Can anyone tell me what file controls the firewall service? I could either copy it directly from the CD to the folder or use 7zip to hopefully get into the .cab file and then put the file in the right place.

Thanks
 
So, I get home and I already KNOW my USB key is infected at least a bit because the past 2 evenings Avast has caught 2 things trying to get onto my system. So instead of risking my system I pull out my previous system and hook it up and update Avast. I put my USB in and sure enough, the same 2 viruses try to get onto my PC and Avast smacks them down. But at this point I've seen enough of whats going on with my customers computer that I'm not convinced that's all there is, so I run a full complete, every possible option checked, scan on my USB key. End result?

147 infected files. How many different viruses? I didn't even bother to look. Avast was able to remove the viruses from most files without damaging them but some needed to be re-downloaded.

So I go over to the customers house and I already knew that nobody would be there, but I had permission to go in, so I turn on the monitor because I had left a virus scan to run over night with the 1 program I could find that was supposedly decent, and would work on XP, and without SSE2. Well nobody touched it but the scan was paused right near the beginning. It the PC was also running as slow as hell partly because it seemed like Panda was constantly scanning files in the background. So I had brought with me on my now clean, but about to be reinfected USB stick, the last ver of Avast that worked with my limitations. I copied it onto the desktop only to have one of the viruses delete not only it, but the one on my USB key... I tried Avasts boot time rescue disk but it wouldn't boot to it, possibly due to the lack of SSE2. For some reason the old ver of Avast, which I had installed on my main PC temporarily to make hopefully a boot disk that would work, wouldn't make a rescue disk. I kept getting an error. So I now have only 1 option left. A full wipe and reinstall with the internet cable unplugged and a clean USB key with SP2 and 3, and an XP ver of Avast Offline. I did all that but Avast Offline still had to download some files which irritated me to no end. Why even call it an offline installer!? So I had no choice but to plug the ethernet cord back in and hope I had a working Avast before something slipped through a crack in the wall. I lucked out and got it up and with updated definitions and nothing was turning the firewall off. So I start installing whatever updates weren't in SP3 and ran a quick scan which came back clean. After installing all the drivers and software as well as re-setting up their email account I made both a restore point and made a disk image. If you've read my other posts on this matter their 17 year old computer had a 2011 SSD in it which XP couldn't see without special drivers, which I couldn't install because I finally diagnosed that the floppy port on their MB was dead and later that the reason for errors in XP on the HDD and then a total collapse once I cloned to the SSD was because the CD Drive was dying. At first I thought it was because they had a burned copy of XP, but a real CD Key. I had a similar issue and Samsung told me that cloning can turn small errors in files that don't effect the OS into bigger errors that DO effect the OS. I still say that means that their software needs some more work, but that's just my opinion. So, I installed XP onto a HDD, did all the stuff I said above and before I made the restore point and disk image I also did a defrag. I had already done a chkdsk earlier in the week and it came back with 0 problems. So I clone it over, activate XP, install a couple other things and VIOLA! I'm @#(@&! DONE!

I mean it. I. AM. DONE.
Cooked.

Man what a project. (Actually, by the end it was more of a grudge match.)
 
Solution