none
Windows Firewall damaged by 'Windows 7 antivirus 2012'

    问题

  • I run Windows 7. I think 64bit, not sure.

    I have been getting hit with a lot of rogue antiviruses and up till now have been fighting them off, but last night I was hit by a new rendition of "Windows 7 Antivirus 2012".

    I got a window saying explorer.exe wanted to make changes to my computer, I would tell it no and each time it would return. In between the constantly returning window I managed to open the task manager, find the process, and end the process. I then found the file and destroyed it with killbox.

    Everything seems to be back in working order now, except for the firewall. Every page in the control panel for windows firewall gives me an Administrator button that says use reccomended settings', when I click it it says it can't do that and gives me error 0x800705b4, which I understand to be an authentication error.

    The last time I had this I tried to reset my firewall with an admistrator command prompt, it would tell me it could not load wshelper.dll, so I did some stuff I cannot remember to reset my winsock and was then able to reset my firewall and all was good again.

    This time when I go into command.com and type 'netsh advfirewall reset' instead of the DLL message, I get 'An error occoured while attempting to contact the  Windows Firewall service. Make sure the service is running and try your request again'.

    In my attempts to fix this myself I have been to the device manager. I had it 'show hidden devices' and located my Windows Firewall Authorization driver. I found it had been stopped, and so I started it again. It currently says it is started, but nothing has changed functionally.

    I have been into Services as an Administrator; Windows Firewall is not there. I was also told to look for Windows Event Controller and Base Filtering Engine and they are not there either.

    I have done an administrator command promtp with sfc /scannow and the first time it said it had made changes and the second time it said everythign was alright but nothing functionally has changed.

    I have been told to enter the following command prompts and gotten - the following results

    netsh advfirewall reset - error stated above
    net start mpsdrv - The requested service has already been started
    net start bfe - The service name is invalid
    net start mpssvc - the service name is invalid
    regsvr32 firewallapi.dll - Popup window stating DllRegisterServer in firewallapi.dll succeeded

    no functional change after that.

    I have also been told to try:

    sc config wuauserv start= auto - [SC] ChangeServiceConfig SUCCESS
    sc config bits start= auto - [SC] ChangeServiceConfig SUCCESS
    sc config DcomLaunch start= auto - Access is denied.
    net stop wuauserv - The Windows Update service was stopped successfully.
    net start wuauserv - The Windows Update service was started successfully.
    net stop bits - The Backround Intelligent Transfer Service was stopped successfully.
    net start bits - The Backround Intelligent Transfer Service was started successfully.
    net start dcomlaunch - The requested service has already been started.

    I have also tried a system restore, but whatever is screwing with my firewall is also screwing with that an it will not complete successfully.

    A Windows XP thread steered me toward a file called, I believe, netfw.inf in my windir folder, related to the firewall. This does not seem to be on my Windows 7 machine and I have been unable to find the Windows 7 equivalent.

    So, it appears my firewall is gone, or just pretending to be. I fixxed it last time by making some correction to my winsock but I cannot seem to find the process I used for that. Additionally, Microsoft Security Essentials has dissapeared from my system tray, though otherwise seems to be working fine.

    I am confident that this can be fixxed without a wipe and reinstall. Please help.


    2011年12月8日 18:11

答案

  • Hi

    Make sure that PC is clean(free from zero access rootkit before trying this fixes)


    This firewall issue is commonly found on vista and windows 7 (64 BIT OS)

    It is recommended to contact malware removal forums to remove it first and try the fix

    Run the services repair tool by ESET

    http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

    Restart the PC.Firewall and critical missing services should work.

    Manual Fix

    Download both the registry files

    Windows firewall -  Firewall

    Base filtering engine -  BFE

    Launch them,You should get a UAC prompt now

    Click YES  & Restart your PC

    Now,Press Windows+ R key and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service

    If you still have this error

    Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.

    Download and launch this key,click YES

    Shared access

    give full control permission to this key similar to previous one

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

    Right click on it -permissions

    Click on Add and type

    Everyone and select Full control

    You should able to start firewall now

    You may also be missing security center windows defender ,BITS and windows update services

    Download

    Security center  -wscsvc

    Windows defender - windefend

    BITS    -  BITS

    Windows update  -  wuauserv

    Launch them and click YES when you get a UAC prompt

    Good luck



    2011年12月14日 23:49

全部回复

  • I think you need try to think of this as a virus problem rather the firewall.

    Virus is probably masking the applets in the control panel and you are not able to make the needed changes.

    I personally would start here:

    Regedit

    Navigate

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Look for suspicious files:

    For example "C:\Program Files (x86)\...." is probably fine.

    Anything coming from some other location like “c:\Temp\...” is not

    Note their location boot in safe mode and try to remove/uninstall or even delete the suspicious programs

     

    Then go to Trend Micro and run their free online scanner

    http://housecall.trendmicro.com/

    2011年12月9日 7:02
  • Brano is right, this sounds like a virus issue.  I have seen issues where Windows 7 2012 is actually a virus/malware.  Best thing to do is remove it from your computer.   Follow the instructions brano has provided.  I would also recommend going to the microsoft website and downloading and installing Microsoft Security Essentials. Its free and works great. 
    2011年12月10日 1:48
  • I looked there and did not see anything that did not seem to lead back to something relevant.

    I tracked one back to a folder containing a bunch of stuff like 'fwupdate.exe' but none of it would run.

    The trendmicro scanner found something and killed it but there was no change.

    I also used the trendmicro rootkit buster. It found something. The control panel probem is still there but my security essentials tray icon is back, so that is something.

    2011年12月10日 4:09
  • Update your computer with patches and updates.

    I would probably say clear your system restore points, because large number of viruses like to attack restore that way when you restore system files you restore the virus as well.

    2011年12月10日 4:42
  • Yes its a virus. Please follow the instruction at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fFakeRean to remove it.

    A snip from the same page:

    To remove/modify the changes that Win32/FakeRean has made to your computer, follow these steps:
    1. Click Start and then click Run.
    2. In the Open box, type explorer and then click OK.
    3. Navigate to the Windows directory (e.g. a typical path may be C:\Windows) and locate regedit.exe.
    4. Run Regedit:
      On Windows XP systems:
      Right-click on regedit.exe and select Run as. Uncheck "Protect my computer and data from unauthorized program activity" and click OK.

      On Windows 7 or Vista:
      Right-click on regedit.exe and select Run as administrator. Click Yes to accept the UAC prompt.
    5. Using Regedit, locate and then click on the following registry key:
      HKeyCurrentUser\Software\Classes (see example below)

    6. On the left panel, right-click on the following registry subkey:
      '.exe'
    7. Select Delete and then click OK.
    8. Locate and then click on the following registry key:
      HKeyCurrentUser\Software\Classes
    9. On the left panel, right-click on the following registry subkey:
      'secfile'
    10. Select Delete and then click OK.
    11. Close Registry Editor.
    2011年12月10日 5:17
  • I have already gone over the computer with MS Essentials and Malaware and other programs a dozen times so I am pretty sure the program itself is gone.

    I found the .exe registry keyand deleted that, but did not find secfile.

    I also found a registry key called 'exefile' with similar stuff in it to .exe, but Google refuses to properly search for it (go on, try it, you'll see what I mean). Should I delete that one as well?

    2011年12月10日 15:21
  • I  am not sure if that reg key should be the reason for Firewall/BFE not coming up.

    It looks like your bfe drivers registry keys are removed/infected by the virus. Can you check if HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE is present on your system? 

     

     

    2011年12月11日 3:03
  • helo, i'm having the exact same problem with my firewall after removing win 7 antivirus 2012. i've been following the steps in your conversation so far and have had the same results. i don't have the ...services/BFE files in my registry if that's of any use.
    2011年12月11日 6:40
  • Yea I'm having the exact same problems and do not have the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE in my registry.
    2011年12月11日 7:11
  • that registry folder is missing. there's also no registry for 'windows firewall' in there.

    As I said before, I feel is worth mentioning again, when I run 'Services', BFE and Windows Firewall are not listed.

    Since I think I solved this problem before with a wWinsock issue I also feel worth mentioning that in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ I have a 'Winsock' folder and a 'Winsock2' folder which seems odd.

    But yeah, overall it looks like my firewall is just gone. Or, hidden, maybe.

    2011年12月11日 22:47
  • A previous rogue antivirus hid a bunch of icons on my desktop. Could this have done the same to my firewall and such?
    2011年12月12日 15:56
  • I am having the same problem. I got rid of the virus, but it took out my firewall and probably some other services.

    2011年12月12日 23:04
  • As of now, the only way I am aware of to get firewall back is to Import BFE and Mpssvc registry key from some good Win7 machine having same SP level. This atleast worked for my machine.

    I would let you guys know If I find a better way of doing this.

    2011年12月13日 7:04
  • so how do we do that?
    2011年12月13日 9:11
  • Considering you've had this problem i would probably suggest restoring your machine using a windows image. Yes some may say this is an easy way out and it is. But once your machine has been restored use a good antivirus and be careful on-line.

    Prevention is the best cure.

     

    (Always backup your data).


    The answers/solutions that I provide are from personal experience. They are as is and come with no warranty.
    2011年12月13日 16:05
  • Agree with Ethan, system restore is a good option.  Changing registry key manually is always risky.

    @Malapterus: You can export Reg key from some good machine by going to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE regkey, Right Click and export it to Disk. it will store the file as <someName>.Reg. Take this file to affected machine, right click and Merge. this will create the BFE key. Similarly you can try for MPSSvc. You would need to add permission to these regkey, before you can actually start the service. Mail me and I can forward you the registry key dump I used, if you face any problem getting the regkey dump.

    To Add to permission: add NT Service\BFE  account bfe regkey permission and NT Service\MpsSvc to MPssvc reg key. Give these accounts full access.

     

    hope this helps.

     

    2011年12月14日 2:38
  • Hi

    Make sure that PC is clean(free from zero access rootkit before trying this fixes)


    This firewall issue is commonly found on vista and windows 7 (64 BIT OS)

    It is recommended to contact malware removal forums to remove it first and try the fix

    Run the services repair tool by ESET

    http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

    Restart the PC.Firewall and critical missing services should work.

    Manual Fix

    Download both the registry files

    Windows firewall -  Firewall

    Base filtering engine -  BFE

    Launch them,You should get a UAC prompt now

    Click YES  & Restart your PC

    Now,Press Windows+ R key and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service

    If you still have this error

    Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.

    Download and launch this key,click YES

    Shared access

    give full control permission to this key similar to previous one

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

    Right click on it -permissions

    Click on Add and type

    Everyone and select Full control

    You should able to start firewall now

    You may also be missing security center windows defender ,BITS and windows update services

    Download

    Security center  -wscsvc

    Windows defender - windefend

    BITS    -  BITS

    Windows update  -  wuauserv

    Launch them and click YES when you get a UAC prompt

    Good luck



    2011年12月14日 23:49
  • narenxp,

    Thank you.  Your reg files and permission fixed the firewall. I had the entries in the registry but no settings.

    This virus is a nasty one!

    Thanks to Malapterus for posting and starting this thread.

    Clean the virus/trojan first.  I started here which removed most of it.

    http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

    ended here with combofix getting the rest.

    http://forum.avast.com/index.php?topic=87119.0

    good luck everyone.

     

    2011年12月15日 3:54
  • Worked for me. Thanks.
    2011年12月15日 23:42
  • Hi

    Download both the registry files

    http://www.mediafire.com/?317ea53a883288d

    http://www.mediafire.com/?z6aw8j7997qa7j9

    Launch and import them to registry

    Restart your PC

    Now,open RUN and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service


    Good luck
    A restart was required for me after importing the registry entries.  After restart, i had BFE and Windows Firewall as running services again.  thanks for the help.
    2011年12月16日 2:15
  • Good day to you all.  I had the same problem and went through the steps however, my firewall was damaged or destroyed by this super nasty win 7 antivirus 2012.  Thankfully I followed this threads advice and removed it.  then I had no firewall.  I followed the advice from this thread  http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/0f4f6e47-afd3-45c7-8182-9487595270b1 .  Which was from Ron Vernon and now have my firewall back up and running.

    Hi

     

    The  Firewall Authorization Driver (mdsdrv.sys) is a protected windows system file. You can run the System File Checker tool and if the file is found to be corrupted, it will be replaced.

     

    Follow these steps carefully.

     

    Go to Start / All Programs / Accessories.

     

    Right click the 'Command Prompt' item and select the 'Run As Administrator' option.

    Click 'Continue' on the UAC prompt.

     

    In the command window type the following command.

     

    SFC /SCANNOW

     

    Press ENTER.

     

    This will take a few minutes to complete. Try not to use the computer while SFC is running.

     

    After the tool is finished, reboot the computer and check the Firewall options again.

     

    Let me know the results.

     


    If this post helps to resolve your issue, click the Mark as Answer or Helpful button at the top of this message.
    By marking a post as Answered, or Helpful you help others find the answer faster.

    Ronnie Vernon
    Microsoft MVP
    Windows Desktop Experience
    2011年12月16日 17:41
  • narenxp! that got my firewall going also!!!!!

    2011年12月17日 2:26
  • Hi

    Download both the registry files

    http://www.mediafire.com/?317ea53a883288d

    http://www.mediafire.com/?z6aw8j7997qa7j9

    Launch and import them to registry

    Restart your PC

    Now,open RUN and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service


    Good luck


    Hey bud, nice job on this fix, thanks for posting the registry keys.  I just want to make one correction.

    Rather than giving the everyone group full permissions on BFE, it is more proper to give permission to NT SERVICE\BFE on the parameters subkey.

     

    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters

     

    There are also other keys which might need to be checked if this does not work for you.  See this page for reference. http://blogs.technet.com/b/networking/archive/2011/06/14/the-windows-firewall-service-fails-to-start-registry-permissions.aspx

    2011年12月17日 7:45
  • Yeah, i have Microsoft Security Essentials and the rogue sure was keen enough to slide right past its defenses and make its way into MY PC... by the by, I check for updates on a regular basis. It did lock (pop up when I tried to open) my firewall settings, task manager, etc., just as mentioned above, however, with two other accounts on my PC, it didnt pop up on the others like it did on my account. I could access the Registry Editor, task manager, and all that but the firewall settings were locked. On my account I couldn't do a thing; no task manager, no registry editor. no control panel. First thing that came to mind was to delete my account and the files. I actually UNINSTALLED MSE and re-installed it. Then I performed a System Restore, which brought back my account and unlocked the firewall settings. i can access task manager, and the registry editor and i dont see any suspicious files or keys that might tell me of its presence. Seems like things are as they were before the infection, but I still dont trust my PC until I wipe it and re-install from scratch.
    2011年12月22日 2:15
  • Great help here!

    I believe I have the exact same problem as Malapterus.

     

    I would like to try the fix that Narenxp has posted, as it seems to have worked for others but I am running Win 7 32bit not 64. Will these registry entrys work for me? Will this fix work for me? I have successfully removed all traces of the virus and done a root kit scan which says it fixed 2 items. Everything except for my firewall seems to be fine now.

    So I hope this is the last step but is it safe for a 32bit machine?

    Thanks for your time everyone.


    • 已编辑 99Prowler 2011年12月22日 23:43
    2011年12月22日 23:40
  • It should work for 32bit machines as well, BFE and MPSSVC registry entries have no architecure specifc data.


    2011年12月22日 23:56
  • Thank you, for your quick reply. I will try it now.

    I'll be back and let you all know my results.

    Thanks Again

    2011年12月23日 0:38
  • Fixed, the whole process took 10 minutes.

    Thank you sooo much.

    Probably saved me having to fix my computer repair guys car for free.

    Now he will be paying me instead of the other way around.

    Happy Happy Joy Joy!!

    Thanks Again :)

    2011年12月23日 0:53
  • Thank you very much narenxp, I got my Notebook to work again :D

    Greetings from Germany, Everytime I got a problem I have to look up on english speaking websites ;)

    Wish ya @ a merry X-MAS and a happy new years eve!!!

     

    Thanks @ @ll!!!

     

     

    2011年12月25日 13:12

  • Win 7 Internet Security 2012 / Win 7 Home Security 2012./ Win 7 Anti Virus / Windows 7 Security 2012 all these are same spayware.

    If you are trying to remove this spyware, there are full instructions on how to do

    that manually at the link :

    http://123seminarsonly.com/Tips/007/Win-7-Internet-Security-2012.html


    http://www.easy2resolve.com/software-issues/remove-vista-security-2011-2012

    If you wish you can download and run Norton Bootable Recovery Tool (NBRT). It is a Free Tool.

     

     To fix the issue with the Firewall you have to do the follwong.

     

    1. Click the Start button, and then click All Programs > Accessories > Run.
    2. In the Run dialog box, type the following text:

      services.msc

    3. Click OK.

      If you receive the User Account Control prompt, click Yes or Continue.

    4. In the Services window, under the Name column, locate and double-click Base Filtering Engine.
    5. To the right of Startup type, verify that Automatic appears.

      If Startup type is not Automatic, then in the drop-down list, click Automatic.

    6. To the right of Service Status, verify that Started appears.

      If the Service status is not Started, then click Start.

    7. Click OK.
    8. Exit the Services window.
    9. Restart the computer.

     

    —————————————————————————————-

    If the above one is not working try the following registry Fix.

    Registry editing for Turn On the Base Filtering Engine.

    Download the fix for 64 Bit OS

    Download the fix for 32 Bit OS

    Save the file on your desktop.  Rename the file as  BFE.reg

    Open the Registry Run-->Type REGEDIT and press on Ok.

    Now you will get a Registry Editor. Click on the File Menu in the Registry Editor and press on Import. Locate the file BEF.reg on the desktop. Press on Open. –> Yes -> Ok.

     

    Now restart the computer. After that go to the registry once again and go to the location

    HKLM\System\Current control set\services\BFE

    Right Click  –> Permission  –>  Advance   –>  Add — > Everyone

    Now restart the computer. The issue will be fixed now.

    2011年12月27日 15:40
  • narenxp:
    You are my hero! Worked like a charm with my windows 7. I cringed at the thought of a clean install Thanks!!!
    2011年12月28日 1:40
  • Except it wiped my machines restore capabilities also.
    2011年12月28日 1:53
  • Thanks for the feedback here.

    Windows will no longer boot on my infected hard drive:

    I first installed PC Doctor (from something I was reading before I came across this post), and it seemed to put the virus into remission.  Then I completed all the steps provided by CrDev.  Then, I was getting through narenxp's steps (which I noticed the .exe registry showed back up after I imported the BFE registry) when I decided to foolishly delete PC Doctor from my machine after the first restart (I thought PC Doctor would have interfered).  As soon as I removed PC Doctor from my machine the virus began rapidly opening small warning windows which made me force a shutdown.  Then as I restarted, Windows wouldn't even boot.  I can't get any further than the black screen saying something like:

    "insert disc or choose boot option, pres esc to continue"

    And every key I press makes the same message drop on the screen again, and again, etc. 

    I can't even get far enough to open in SafeMode.  It simply doesn't recognize Windows.  This is incredibly frustrating - and I'm on a work deadline to top things off.

    Does anyone know what might have happened here?  It seems to have entirely taken out my C: drive ... I really do not want to have to reformat.  Any suggestions or advice would be EXTREMELY helpful.

    PLEASE HELP.

    2011年12月28日 3:17

  • Win 7 Internet Security 2012 / Win 7 Home Security 2012./ Win 7 Anti Virus / Windows 7 Security 2012 all these are same spayware.

    If you are trying to remove this spyware, there are full instructions on how to do

    that manually at the link :

    http://123seminarsonly.com/Tips/007/Win-7-Internet-Security-2012.html


    http://www.easy2resolve.com/software-issues/remove-vista-security-2011-2012

    If you wish you can download and run Norton Bootable Recovery Tool (NBRT). It is a Free Tool.

     

    Enable the Base Filtering Engine service

    1. Click the Start button, and then click All Programs > Accessories > Run.
    2. In the Run dialog box, type the following text:

      services.msc

    3. Click OK.

      If you receive the User Account Control prompt, click Yes or Continue.

    4. In the Services window, under the Name column, locate and double-click Base Filtering Engine.
    5. To the right of Startup type, verify that Automatic appears.

      If Startup type is not Automatic, then in the drop-down list, click Automatic.

    6. To the right of Service Status, verify that Started appears.

      If the Service status is not Started, then click Start.

    7. Click OK.
    8. Exit the Services window.
    9. Restart the computer.

     

    —————————————————————————————-

    If the above one is not working try the following registry Fix.

    Registry editing for Turn On the Base Filtering Engine.

    Download the fix for 64 Bit OS

    Download the fix for 32 Bit OS

    Save the file on your desktop.  Rename the file as  BFE.reg

    Open the Registry Run-->Type REGEDIT and press on Ok.

    Now you will get a Registry Editor. Click on the File Menu in the Registry Editor and press on Import. Locate the file BEF.reg on the desktop. Press on Open. –> Yes -> Ok.

     

    Now restart the computer. After that go to the registry once again and go to the location

    HKLM\System\Current control set\services\BFE

    Right Click  –> Permission  –>  Advance   –>  Add — > Everyone

    Now restart the computer. The issue will be fixed now.

    2011年12月29日 1:46
  • It really works guys ,

    I've been working on the problem of losing Firewall registry key for about a Week !! and I got nothing 

    But now Thank God and Thanks to U ,it is solved , and My Firewall is ON :D :D 

     

    and I just want to ask about something :
    Now I can turn on and off my Firewall but just from McAfee  "it doesn't bother me" , But for Knowledge if I uninstalled McAfee is it going to be uncontrolled again  ??
     
    And meany Thaaaanks  

    2011年12月29日 22:31
  • I did as above & BFE only started.I could not seen the windows FIrewall option.Also i cannot start ICS also.
    2011年12月30日 10:33
  • To Narenxp:

    This worked perfectly for me--a bazillion thanks!  I also ran Eset to do a virus scan and it picked up SEVEN viruses that AVG, Windows Malware and my beloved SpyBot all missed.  Hopefully all is well again.  All I know is that the firewall and networking are both back up and running again!  (And, in an associated matter, I got the printer running again, too, having to tick the checkbox for making IE the default browser.  Man, this virus/viruses really did a number on my machine and I thought I was going to have to wipe the drive and start over, which having installed some programs a number of years ago, would've been a pain in the arse, if not impossible, to re-install without buying them again.)  I appreciate your taking the time to post your clear instructions and for sharing your knowledge.  Best to you in 2012!  --Jaxon


    2012年1月4日 23:26
  • Just wanted to let everyone know that this guy narenxp is a genius! Been trying to come up with a fix for win firewall for a while now!! Thank you very much for sharing this fix!!
    2012年1月6日 14:09
  • Hi

    Download both the registry files

    http://www.mediafire.com/?317ea53a883288d

    http://www.mediafire.com/?z6aw8j7997qa7j9

    Launch and import them to registry

    Restart your PC

    Now,open RUN and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service


    Good luck
    wow thanks so much narenxp that fix worked great, fast, easy and effective.  You rock!!

     

     

    2012年1月7日 0:32
  • I tried narenxp's fix and when I download bfe.reg and firewall.reg, it just brings me to a bing.com search page for Windows Registry Editor Version 5.00. This is the page that is coming up in the secure download manager
    2012年1月8日 2:13
  • Thanks MadHatter01, this method worked perfectly for me,

    i had Microsoft Firewall and Security Center missing following a malware attack (Win 7 Security 2012) and the registry files made the trick.

    - Import registry files threw Regedit's menu (File>Import)

    - Also in Regedit

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc


    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    This step was necessary for me to get the Microsoft Firewall service (You still have to manually start it threw services.msc).

    2012年1月9日 13:05
  • The Technet page actually says to give permission to NT SERVICE\BFE on the Policy subkey.  This seems to be the case when compared with my working Windows 7 box.  Either way seems to work, though.


    2012年1月10日 20:57
  • i discovered a few days ago i was also having same issues. Started with sharing a network printer and that didnt work. then i went to start network discovery and every time i tunred it on it did not save the settings, it will reopen as  OFF. Also no windows firewall or base filtering in the services  panel. then onto to the  registry and under  services (as  stated above) the BFE and MpsSvc had  all default  values. So i exported  these 2 reg entries from my daughters PC  which  looked totally  healthy n  imported  into mines n that solved all of  the  issues  i was  having.

    im running  W7 ultimate w/SP1 64 bit,  i have  both files saved. If  some1 tells me how to upload them to a site i will gladly  try  to  help.

    I just kept reading on  all searches  i did that the OS  must  match or your pc wont boot.  so is import at ur own risk

    GL

     

    2012年1月14日 2:39
  • First and foremost I am shocked that these anti-virus programs and microsoft doesn't have easy fix for this awful virus that removes windows firewall. I think it removes it or hides it- don't know what it does though.

    My windows firewall was also damaged by that 2012 virus in December. Even if I didn't allow the virus to download it still was able to take over all my programs by not allowing me access. I was "supposed" to be protected by Mcafee but it did not do its job it seems. I ran a scan and it quarantined the virus. It still didn't allow me to have access to my control panel. So I downloaded malwarebytes and it found some stuff in my registry and removed it. I am clear of the virus but my windows security seems to be gone. 

    I went hours on end trying to figure out how to get it fixed. Microsoft fixes didn't do anything. I downloaded so much stuff from microsoft even Imagerepair which in the end says I have to pay to fix anything. Even to unistall Imagerepair was a pain.  I even removed Mcafee and installed Microsoft Security Essentials thinking it would fix it.

    Now I followed your directions to install those registry keys. Does that mean my old onews were removed by the virus? i want to know what that virus did? It looks like I am not the only one and we are not getting answers about this virus.

     

     I got stuck at the following step:

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service

    I can't see anything that says base filtering engine??

    Thanks!

    2012年1月14日 20:39
  • I agree with you, everything i tried  from MS did not fixed the issue.  it appears that what ever virusi might of picked up it destroyed/wiped out the entries for the services BFE and MpsSvc in the registry.  My entries had no values whatsoever. Once i imported  form  other  PC  they looked normal again.

     

    2012年1月16日 22:54
  • Man you are awesome, fabulous, simply gr8.......i was struggling for this like hell, nobody had a simple and proper solution, but u made it man...thanks a ton.....apna HINDUSTAN ZINDABAD....THANKS A TON once again.

    Take Care.

    Sahil

    2012年1月18日 20:23
  • Windows 7 Antivirus 2012 is not Windows Firewall, of course. This is the fake information presented by this malware. Have you tried using Malwarebytes Anti-Malware to remove it? I think this anti-virus really protects PCs quite well. Moreover, it is free to remove the threats, unlike many other security applications. Another free program you might consider is called Superantispyware. You may delete Win 7 Antivirus 2012 for free with its help too. But yo need to be careful - the virus would not let you do it. It would block your attempts to run anti-virus program. In order to execute it there is a good trick for you to apply - try launching the remover with Adminstrator's rights as described here -  http://www.deletevirus.net/win-7-antivirus-2012-scam-uninstall-tricks/

    Then, of course, make sure to install Microsoft Security Essentials to prevent further damage and infection on your computer.

    2012年1月19日 14:32
  • Thank you! This worked for me.
    2012年1月20日 1:25
  • Naren,

    I did your fix and even looked further down the page and found the BFE fix for x64 bit win 7. the BFE works fine, but my firewall still won't turn on. When I try to start it on services.msc it says "Error 1068: The dependency service or group failed to start." Can you help me resolve this issue? I have looked at all the other posts and tried giving the permissions as stated further down. Also, as a side note, on services windows defender has started but also states in the description area <Failed to Read the description. Error Code: 1168> I don't know if that has something to do with my situation or anything.
    2012年1月20日 12:10
  • Thanks so much this fixed my problem perfectly!
    2012年1月24日 15:31
  • I too Received this virus, Was able to get everything back except the action center icon is disabled where you turn on system icons, no way to turn it on. Any one have that too on Windows 7?
    2012年1月28日 19:19
  • Hey, I'm having a difficult time going through the process of downloading those two registries

    when i download them they do of course want to open as notepad,

    however I'm not sure how to rename them.

    after that I'm not even sure how to launch the registry file

     

     

    2012年1月29日 3:56
  • Right click on the files

    Select OPEN WITH

    Click on BROWSE

    Navigate to C:/WINDOWS

    select the file called REGEDIT and click ok

    You should get a UAC prompt now

    Good luck

     

    2012年1月29日 15:49
  • @wardamn

    Sorry for late reply

    You may be still infected by by zero access rootkit

    If you're sure that your PC is clean

    Uninstall your antivirus and try to start it

    If that doesnt work

    Go to RUN and type

    regedit and click ok

    Now navigate to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpsdrv


    Do you find this key? If yes

    Go to RUN and type

    devmgmt.msc and click ok

    Now On top,click on VIEW--Show hidden devices

    Now expand  Non plug and play drivers

    See if you have  Windows firewall authorization driver

    If you have it -Right click on it-Uninstall

    Restart your PC and try to start the firewall

    Good luck

     


    • 已编辑 narenxp 2012年1月29日 16:17
    2012年1月29日 15:53
  • Thx narenxp, I had same problem with the windows firewall cause by zero access rootkit:

    Couldn't turn firewall on in control panel and in McAfee antivirus,

    couldn't see the service in services.msc,  and I did what u posted and it works perfect now... great ty.

    2012年1月30日 18:54
  • Awesome info.

    I've been trapped for 10 days now.

    This fix worked after I downloaded and imported the registry files and restarted.

    Thanks a bunch!

    2012年2月2日 0:51
  • Thankyou! I had this issue for a while and decided to look into it, I found this and followed it precisely - it fixed the problem with the firewall, exellent.
    2012年2月4日 0:39
  • I have followed this thread to resolve the issue with the firewall. I am running Vista, but the issue is exactly the same. I have not seen a similar solution for Vista. Will the download and inclusion of the two registry updates work on Vista?
    2012年2月4日 4:10
  • I am yet one more happy customer of the thread. The download and incorporation of the reg files has solved all the issues, ..... bfe, firewall, security center, defender, and network discovery. Thanks to all who participate and assist with helping all of us resolve these issues! Ed
    2012年2月4日 20:50
  • Thank you very much Naren. Really appreciate the detailed steps and resolution.

    This fixed the issues that I was having.

    Regards,

    Parag

    2012年2月5日 2:15
  • Thank you so much this worked for me :) :)
    2012年2月10日 20:07
  • I had a similar problem with my windows firewall not showing in the Services.msc. I tried and tried to "use recomended settings" and got the error stated above. I followed your procedure here and IT WORKED!!!! Thank you so much! I know it was Win 7 Antivirus 2012 as this wasn't a problem until after I removed that blasted infection.

    Thank you so much for taking the time to post that!

    2012年2月14日 22:56
  • Finally, I found a solution that worked for me. Thank You nanrenXP. This was exactly what ended up working for me. Needed those 2 reg files and I was able to get it all worked out after that.
    2012年2月19日 15:20
  • I did all that, it got base filtering agent back on the list of services, but, it still won't start. I get error 183 when I try to start it. I think the file bfe.dll was corrupted by the virus. I have another copy from another computer but cann't replace it because it says I don't have permission. Help
    2012年3月7日 20:15
  • Thanks so much. It is work for me.
    2012年3月28日 13:34
  • Downloading .reg files and then restarting the mcahine after importing the registry keys worked. Thanks.
    2012年4月29日 0:41
  • Well all of the above got all of the services running again (BFE, Firewall, Security Center, Defender), but I am back to the original problem, where Network and Sharing Center is stuck at showing: "Identifying.... Network"  I can click on the NW icon and see all of the WorkGroup PCs but NO Internet.  This is a Vista 32Bit Home Prem. Version

    Tom

    2012年5月17日 2:47
  • Thank you a thousand times over for your post. I had been trying to remove this virus and get my firewall back for days. Even my Word Starter had disappeared...nasty virus! I came across this post and figured since I was taking my laptop into the repair guy on Monday, what the heck, I would try it. It worked!!! Thank you so much! I will be ultra careful from now on about clicking on something that says it's a virus scan. You probably saved me $100.
    2012年5月20日 4:00
  • just wanted to say thank you for solving my problem too!
    2012年5月24日 2:23
  • narenxp, I have tried all of the above and although some of the error codes are not now poping up I still cannot get Windows Firewall to work. This may be a clue to a unique situation. When I try to show dependencies in Services for most items (including BFE which is running and Windows Firewall, which is not running), if not all - haven'e tried all of them, I get an error window with "Win 32: The specified module could not be found". Any ideas as to what I can try next? BTW, this is an OME laptop with preinstalled Windows 7 and I upgraded it to Windows 7 Professional.
    2012年5月26日 2:27
  • What can I say, I just need to thank enormously the guy who wrote this article.  A life saver that allows me to do my job!  THANK you so much for this article.  It works all the way.
    2012年5月29日 6:18
  • I had the same problem on Win7 Ultimate, I think as a result of Zone Alarm prohibitions - no virus.  I could not share folders, although I could update.  This HELPED LOADS.  Thanks
    2012年6月7日 4:49
  • Thanks narenxp! I had the same errors but mine was caused by "DVD or CD Sharing for Mac" application which purged my Windows Firewall service. Never doing that again!


    ---------------- "You can run, but you cannot hide. It will find you!"

    2012年6月18日 21:14
  • These directions worked perfectly for me!! It was really simple and easy to follow...Microsoft and McAfee should pay you for this... they are both no help and had no idea as to how to fix this issue. Thank You sooooo much!!
    2012年7月20日 23:26
  • Hi

    Make sure that PC is clean(free from zero access rootkit before trying this fixes)


    This firewall issue is commonly found on vista and windows 7 (64 BIT OS)

    It is recommended to contact malware removal forums to remove it first and try the fix

    Download both the registry files

    Windows firewall -  Firewall

    Base filtering engine -  BFE

    Launch them,You should get a UAC prompt now

    Click YES  & Restart your PC

    Now,Press Windows+ R key and type

    regedit and click ok

    go to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

    Right click on it-permissions

    Click on ADD and type

    Everyone and click ok

    Now Click on Everyone

    Below you have permission for users

    Select full control and click ok

    Now,open RUN and type

    services.msc and click ok

    start base filtering engine service and then windows firewall service

    If you still have this error

    Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.

    Download and launch this key,click YES

    Shared access

    give full control permission to this key similar to previous one

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

    Right click on it -permissions

    Click on Add and type

    Everyone and select Full control

    You should able to start firewall now

    You may also be missing security center and windows defender services

    Download

    Security center  -wscsvc

    Windows defender - windefend

    Launch them and click YES when you get a UAC prompt

    Good luck

    THANK YOUUUUU!!! <3 YOU SOLVED MY PROBLEM :):):)
    2012年7月25日 17:43
  • Hey that did magic :) at last started the firewall service !!! thankyou verymuch :)
    2012年7月27日 8:25
  • thankyou wscvcv is my issue i have run that and will reboot!
    2012年8月1日 6:06
  • Hi narenxp,

    Thanks!!!

    I've tried so many things today, but the shared access part was new, and that did the trick for me!

    Sirefef/Live Security Premium has been a nightmare. I still can't get Windows Updates to work, but I'm one step closer!


    2012年8月1日 20:50
  • Hi narenxp,

    Thanks!!!

    I've tried so many things today, but the shared access part was new, and that did the trick for me!

    Sirefef/Live Security Premium has been a nightmare. I still can't get Windows Updates to work, but I'm one step closer!


    Yes you cant update unless you have BITS and windows update registry keys.I guess they are missing.I have attached the keys for BITS and windows update.Download and launch them.Restart the PC.You should be able to update.


    2012年8月2日 4:41
  • I would just like to take the time to thankyou for putting this information up,

    I have had this erro and have scanned my system with several Malware and regedit fix's after coming across this conflict on my system.

    All i might say with no succsess, However after following your steps i now have Windows firewall up and working again.

    ANyone following this which clearly has no protection download 3rd party firewall untill this is edited and scan using superanti spyware and malwarebytes on a full scan.

    theses are trials that i have seen but AVG and Panda Anti virus are freeware.

    So in summary thankyou kind sir and good luck everyone :-)

    DS Tony

    2012年8月2日 23:39
  • Thank you very much for this answer. It seems to have got me back where I'd hoped to be ... ie my windows firewall is now working again :)

    I am slightly concerned however, by the steps which have me granting full access to "everyone" to select portions of my registry.

    I wonder can you reassure me that this is ok, and that I should not now remove this access? Is this not leaving these areas open to further attack?--

    --

    Rory

    2012年8月7日 15:20
  • Is this the same Narenxp from bleepingcomputer?

    People who help others online for free do not get enough credit or thanks.  Thank you for your expert advice.

    I'm cleaning up a PC that a friend had infected with a variant of sirefef, and this solution is just what I was searching for.  If I wanted to educate myself on the ways of cornering and destroying malware so that I can help others where would you recommend I start?  I'm a hardware guy that knows a good deal about computers, but I am weak with programming.  Where do you send people wanting to learn more about IT security and anti-malware tactics?

    Many Thanks,

    hsteacher

    2012年8月8日 21:20
  • Is this the same Narenxp from bleepingcomputer?

    People who help others online for free do not get enough credit or thanks.  Thank you for your expert advice.

    I'm cleaning up a PC that a friend had infected with a variant of sirefef, and this solution is just what I was searching for.  If I wanted to educate myself on the ways of cornering and destroying malware so that I can help others where would you recommend I start?  I'm a hardware guy that knows a good deal about computers, but I am weak with programming.  Where do you send people wanting to learn more about IT security and anti-malware tactics?

    Many Thanks,

    hsteacher

    Yes,narenxp from BC and thankyou for your feedback.If you are interested in malware removal

    Check these links

    BC-http://www.bleepingcomputer.com/forums/topic86678.html

    Whatthetech-http://forums.whatthetech.com/index.php?showtopic=80368

    techguy.org - http://forums.techguy.org/site-comments-suggestions/574841-become-qualified-remove-malware.html

    spywareinfo-http://www.spywareinfoforum.com/index.php?showtopic=34

    Geekstogo-http://www.geekstogo.com/forum/Would-like-to-learn-to-fight-malware-t4817.html

    Techsupportforum-http://www.techsupportforum.com/forums/f50/please-read-before-applying-to-join-the-academy-294775.html

    Malware removal university-http://www.malwareremoval.com/university.php

    You may need to wait if there are no slots currently available(like bleepingcomputer)

    Programming is not a priority for learning malware removal.

    good luck

    2012年8月9日 7:21
  • Thanks! this worked perfect...! nothing better than that.!
    2012年8月10日 5:15
  • Thank you soooooo much you saved me a lot of woes thanks
    2012年8月19日 17:21
  • Hey Thanks!

    this resolves my Firewall Problem too.

    Ben

    Download both the registry files
    
    Windows firewall -  Firewall
    
    Base filtering engine -  BFE
    
    Download and launch Shared access


    • 已编辑 schrippe 2012年8月24日 5:53
    2012年8月24日 5:52
  • Thank you narenxp !!! Your reply was perfect.
    2012年9月8日 10:40
  • Thanks Guy,
    That's solved in my pc
    really thanks again.
    2012年9月14日 3:55
  • Thanks!

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    2012年9月18日 15:44
  • thank you i had the same problem and after hours of trying this is the first thing that worked

    2012年9月21日 17:13
  • How do I make sure my system is free of zero access
    rootkit?

    Thanks

    My firewall has also been corrupted by the FBI virus which is now cleaned by
    MS maleware removal and Malwarebytes. No virus files show but the damage to the
    firewall is there. It appears that I have NO firewall installed???

    Any help would be appreciated.

    2012年9月24日 13:31
  • How do I make sure my system is free of zero access
    rootkit?

    Thanks

    My firewall has also been corrupted by the FBI virus which is now cleaned by
    MS maleware removal and Malwarebytes. No virus files show but the damage to the
    firewall is there. It appears that I have NO firewall installed???

    Any help would be appreciated.

    Please go through the topic once.Solution has already been posted to fix firewall and critical windows services.

    2012年9月24日 13:58
  • Hi

    Make sure that PC is clean(free from zero access rootkit before trying this fixes)


    This firewall issue is commonly found on vista and windows 7 (64 BIT OS)

    It is recommended to contact malware removal forums to remove it first and try the fix

    Run the services repair tool by ESET

    http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

    Restart the PC.Firewall and critical missing services should work.


    dear friend.

    i registrated just to write this.

    i havent had a virus so i didnt try this out before it was my VERY last solution, i have now used around 8 hours on figuring out what was wrong and now finally the problem is solved.

    i had a similar problem to the OP (think it was exactly the same in the start but after 8 hours my mind is kinda fryied) i have tried everything in this thread and everything in several others (yer 8 hours is a long time, properly took me around two to locate exactly where the issue was, started out by not being able to get pinged by others. and not being able  to change the settings to allow it.)

    well this fixed the firewall issue and i can now actually start my services which are needed to change Anything :)

    so hopefully from here on out it will be durable to do the rest.

    i just wanted to add this so people should try this easy and fast fix first EVEN if you didnt had any vira from the start, since i tried everything else and nothing have worked besides this.

    tyvm

    2012年10月9日 2:40
  • Thank you, thank you, thank you!  I have been struggling with this problem for weeks.  Changing the shared access permissions to everyone did the trick.
    2012年10月25日 15:32
  • Thank you for the above advice that i came to by accident. For cross-reference purposes please look at the forum were i was having issues:

    Failure to configurate on reboot - v 6.1.7601 for current optional KP updates 

    http://social.technet.microsoft.com/Forums/en-US/w7itproperf/thread/9a3a8e3a-0522-4e1c-8abb-738554e6ec42


    Philip

    • 已建议为答案 paxmas.eu 2012年10月27日 16:40
    2012年10月27日 16:39
  • Thank you. This is absolutely the best fix that I have found for 64 Bit 7.
    2012年11月9日 0:44
  • Thanks for this advice. My Windows Update and Firewall had mysteriously stopped working on my laptop, and while no virus/malware was detected I suspect something like this caused the problem. I was able to get Windows Update working with advice from another link, but the ServicesRepair.exe file got Windows Firewall back on board. Much appreciated.
    2012年11月13日 8:41
  • Confirm that in Advanced System Properties | User Profiles (I accessed this by Right-click of mouse on COMPUTER when using Windows 7) has the appropriate number of profiles. I noticed that I had two unknown ones.

    Examine your HKEY_CURRENT_USER using the regedit command and delete (but take a back-up for risk control purposes) rougue keys. 


    Philip

    2012年11月15日 16:53
  • Tanks narenxp!I worked for me too! I've spent nearly a month looking for the solution
    2012年11月30日 21:27
  • thanx to everyone who contibuted to this page. helped me out alot . many thanx!!!!!!
    2013年1月21日 18:06
  • So in searching for 2 days for a solution. This is a solid one. Thanks you are great. How do I send coffee money? :)

    2013年6月13日 13:13
  • Wow... thats amazing... Worked perfect for me. Was struggling to fix it from nearly a month.

    Thanks naren.

    2013年7月14日 3:32
  • narenxp,

    I cannot thank you enough for posting this solution. After hours of fooling around with getting Windows Firewall to run again on my 64-bit Win7 system, I used the tool you recommended. Nothing else worked. This did the trick! THANK YOU! I clicked the link, and ran the utility from ESET. My Firewall is now working and running fine. Please note: I first ran Windows Defender Offline (booted from it after creating a CD on another, uninfected pc),which found six severe, active baddies on my system... did that first, then ran the utility below. Hope this helps others.

    ====

    Run the services repair tool by ESET

    http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

    Restart the PC.Firewall and critical missing services should work.

    ====

    2013年8月28日 15:14
  • Thank You Naren Bhai,

    My Problem was solved after using your fix..

    Can you pls send me your email id to my id:manojsingh.chauhan@outlook.com

    Thanks Again...

    2013年11月22日 2:27
  • Thanks for the feedback, that tool fixed my issue, when everything else I tried wouldn't.
    2014年1月20日 1:11