Real dilemma disappearing Firewall!!! Has anyone ever experienced similar? Help app:)

Hi there,

This is a most unusual problem My Kerio Firewall disappeared completely after I booted up Windows. Not only had the shield disappeared from the taskbar but there were no references to the program anywhere. Even in Sunbelt program files no reference to the Firewall!!!

I am 100% certain that I had Process Guard configured (under protection protect from) to prevent either modification or termination. I'l let you know what I did to try to resolve the problem but first I must mention that noone else has access to my computer. There are no kids to change settings/delete etc. I did a file search and there was no references to Kerio and just the one empty Sunbelt folder. Even the references in PG (protection) to Kerio files were no longer there!!!.

I did the following:-

1.) Ran an offline virus scan with Nod32 (in depth analysis)
2.) Same again only with AVG (offline)
3.) Checked for malware/spyware doing a full sweep with Webroot SpySweeper/SpywareDoctor/Lavasoft Ad-aware/SpybotSearch and Destroy/and Windows Defender (beta)/Trojan Hunter.
4.) I ran three online scans in case there was any infection compromising my AV checkers/Spyware/Trojan blockers etc - I used Trend Micro/McAfee/Kaspersky for the full online scans.

Nothing anywhere showed anything - so its a real mystery how not only can icons diappear from the toolbar but the program is completely uninstalled and all references wiped??

Does anyone any suggestions. Has anyone ever experienced similar?

I have just reinstalled Kerio and double checked all settings.


Howard

 

zoril, i don't know if it has anything to do with what you experienced, but you could try running sysinternal's "rootkit revealer" and f-secure's "blacklight" to see if they detect any rootkits..

another program that is supposed to flag rootkits is greatis software's "unhackme".. supposedly, unhackme can clean rootkits that it detects..

here is the webpage for "rootkit revealer"

http://www.sysinternals.com/Utilities/RootkitRevealer.html

here is the webpage for "blacklight"

http://www.f-secure.com/blacklight/

here is the webpage for "unhackme"

http://www.greatis.com/unhackme/

 

Re: Real dilemma disappearing Firewall!!! Has anyone ever experienced similar? Help a

Hi Zoril.

I found a forum thread of some guy with similar prob,the advice given might be usefull for you.

http://forum.avast.com/index.php?PHPSESSID=93ca3c9207abc705964e6dc2bc8fe454&topic=19750.0

Hope you get it sorted out mate.

 

Re: Real dilemma disappearing Firewall!!! Has anyone ever experienced similar? Help a

Wow! that guy on the other forum surely was badly infected.
I hardly see Zoril how can you be that infected yourself if you have all those PG/RD/BOC/NOD32 etc... running and well configured.

Unless as pointed out by another member it's about a hidden rootkit.
Surprising also that it only target your firewall.

 

Firstly thanks a lot guys for replying. It is very much appreciated:-

Redwolfe - Hiya I have just downloaded the trial version of "Unhackme" from your link and will try it out now. I think the fact that it can remove the rootkit if that is the problem makes a big difference...

Tony:- I read that other blokes post. Hopefully my situation is not as serious!

F3X:- Maybe my problem can be resolved i can't think of anything else to try if this doesn't work. Formatting/reinstall is not an option for me as I have about 60/80 hours of work installing my programs on the computer...

I will post again to let you all know the result of running "Unhackme". Hopefully it will work - fingers,toes and everything else crossed

Howard

 

Hi

I downloaded "Unhackme" and also "F-Secure Blacklight(beta)"...
Both products seem to work slightly differently in detecting rootkits. Neither showed a problem with my system!!!!

I discovered a few minutes ago when
I rebooted that "Unhackme" was removed from my system!!!!

From that I can come to one of two conclusions. Either the supernatural is at work and some evil entity has taken a dislike to my computer, or else one or other existing program is wrongly seeing several of my security programs as a threat.

Bearing in mind that Kerio Firewall experienced similar, with the arsenal of virus checkers/spyware detectors/trojan detectors and now the two rootkit detectors, that I have, I am slowly moving away from the idea of a virus/trojan/malware or rootkit and thinking perhaps that one of my security applications is maybe acting too robustly - But which one?? The problem occurs from time to time on reboot. Error logs appear to show nothing..

Re Process Guard - for security programs I have all options enabled with the one exception "Auto block new and changed applications". In "Protection" all is ticked in other options and authorize too (with the exception of Secure Message handling) for my security applications.

Other programs that I have specific to processes/registry(excluding spyware/virus checkers/trojan detectors) are: - RegDefend/WindowsDefender(beta)/WinPatrol/Kerio Firewall/ and one other from Microsoft - Malicious Software Removal Tool (I can't find an uninstall option for that one) which I regularly scan with.

Your suggestions are very constructive. Any further feedback will be much appreciated....

Howard

 

Re: Real dilemma disappearing Firewall!!! Has anyone ever experienced similar? Help a

It will require some work but maybe uninstalling those programs and starting from scratch will find the problem.Just run Kerio for awhile, then add regdefend.If no problems, reinstall another.Just a thought.

 

Re: Real dilemma disappearing Firewall!!! Has anyone ever experienced similar? Help a

Hello,


You can also try these suggestions below if you like:

Try System restore the day when all was working 100% on your computer before Kerio vanished!,if you did not already do so.

And you might want to shut off Process Guard during this process and prevents any problems doing a system restore.On my XP2
not sure why, but it is the only way for me to get it to work without an error during system restore.And I do have them in my list of protected App's.


Also are you using the logging on and off option when you use your computer? Two Accounts,or just one?

Did you try to use regedit?

Try this below please if you have not,just a suggestion:

To do so, go to Start/Run and type regedit Press OK.

The Registry Editor window will open. In the left pane, click once on "My Computer", at the very top.

Go to Edit/Find and type in Kerio Click on "Search next".



You mean tell that me you have not one reference to your Kerio Firewall in your registry? Or UnHackMe that you just installed?

After this or right way you can go to this link

http://forum.emsisoft.com/Default.aspx?g=forum&c=1

And they will find your problem for you.Go to the section> a-squared HiJackFree Forum


They will ask for a HiJack this!Log from you,and a link to your log of HiJackFree Test,but you just might want to tell them your problem first in detail.You also have to Sign in,but it's free and they are very good at finding the root cause of your problem.

Keep us posted or if you have found what was shutting them down in the first place.

Good Luck!

 

Hiya Tobacco)

What you are saying makes sense but rather then uninstalling, maybe completely disabling them all then re-enabling, one at a time over a number of days might work similarly?

I might try that.... Howard

 

Hiya Kush

Some very good suggestions there - Re not finding entries for "Kerio" or "UnhackMe" it was just by searching manually find files/folders etc. I didn't search the registry using regedit at the time sadly.

I have the latest version of the program HijackThis (1.99.1) and have already checked that out - The log is all clear.

System restore failed for me. I was trying to find out the reason - specifically if it related to enabling/disabling install drivers/services under other options for services.exe!

Re my computer I have only the one account. I never use log off. I am the sole user/administrator. I am fairly new to WindowsXP Professional having used Windows 98se for a very long time I had a look in the registry just now but I guess it is a little like bolting the stable door after the horse has escaped.

I certainly would have needed to have used regedit immediately after the problem occured, but before I re-installed both programs. There are entries there now.

I will definitely keep you posted if I can determine the solution.

Much obliged for the advice,

Howard

 

Re: Real dilemma disappearing Firewall!!! Has anyone ever experienced similar? Help a

i dont know if this is similiar but at school when i want to save something on the comp i have to save it on ym network folder because if it put the file anyhwere else besides my network folder the file disapears but when i add it to my network its there again when i log in onto my comp

 

Re: Real dilemma disappearing Firewall!!! Has anyone ever experienced similar? Help a

On my school network, Deepfreeze is used on all of the computers. Something similar to this is probably used on your school computers, which accounts for the files being deleted on the computer, but not on the network.

For the Kerio issue, I would just try reinstalling the firewall and seeing if it will continue to work. Perhaps somebody used system restore or an app that does something similar on your computer keeping you in the dark about it?

Alphalutra1