I run Windows 7. I think 64bit, not sure.

I have been getting hit with a lot of rogue antiviruses and up till now have been fighting them off, but last night I was hit by a new rendition of "Windows 7 Antivirus 2012".

I got a window saying explorer.exe wanted to make changes to my computer, I would tell it no and each time it would return. In between the constantly returning window I managed to open the task manager, find the process, and end the process. I then found the file and destroyed it with killbox.

Everything seems to be back in working order now, except for the firewall. Every page in the control panel for windows firewall gives me an Administrator button that says use reccomended settings', when I click it it says it can't do that and gives me error 0x800705b4, which I understand to be an authentication error.

The last time I had this I tried to reset my firewall with an admistrator command prompt, it would tell me it could not load wshelper.dll, so I did some stuff I cannot remember to reset my winsock and was then able to reset my firewall and all was good again.

This time when I go into command.com and type 'netsh advfirewall reset' instead of the DLL message, I get 'An error occoured while attempting to contact the  Windows Firewall service. Make sure the service is running and try your request again'.

In my attempts to fix this myself I have been to the device manager. I had it 'show hidden devices' and located my Windows Firewall Authorization driver. I found it had been stopped, and so I started it again. It currently says it is started, but nothing has changed functionally.

I have been into Services as an Administrator; Windows Firewall is not there. I was also told to look for Windows Event Controller and Base Filtering Engine and they are not there either.

I have done an administrator command promtp with sfc /scannow and the first time it said it had made changes and the second time it said everythign was alright but nothing functionally has changed.

I have been told to enter the following command prompts and gotten - the following results

netsh advfirewall reset - error stated above
net start mpsdrv - The requested service has already been started
net start bfe - The service name is invalid
net start mpssvc - the service name is invalid
regsvr32 firewallapi.dll - Popup window stating DllRegisterServer in firewallapi.dll succeeded

no functional change after that.

I have also been told to try:

sc config wuauserv start= auto - [SC] ChangeServiceConfig SUCCESS
sc config bits start= auto - [SC] ChangeServiceConfig SUCCESS
sc config DcomLaunch start= auto - Access is denied.
net stop wuauserv - The Windows Update service was stopped successfully.
net start wuauserv - The Windows Update service was started successfully.
net stop bits - The Backround Intelligent Transfer Service was stopped successfully.
net start bits - The Backround Intelligent Transfer Service was started successfully.
net start dcomlaunch - The requested service has already been started.

I have also tried a system restore, but whatever is screwing with my firewall is also screwing with that an it will not complete successfully.

A Windows XP thread steered me toward a file called, I believe, netfw.inf in my windir folder, related to the firewall. This does not seem to be on my Windows 7 machine and I have been unable to find the Windows 7 equivalent.

So, it appears my firewall is gone, or just pretending to be. I fixxed it last time by making some correction to my winsock but I cannot seem to find the process I used for that. Additionally, Microsoft Security Essentials has dissapeared from my system tray, though otherwise seems to be working fine.

I am confident that this can be fixxed without a wipe and reinstall. Please help.

I think you need try to think of this as a virus problem rather the firewall.

Virus is probably masking the applets in the control panel and you are not able to make the needed changes.

I personally would start here:

Regedit

Navigate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Look for suspicious files:

For example "C:\Program Files (x86)\...." is probably fine.

Anything coming from some other location like “c:\Temp\...” is not

Note their location boot in safe mode and try to remove/uninstall or even delete the suspicious programs

 

Then go to Trend Micro and run their free online scanner

http://housecall.trendmicro.com/

• Proposed as answer by corriekranendonk Friday, February 20, 2015 8:35 PM
• Unproposed as answer by corriekranendonk Friday, February 20, 2015 8:38 PM

Brano is right, this sounds like a virus issue.  I have seen issues where Windows 7 2012 is actually a virus/malware.  Best thing to do is remove it from your computer.   Follow the instructions brano has provided.  I would also recommend going to the microsoft website and downloading and installing Microsoft Security Essentials. Its free and works great. 

• Proposed as answer by corriekranendonk Friday, February 20, 2015 8:36 PM
• Unproposed as answer by corriekranendonk Friday, February 20, 2015 8:36 PM

I looked there and did not see anything that did not seem to lead back to something relevant.

I tracked one back to a folder containing a bunch of stuff like 'fwupdate.exe' but none of it would run.

The trendmicro scanner found something and killed it but there was no change.

I also used the trendmicro rootkit buster. It found something. The control panel probem is still there but my security essentials tray icon is back, so that is something.

Update your computer with patches and updates.

I would probably say clear your system restore points, because large number of viruses like to attack restore that way when you restore system files you restore the virus as well.

Yes its a virus. Please follow the instruction at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fFakeRean to remove it.

A snip from the same page:

To remove/modify the changes that Win32/FakeRean has made to your computer, follow these steps:

1. Click Start and then click Run.
2. In the Open box, type explorer and then click OK.
3. Navigate to the Windows directory (e.g. a typical path may be C:\Windows) and locate regedit.exe.
4. Run Regedit:
   On Windows XP systems:
   Right-click on regedit.exe and select Run as. Uncheck "Protect my computer and data from unauthorized program activity" and click OK.
   
   On Windows 7 or Vista:
   Right-click on regedit.exe and select Run as administrator. Click Yes to accept the UAC prompt.
5. Using Regedit, locate and then click on the following registry key:
   HKeyCurrentUser\Software\Classes (see example below)
   
   
6. On the left panel, right-click on the following registry subkey:
   '.exe'
7. Select Delete and then click OK.
8. Locate and then click on the following registry key:
   HKeyCurrentUser\Software\Classes
9. On the left panel, right-click on the following registry subkey:
   'secfile'
10. Select Delete and then click OK.
11. Close Registry Editor.

I have already gone over the computer with MS Essentials and Malaware and other programs a dozen times so I am pretty sure the program itself is gone.

I found the .exe registry keyand deleted that, but did not find secfile.

I also found a registry key called 'exefile' with similar stuff in it to .exe, but Google refuses to properly search for it (go on, try it, you'll see what I mean). Should I delete that one as well?

I  am not sure if that reg key should be the reason for Firewall/BFE not coming up.

It looks like your bfe drivers registry keys are removed/infected by the virus. Can you check if HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE is present on your system? 

 

 

helo, i'm having the exact same problem with my firewall after removing win 7 antivirus 2012. i've been following the steps in your conversation so far and have had the same results. i don't have the ...services/BFE files in my registry if that's of any use.

Yea I'm having the exact same problems and do not have the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE in my registry.

that registry folder is missing. there's also no registry for 'windows firewall' in there.

As I said before, I feel is worth mentioning again, when I run 'Services', BFE and Windows Firewall are not listed.

Since I think I solved this problem before with a wWinsock issue I also feel worth mentioning that in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ I have a 'Winsock' folder and a 'Winsock2' folder which seems odd.

But yeah, overall it looks like my firewall is just gone. Or, hidden, maybe.

A previous rogue antivirus hid a bunch of icons on my desktop. Could this have done the same to my firewall and such?

I am having the same problem. I got rid of the virus, but it took out my firewall and probably some other services.

As of now, the only way I am aware of to get firewall back is to Import BFE and Mpssvc registry key from some good Win7 machine having same SP level. This atleast worked for my machine.

I would let you guys know If I find a better way of doing this.

so how do we do that?

Considering you've had this problem i would probably suggest restoring your machine using a windows image. Yes some may say this is an easy way out and it is. But once your machine has been restored use a good antivirus and be careful on-line.

Prevention is the best cure.

 

(Always backup your data).

Agree with Ethan, system restore is a good option.  Changing registry key manually is always risky.

@Malapterus: You can export Reg key from some good machine by going to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE regkey, Right Click and export it to Disk. it will store the file as <someName>.Reg. Take this file to affected machine, right click and Merge. this will create the BFE key. Similarly you can try for MPSSvc. You would need to add permission to these regkey, before you can actually start the service. Mail me and I can forward you the registry key dump I used, if you face any problem getting the regkey dump.

To Add to permission: add NT Service\BFE  account bfe regkey permission and NT Service\MpsSvc to MPssvc reg key. Give these accounts full access.

 

hope this helps.

 

Hi

Make sure that PC is clean(free from zero access rootkit before trying this fixes)

This firewall issue is commonly found on vista and windows 7 (64 BIT OS)

It is recommended to contact malware removal forums to remove it first and try the fix

Run the services repair tool by ESET

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Restart the PC.Firewall and critical missing services should work.

Manual Fix

Download both the registry files

Windows firewall -  Firewall

Base filtering engine -  BFE

Launch them,You should get a UAC prompt now

Click YES  & Restart your PC

Now,Press Windows+ R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

If you still have this error

Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.

Download and launch this key,click YES

Shared access

give full control permission to this key similar to previous one

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

Right click on it -permissions

Click on Add and type

Everyone and select Full control

You should able to start firewall now

You may also be missing security center windows defender ,BITS and windows update services

Download

Security center  -wscsvc

Windows defender - windefend

BITS    -  BITS

Windows update  -  wuauserv

Launch them and click YES when you get a UAC prompt

Good luck

• Proposed as answer by MadHatter01 Thursday, December 15, 2011 3:44 AM
• Marked as answer by Miya YaoModerator Wednesday, December 21, 2011 7:41 AM
• Edited by narenxp Monday, September 24, 2012 2:00 PM

narenxp,

Thank you.  Your reg files and permission fixed the firewall. I had the entries in the registry but no settings.

This virus is a nasty one!

Thanks to Malapterus for posting and starting this thread.

Clean the virus/trojan first.  I started here which removed most of it.

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

ended here with combofix getting the rest.

http://forum.avast.com/index.php?topic=87119.0

good luck everyone.

 

Worked for me. Thanks.

Hi

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service


Good luck

A restart was required for me after importing the registry entries.  After restart, i had BFE and Windows Firewall as running services again.  thanks for the help.

Good day to you all.  I had the same problem and went through the steps however, my firewall was damaged or destroyed by this super nasty win 7 antivirus 2012.  Thankfully I followed this threads advice and removed it.  then I had no firewall.  I followed the advice from this thread  http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/0f4f6e47-afd3-45c7-8182-9487595270b1 .  Which was from Ron Vernon and now have my firewall back up and running.

Hi

 

The  Firewall Authorization Driver (mdsdrv.sys) is a protected windows system file. You can run the System File Checker tool and if the file is found to be corrupted, it will be replaced.

 

Follow these steps carefully.

 

Go to Start / All Programs / Accessories.

 

Right click the 'Command Prompt' item and select the 'Run As Administrator' option.

Click 'Continue' on the UAC prompt.

 

In the command window type the following command.

 

SFC /SCANNOW

 

Press ENTER.

 

This will take a few minutes to complete. Try not to use the computer while SFC is running.

 

After the tool is finished, reboot the computer and check the Firewall options again.

 

Let me know the results.

 

If this post helps to resolve your issue, click the Mark as Answer or Helpful button at the top of this message.
By marking a post as Answered, or Helpful you help others find the answer faster.

narenxp! that got my firewall going also!!!!!

Hi

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service


Good luck

Hey bud, nice job on this fix, thanks for posting the registry keys.  I just want to make one correction.

Rather than giving the everyone group full permissions on BFE, it is more proper to give permission to NT SERVICE\BFE on the parameters subkey.

 

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
• 

 

There are also other keys which might need to be checked if this does not work for you.  See this page for reference. http://blogs.technet.com/b/networking/archive/2011/06/14/the-windows-firewall-service-fails-to-start-registry-permissions.aspx

Yeah, i have Microsoft Security Essentials and the rogue sure was keen enough to slide right past its defenses and make its way into MY PC... by the by, I check for updates on a regular basis. It did lock (pop up when I tried to open) my firewall settings, task manager, etc., just as mentioned above, however, with two other accounts on my PC, it didnt pop up on the others like it did on my account. I could access the Registry Editor, task manager, and all that but the firewall settings were locked. On my account I couldn't do a thing; no task manager, no registry editor. no control panel. First thing that came to mind was to delete my account and the files. I actually UNINSTALLED MSE and re-installed it. Then I performed a System Restore, which brought back my account and unlocked the firewall settings. i can access task manager, and the registry editor and i dont see any suspicious files or keys that might tell me of its presence. Seems like things are as they were before the infection, but I still dont trust my PC until I wipe it and re-install from scratch.

Great help here!

I believe I have the exact same problem as Malapterus.

 

I would like to try the fix that Narenxp has posted, as it seems to have worked for others but I am running Win 7 32bit not 64. Will these registry entrys work for me? Will this fix work for me? I have successfully removed all traces of the virus and done a root kit scan which says it fixed 2 items. Everything except for my firewall seems to be fine now.

So I hope this is the last step but is it safe for a 32bit machine?

Thanks for your time everyone.

• Edited by 99Prowler Thursday, December 22, 2011 11:43 PM

It should work for 32bit machines as well, BFE and MPSSVC registry entries have no architecure specifc data.

• Edited by CrDevMicrosoft employee Thursday, December 22, 2011 11:56 PM

Thank you, for your quick reply. I will try it now.

I'll be back and let you all know my results.

Thanks Again

Fixed, the whole process took 10 minutes.

Thank you sooo much.

Probably saved me having to fix my computer repair guys car for free.

Now he will be paying me instead of the other way around.

Happy Happy Joy Joy!!

Thanks Again :)

Thank you very much narenxp, I got my Notebook to work again :D

Greetings from Germany, Everytime I got a problem I have to look up on english speaking websites ;)

Wish ya @ a merry X-MAS and a happy new years eve!!!

 

Thanks @ @ll!!!

 

 

Win 7 Internet Security 2012 / Win 7 Home Security 2012./ Win 7 Anti Virus / Windows 7 Security 2012 all these are same spayware.

If you are trying to remove this spyware, there are full instructions on how to do

that manually at the link :

http://123seminarsonly.com/Tips/007/Win-7-Internet-Security-2012.html


http://www.easy2resolve.com/software-issues/remove-vista-security-2011-2012

If you wish you can download and run Norton Bootable Recovery Tool (NBRT). It is a Free Tool.

 

 To fix the issue with the Firewall you have to do the follwong.

 

Enable the Base Filtering Engine service

1. Click the Start button, and then click All Programs > Accessories > Run.
2. In the Run dialog box, type the following text:

   services.msc

3. Click OK.

   If you receive the User Account Control prompt, click Yes or Continue.

4. In the Services window, under the Name column, locate and double-click Base Filtering Engine.
5. To the right of Startup type, verify that Automatic appears.

   If Startup type is not Automatic, then in the drop-down list, click Automatic.

6. To the right of Service Status, verify that Started appears.

   If the Service status is not Started, then click Start.

7. Click OK.
8. Exit the Services window.
9. Restart the computer.

 

—————————————————————————————-

If the above one is not working try the following registry Fix.

Registry editing for Turn On the Base Filtering Engine.

Download the fix for 64 Bit OS

Download the fix for 32 Bit OS

Save the file on your desktop.  Rename the file as  BFE.reg

Open the Registry Run-->Type REGEDIT and press on Ok.

Now you will get a Registry Editor. Click on the File Menu in the Registry Editor and press on Import. Locate the file BEF.reg on the desktop. Press on Open. –> Yes -> Ok.

 

Now restart the computer. After that go to the registry once again and go to the location

HKLM\System\Current control set\services\BFE

Right Click  –> Permission  –>  Advance   –>  Add — > Everyone

Now restart the computer. The issue will be fixed now.

narenxp: You are my hero! Worked like a charm with my windows 7. I cringed at the thought of a clean install Thanks!!!

• Edited by thudpucker Wednesday, December 28, 2011 1:42 AM

Except it wiped my machines restore capabilities also.

Thanks for the feedback here.

Windows will no longer boot on my infected hard drive:

I first installed PC Doctor (from something I was reading before I came across this post), and it seemed to put the virus into remission.  Then I completed all the steps provided by CrDev.  Then, I was getting through narenxp's steps (which I noticed the .exe registry showed back up after I imported the BFE registry) when I decided to foolishly delete PC Doctor from my machine after the first restart (I thought PC Doctor would have interfered).  As soon as I removed PC Doctor from my machine the virus began rapidly opening small warning windows which made me force a shutdown.  Then as I restarted, Windows wouldn't even boot.  I can't get any further than the black screen saying something like:

"insert disc or choose boot option, pres esc to continue"

And every key I press makes the same message drop on the screen again, and again, etc. 

I can't even get far enough to open in SafeMode.  It simply doesn't recognize Windows.  This is incredibly frustrating - and I'm on a work deadline to top things off.

Does anyone know what might have happened here?  It seems to have entirely taken out my C: drive ... I really do not want to have to reformat.  Any suggestions or advice would be EXTREMELY helpful.

PLEASE HELP.

Win 7 Internet Security 2012 / Win 7 Home Security 2012./ Win 7 Anti Virus / Windows 7 Security 2012 all these are same spayware.

If you are trying to remove this spyware, there are full instructions on how to do

that manually at the link :

http://123seminarsonly.com/Tips/007/Win-7-Internet-Security-2012.html


http://www.easy2resolve.com/software-issues/remove-vista-security-2011-2012

If you wish you can download and run Norton Bootable Recovery Tool (NBRT). It is a Free Tool.

 

Enable the Base Filtering Engine service

1. Click the Start button, and then click All Programs > Accessories > Run.
2. In the Run dialog box, type the following text:

   services.msc

3. Click OK.

   If you receive the User Account Control prompt, click Yes or Continue.

4. In the Services window, under the Name column, locate and double-click Base Filtering Engine.
5. To the right of Startup type, verify that Automatic appears.

   If Startup type is not Automatic, then in the drop-down list, click Automatic.

6. To the right of Service Status, verify that Started appears.

   If the Service status is not Started, then click Start.

7. Click OK.
8. Exit the Services window.
9. Restart the computer.

 

—————————————————————————————-

If the above one is not working try the following registry Fix.

Registry editing for Turn On the Base Filtering Engine.

Download the fix for 64 Bit OS

Download the fix for 32 Bit OS

Save the file on your desktop.  Rename the file as  BFE.reg

Open the Registry Run-->Type REGEDIT and press on Ok.

Now you will get a Registry Editor. Click on the File Menu in the Registry Editor and press on Import. Locate the file BEF.reg on the desktop. Press on Open. –> Yes -> Ok.

 

Now restart the computer. After that go to the registry once again and go to the location

HKLM\System\Current control set\services\BFE

Right Click  –> Permission  –>  Advance   –>  Add — > Everyone

Now restart the computer. The issue will be fixed now.

It really works guys ,

I've been working on the problem of losing Firewall registry key for about a Week !! and I got nothing 

But now Thank God and Thanks to U ,it is solved , and My Firewall is ON :D :D 

 

and I just want to ask about something :
Now I can turn on and off my Firewall but just from McAfee  "it doesn't bother me" , But for Knowledge if I uninstalled McAfee is it going to be uncontrolled again  ??
 
And meany Thaaaanks  

I did as above & BFE only started.I could not seen the windows FIrewall option.Also i cannot start ICS also.

To Narenxp:

This worked perfectly for me--a bazillion thanks!  I also ran Eset to do a virus scan and it picked up SEVEN viruses that AVG, Windows Malware and my beloved SpyBot all missed.  Hopefully all is well again.  All I know is that the firewall and networking are both back up and running again!  (And, in an associated matter, I got the printer running again, too, having to tick the checkbox for making IE the default browser.  Man, this virus/viruses really did a number on my machine and I thought I was going to have to wipe the drive and start over, which having installed some programs a number of years ago, would've been a pain in the arse, if not impossible, to re-install without buying them again.)  I appreciate your taking the time to post your clear instructions and for sharing your knowledge.  Best to you in 2012!  --Jaxon

• Proposed as answer by Madtown Jaxon Wednesday, January 04, 2012 11:26 PM
• Unproposed as answer by Madtown Jaxon Thursday, January 05, 2012 2:22 AM
• Edited by Madtown Jaxon Thursday, January 05, 2012 2:23 AM

Just wanted to let everyone know that this guy narenxp is a genius! Been trying to come up with a fix for win firewall for a while now!! Thank you very much for sharing this fix!!

Hi

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service


Good luck

wow thanks so much narenxp that fix worked great, fast, easy and effective.  You rock!!

 

 

I tried narenxp's fix and when I download bfe.reg and firewall.reg, it just brings me to a bing.com search page for Windows Registry Editor Version 5.00. This is the page that is coming up in the secure download manager

Thanks MadHatter01, this method worked perfectly for me,

i had Microsoft Firewall and Security Center missing following a malware attack (Win 7 Security 2012) and the registry files made the trick.

- Import registry files threw Regedit's menu (File>Import)

- Also in Regedit

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

This step was necessary for me to get the Microsoft Firewall service (You still have to manually start it threw services.msc).

The Technet page actually says to give permission to NT SERVICE\BFE on the Policy subkey.  This seems to be the case when compared with my working Windows 7 box.  Either way seems to work, though.

i discovered a few days ago i was also having same issues. Started with sharing a network printer and that didnt work. then i went to start network discovery and every time i tunred it on it did not save the settings, it will reopen as  OFF. Also no windows firewall or base filtering in the services  panel. then onto to the  registry and under  services (as  stated above) the BFE and MpsSvc had  all default  values. So i exported  these 2 reg entries from my daughters PC  which  looked totally  healthy n  imported  into mines n that solved all of  the  issues  i was  having.

im running  W7 ultimate w/SP1 64 bit,  i have  both files saved. If  some1 tells me how to upload them to a site i will gladly  try  to  help.

I just kept reading on  all searches  i did that the OS  must  match or your pc wont boot.  so is import at ur own risk

GL

 

First and foremost I am shocked that these anti-virus programs and microsoft doesn't have easy fix for this awful virus that removes windows firewall. I think it removes it or hides it- don't know what it does though.

My windows firewall was also damaged by that 2012 virus in December. Even if I didn't allow the virus to download it still was able to take over all my programs by not allowing me access. I was "supposed" to be protected by Mcafee but it did not do its job it seems. I ran a scan and it quarantined the virus. It still didn't allow me to have access to my control panel. So I downloaded malwarebytes and it found some stuff in my registry and removed it. I am clear of the virus but my windows security seems to be gone. 

I went hours on end trying to figure out how to get it fixed. Microsoft fixes didn't do anything. I downloaded so much stuff from microsoft even Imagerepair which in the end says I have to pay to fix anything. Even to unistall Imagerepair was a pain.  I even removed Mcafee and installed Microsoft Security Essentials thinking it would fix it.

Now I followed your directions to install those registry keys. Does that mean my old onews were removed by the virus? i want to know what that virus did? It looks like I am not the only one and we are not getting answers about this virus.

 

 I got stuck at the following step:

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

I can't see anything that says base filtering engine??

Thanks!

I agree with you, everything i tried  from MS did not fixed the issue.  it appears that what ever virusi might of picked up it destroyed/wiped out the entries for the services BFE and MpsSvc in the registry.  My entries had no values whatsoever. Once i imported  form  other  PC  they looked normal again.

 

Man you are awesome, fabulous, simply gr8.......i was struggling for this like hell, nobody had a simple and proper solution, but u made it man...thanks a ton.....apna HINDUSTAN ZINDABAD....THANKS A TON once again.

Take Care.

Sahil

Windows 7 Antivirus 2012 is not Windows Firewall, of course. This is the fake information presented by this malware. Have you tried using Malwarebytes Anti-Malware to remove it? I think this anti-virus really protects PCs quite well. Moreover, it is free to remove the threats, unlike many other security applications. Another free program you might consider is called Superantispyware. You may delete Win 7 Antivirus 2012 for free with its help too. But yo need to be careful - the virus would not let you do it. It would block your attempts to run anti-virus program. In order to execute it there is a good trick for you to apply - try launching the remover with Adminstrator's rights as described here -  http://www.deletevirus.net/win-7-antivirus-2012-scam-uninstall-tricks/

Then, of course, make sure to install Microsoft Security Essentials to prevent further damage and infection on your computer.

Thank you! This worked for me.

Naren,

I did your fix and even looked further down the page and found the BFE fix for x64 bit win 7. the BFE works fine, but my firewall still won't turn on. When I try to start it on services.msc it says "Error 1068: The dependency service or group failed to start." Can you help me resolve this issue? I have looked at all the other posts and tried giving the permissions as stated further down. Also, as a side note, on services windows defender has started but also states in the description area <Failed to Read the description. Error Code: 1168> I don't know if that has something to do with my situation or anything.

Thanks so much this fixed my problem perfectly!

I too Received this virus, Was able to get everything back except the action center icon is disabled where you turn on system icons, no way to turn it on. Any one have that too on Windows 7?

Hey, I'm having a difficult time going through the process of downloading those two registries

when i download them they do of course want to open as notepad,

however I'm not sure how to rename them.

after that I'm not even sure how to launch the registry file

 

 

Right click on the files

Select OPEN WITH

Click on BROWSE

Navigate to C:/WINDOWS

select the file called REGEDIT and click ok

You should get a UAC prompt now

Good luck

 

@wardamn

Sorry for late reply

You may be still infected by by zero access rootkit

If you're sure that your PC is clean

Uninstall your antivirus and try to start it

If that doesnt work

Go to RUN and type

regedit and click ok

Now navigate to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpsdrv


Do you find this key? If yes

Go to RUN and type

devmgmt.msc and click ok

Now On top,click on VIEW--Show hidden devices

Now expand  Non plug and play drivers

See if you have  Windows firewall authorization driver

If you have it -Right click on it-Uninstall

Restart your PC and try to start the firewall

Good luck

 

• Edited by narenxp Sunday, January 29, 2012 4:17 PM

Thx narenxp, I had same problem with the windows firewall cause by zero access rootkit:

Couldn't turn firewall on in control panel and in McAfee antivirus,

couldn't see the service in services.msc,  and I did what u posted and it works perfect now... great ty.

Awesome info.

I've been trapped for 10 days now.

This fix worked after I downloaded and imported the registry files and restarted.

Thanks a bunch!

Thankyou! I had this issue for a while and decided to look into it, I found this and followed it precisely - it fixed the problem with the firewall, exellent.

I have followed this thread to resolve the issue with the firewall. I am running Vista, but the issue is exactly the same. I have not seen a similar solution for Vista. Will the download and inclusion of the two registry updates work on Vista?

I am yet one more happy customer of the thread. The download and incorporation of the reg files has solved all the issues, ..... bfe, firewall, security center, defender, and network discovery. Thanks to all who participate and assist with helping all of us resolve these issues! Ed

Thank you very much Naren. Really appreciate the detailed steps and resolution.

This fixed the issues that I was having.

Regards,

Parag

Thank you so much this worked for me :) :)

I had a similar problem with my windows firewall not showing in the Services.msc. I tried and tried to "use recomended settings" and got the error stated above. I followed your procedure here and IT WORKED!!!! Thank you so much! I know it was Win 7 Antivirus 2012 as this wasn't a problem until after I removed that blasted infection.

Thank you so much for taking the time to post that!

Finally, I found a solution that worked for me. Thank You nanrenXP. This was exactly what ended up working for me. Needed those 2 reg files and I was able to get it all worked out after that.

I did all that, it got base filtering agent back on the list of services, but, it still won't start. I get error 183 when I try to start it. I think the file bfe.dll was corrupted by the virus. I have another copy from another computer but cann't replace it because it says I don't have permission. Help

Thanks so much. It is work for me.

Downloading .reg files and then restarting the mcahine after importing the registry keys worked. Thanks.

Well all of the above got all of the services running again (BFE, Firewall, Security Center, Defender), but I am back to the original problem, where Network and Sharing Center is stuck at showing: "Identifying.... Network"  I can click on the NW icon and see all of the WorkGroup PCs but NO Internet.  This is a Vista 32Bit Home Prem. Version

Tom

Thank you a thousand times over for your post. I had been trying to remove this virus and get my firewall back for days. Even my Word Starter had disappeared...nasty virus! I came across this post and figured since I was taking my laptop into the repair guy on Monday, what the heck, I would try it. It worked!!! Thank you so much! I will be ultra careful from now on about clicking on something that says it's a virus scan. You probably saved me $100.

just wanted to say thank you for solving my problem too!

narenxp, I have tried all of the above and although some of the error codes are not now poping up I still cannot get Windows Firewall to work. This may be a clue to a unique situation. When I try to show dependencies in Services for most items (including BFE which is running and Windows Firewall, which is not running), if not all - haven'e tried all of them, I get an error window with "Win 32: The specified module could not be found". Any ideas as to what I can try next? BTW, this is an OME laptop with preinstalled Windows 7 and I upgraded it to Windows 7 Professional.

What can I say, I just need to thank enormously the guy who wrote this article.  A life saver that allows me to do my job!  THANK you so much for this article.  It works all the way.

I had the same problem on Win7 Ultimate, I think as a result of Zone Alarm prohibitions - no virus.  I could not share folders, although I could update.  This HELPED LOADS.  Thanks

Thanks narenxp! I had the same errors but mine was caused by "DVD or CD Sharing for Mac" application which purged my Windows Firewall service. Never doing that again!

These directions worked perfectly for me!! It was really simple and easy to follow...Microsoft and McAfee should pay you for this... they are both no help and had no idea as to how to fix this issue. Thank You sooooo much!!

Hi

Make sure that PC is clean(free from zero access rootkit before trying this fixes)

This firewall issue is commonly found on vista and windows 7 (64 BIT OS)

It is recommended to contact malware removal forums to remove it first and try the fix

Download both the registry files

Windows firewall -  Firewall

Base filtering engine -  BFE

Launch them,You should get a UAC prompt now

Click YES  & Restart your PC

Now,Press Windows+ R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service

If you still have this error

Windows could not start Windows Firewall on local Computer. See event log, if non-windows services contact vendor. Error code 5.

Download and launch this key,click YES

Shared access

give full control permission to this key similar to previous one

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

Right click on it -permissions

Click on Add and type

Everyone and select Full control

You should able to start firewall now

You may also be missing security center and windows defender services

Download

Security center  -wscsvc

Windows defender - windefend

Launch them and click YES when you get a UAC prompt

Good luck

THANK YOUUUUU!!! <3 YOU SOLVED MY PROBLEM :):):)

• Proposed as answer by johnwerneken Wednesday, August 01, 2012 6:06 AM

Hey that did magic :) at last started the firewall service !!! thankyou verymuch :)

thankyou wscvcv is my issue i have run that and will reboot!

Hi narenxp,

Thanks!!!

I've tried so many things today, but the shared access part was new, and that did the trick for me!

Sirefef/Live Security Premium has been a nightmare. I still can't get Windows Updates to work, but I'm one step closer!

• Edited by HelmerAslaksen Wednesday, August 01, 2012 10:07 PM

Hi narenxp,

Thanks!!!

I've tried so many things today, but the shared access part was new, and that did the trick for me!

Sirefef/Live Security Premium has been a nightmare. I still can't get Windows Updates to work, but I'm one step closer!

Yes you cant update unless you have BITS and windows update registry keys.I guess they are missing.I have attached the keys for BITS and windows update.Download and launch them.Restart the PC.You should be able to update.

I would just like to take the time to thankyou for putting this information up,

I have had this erro and have scanned my system with several Malware and regedit fix's after coming across this conflict on my system.

All i might say with no succsess, However after following your steps i now have Windows firewall up and working again.

ANyone following this which clearly has no protection download 3rd party firewall untill this is edited and scan using superanti spyware and malwarebytes on a full scan.

theses are trials that i have seen but AVG and Panda Anti virus are freeware.

So in summary thankyou kind sir and good luck everyone :-)

DS Tony

Thank you very much for this answer. It seems to have got me back where I'd hoped to be ... ie my windows firewall is now working again :)

I am slightly concerned however, by the steps which have me granting full access to "everyone" to select portions of my registry.

I wonder can you reassure me that this is ok, and that I should not now remove this access? Is this not leaving these areas open to further attack?--

--

Rory

Is this the same Narenxp from bleepingcomputer?

People who help others online for free do not get enough credit or thanks.  Thank you for your expert advice.

I'm cleaning up a PC that a friend had infected with a variant of sirefef, and this solution is just what I was searching for.  If I wanted to educate myself on the ways of cornering and destroying malware so that I can help others where would you recommend I start?  I'm a hardware guy that knows a good deal about computers, but I am weak with programming.  Where do you send people wanting to learn more about IT security and anti-malware tactics?

Many Thanks,

hsteacher

Is this the same Narenxp from bleepingcomputer?

People who help others online for free do not get enough credit or thanks.  Thank you for your expert advice.

I'm cleaning up a PC that a friend had infected with a variant of sirefef, and this solution is just what I was searching for.  If I wanted to educate myself on the ways of cornering and destroying malware so that I can help others where would you recommend I start?  I'm a hardware guy that knows a good deal about computers, but I am weak with programming.  Where do you send people wanting to learn more about IT security and anti-malware tactics?

Many Thanks,

hsteacher

Yes,narenxp from BC and thankyou for your feedback.If you are interested in malware removal

Check these links

BC-http://www.bleepingcomputer.com/forums/topic86678.html

Whatthetech-http://forums.whatthetech.com/index.php?showtopic=80368

techguy.org - http://forums.techguy.org/site-comments-suggestions/574841-become-qualified-remove-malware.html

spywareinfo-http://www.spywareinfoforum.com/index.php?showtopic=34

Geekstogo-http://www.geekstogo.com/forum/Would-like-to-learn-to-fight-malware-t4817.html

Techsupportforum-http://www.techsupportforum.com/forums/f50/please-read-before-applying-to-join-the-academy-294775.html

Malware removal university-http://www.malwareremoval.com/university.php

You may need to wait if there are no slots currently available(like bleepingcomputer)

Programming is not a priority for learning malware removal.

good luck

Thanks! this worked perfect...! nothing better than that.!

Thank you soooooo much you saved me a lot of woes thanks

Hey Thanks!

this resolves my Firewall Problem too.

Ben

Download both the registry files

Windows firewall -  Firewall

Base filtering engine -  BFE

Download and launch Shared access

• Edited by schrippe Friday, August 24, 2012 5:53 AM

Thank you narenxp !!! Your reply was perfect.

• Edited by Security Tech .Net Saturday, September 08, 2012 10:40 AM

Thanks Guy,
That's solved in my pc
really thanks again.

Thanks!

thank you i had the same problem and after hours of trying this is the first thing that worked

How do I make sure my system is free of zero access
rootkit?

Thanks

My firewall has also been corrupted by the FBI virus which is now cleaned by
MS maleware removal and Malwarebytes. No virus files show but the damage to the
firewall is there. It appears that I have NO firewall installed???

Any help would be appreciated.

How do I make sure my system is free of zero access
rootkit?

Thanks

My firewall has also been corrupted by the FBI virus which is now cleaned by
MS maleware removal and Malwarebytes. No virus files show but the damage to the
firewall is there. It appears that I have NO firewall installed???

Any help would be appreciated.

Please go through the topic once.Solution has already been posted to fix firewall and critical windows services.

Hi

Make sure that PC is clean(free from zero access rootkit before trying this fixes)

This firewall issue is commonly found on vista and windows 7 (64 BIT OS)

It is recommended to contact malware removal forums to remove it first and try the fix

Run the services repair tool by ESET

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Restart the PC.Firewall and critical missing services should work.

dear friend.

i registrated just to write this.

i havent had a virus so i didnt try this out before it was my VERY last solution, i have now used around 8 hours on figuring out what was wrong and now finally the problem is solved.

i had a similar problem to the OP (think it was exactly the same in the start but after 8 hours my mind is kinda fryied) i have tried everything in this thread and everything in several others (yer 8 hours is a long time, properly took me around two to locate exactly where the issue was, started out by not being able to get pinged by others. and not being able  to change the settings to allow it.)

well this fixed the firewall issue and i can now actually start my services which are needed to change Anything :)

so hopefully from here on out it will be durable to do the rest.

i just wanted to add this so people should try this easy and fast fix first EVEN if you didnt had any vira from the start, since i tried everything else and nothing have worked besides this.

tyvm

Thank you, thank you, thank you!  I have been struggling with this problem for weeks.  Changing the shared access permissions to everyone did the trick.

Thank you for the above advice that i came to by accident. For cross-reference purposes please look at the forum were i was having issues:

Failure to configurate on reboot - v 6.1.7601 for current optional KP updates 

http://social.technet.microsoft.com/Forums/en-US/w7itproperf/thread/9a3a8e3a-0522-4e1c-8abb-738554e6ec42

Thank you. This is absolutely the best fix that I have found for 64 Bit 7.

Thanks for this advice. My Windows Update and Firewall had mysteriously stopped working on my laptop, and while no virus/malware was detected I suspect something like this caused the problem. I was able to get Windows Update working with advice from another link, but the ServicesRepair.exe file got Windows Firewall back on board. Much appreciated.

Confirm that in Advanced System Properties | User Profiles (I accessed this by Right-click of mouse on COMPUTER when using Windows 7) has the appropriate number of profiles. I noticed that I had two unknown ones.

Examine your HKEY_CURRENT_USER using the regedit command and delete (but take a back-up for risk control purposes) rougue keys. 

Tanks narenxp!I worked for me too! I've spent nearly a month looking for the solution

thanx to everyone who contibuted to this page. helped me out alot . many thanx!!!!!!

So in searching for 2 days for a solution. This is a solid one. Thanks you are great. How do I send coffee money? :)

Wow... thats amazing... Worked perfect for me. Was struggling to fix it from nearly a month.

Thanks naren.

narenxp,

I cannot thank you enough for posting this solution. After hours of fooling around with getting Windows Firewall to run again on my 64-bit Win7 system, I used the tool you recommended. Nothing else worked. This did the trick! THANK YOU! I clicked the link, and ran the utility from ESET. My Firewall is now working and running fine. Please note: I first ran Windows Defender Offline (booted from it after creating a CD on another, uninfected pc),which found six severe, active baddies on my system... did that first, then ran the utility below. Hope this helps others.

====

Run the services repair tool by ESET

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Restart the PC.Firewall and critical missing services should work.

====

Thank You Naren Bhai,

My Problem was solved after using your fix..

Can you pls send me your email id to my id:manojsingh.chauhan@outlook.com

Thanks Again...

Thanks for the feedback, that tool fixed my issue, when everything else I tried wouldn't.

You saved my life, thanks so much !

LOVE YOU BRO!!!! THANKS ALOTE!!!

thank you that file worked for me, and when i start my computer the firewall starts with the reccommended settings, thanks again.

Windows Firewall

Yes its a virus. Please follow the instruction at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fFakeRean to remove it.

A snip from the same page:

To remove/modify the changes that Win32/FakeRean has made to your computer, follow these steps:

1. Click Start and then click Run.
2. In the Open box, type explorer and then click OK.
3. Navigate to the Windows directory (e.g. a typical path may be C:\Windows) and locate regedit.exe.
4. Run Regedit:
   On Windows XP systems:
   Right-click on regedit.exe and select Run as. Uncheck "Protect my computer and data from unauthorized program activity" and click OK.
   
   On Windows 7 or Vista:
   Right-click on regedit.exe and select Run as administrator. Click Yes to accept the UAC prompt.
5. Using Regedit, locate and then click on the following registry key:
   HKeyCurrentUser\Software\Classes (see example below)
   
   
6. On the left panel, right-click on the following registry subkey:
   '.exe'
7. Select Delete and then click OK.
8. Locate and then click on the following registry key:
   HKeyCurrentUser\Software\Classes
9. On the left panel, right-click on the following registry subkey:
   'secfile'
10. Select Delete and then click OK.
11. Close Registry Editor.

hello i just want to say thanks.I tried for 5 days to start my BFE service and tried many things.This worked.now i have the antivirus program i tried downloading.Thanks again.......

You sir are a genius! Worked like a charm!