Windows firewall/ics service problem..windows services failing to start
hallo skunkers, recently ive been experinecing a problem with some services failing to run,including windows firewall/ics service. The most common services whuich fail to start are as follow: DHCP client,Network Connections,windows firewall,workstation service The windows firewall service fails to start even after forcing it to restart and gives out an access denied error message.Also when the service fails to start,one cannot connect to any device on the network including printers computers(they are on the domain) Also generic host process error message has become rampant.Confiker virus was on the network before but this has been quarantined by Nod32 antivirus .Any tool to remove confiker from the network would help Any ideas on how to resolve this would be helpfull -- WALLACE NGENE TARURU wallacengene@gmail.com
On Tue, Nov 24, 2009 at 12:16 PM, wallace ngene <wallacengene@gmail.com>wrote:
hallo skunkers, recently ive been experinecing a problem with some services failing to run,including windows firewall/ics service. The most common services whuich fail to start are as follow: DHCP client,Network Connections,windows firewall,workstation service The windows firewall service fails to start even after forcing it to restart and gives out an access denied error message.Also when the service fails to start,one cannot connect to any device on the network including printers computers(they are on the domain) Also generic host process error message has become rampant.Confiker virus was on the network before but this has been quarantined by Nod32 antivirus .Any tool to remove confiker from the network would help Any ideas on how to resolve this would be helpfull
Backup your data, format the machine, reinstall, restore data. Save time unless you have too much of it:) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
please check your Antivirus and Patch levels in those machines....sound like symptoms of on of the various variants of Conficker Virus... On Tue, Nov 24, 2009 at 12:21 PM, Odhiambo Washington <odhiambo@gmail.com>wrote:
On Tue, Nov 24, 2009 at 12:16 PM, wallace ngene <wallacengene@gmail.com>wrote:
hallo skunkers, recently ive been experinecing a problem with some services failing to run,including windows firewall/ics service. The most common services whuich fail to start are as follow: DHCP client,Network Connections,windows firewall,workstation service The windows firewall service fails to start even after forcing it to restart and gives out an access denied error message.Also when the service fails to start,one cannot connect to any device on the network including printers computers(they are on the domain) Also generic host process error message has become rampant.Confiker virus was on the network before but this has been quarantined by Nod32 antivirus .Any tool to remove confiker from the network would help Any ideas on how to resolve this would be helpfull
Backup your data, format the machine, reinstall, restore data. Save time unless you have too much of it:)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
kindly note that this occurs even after reformatting and reinstalling your operating system... On Tue, Nov 24, 2009 at 12:21 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Tue, Nov 24, 2009 at 12:16 PM, wallace ngene <wallacengene@gmail.com> wrote:
hallo skunkers, recently ive been experinecing a problem with some services failing to run,including windows firewall/ics service. The most common services whuich fail to start are as follow: DHCP client,Network Connections,windows firewall,workstation service The windows firewall service fails to start even after forcing it to restart and gives out an access denied error message.Also when the service fails to start,one cannot connect to any device on the network including printers computers(they are on the domain) Also generic host process error message has become rampant.Confiker virus was on the network before but this has been quarantined by Nod32 antivirus .Any tool to remove confiker from the network would help Any ideas on how to resolve this would be helpfull
Backup your data, format the machine, reinstall, restore data. Save time unless you have too much of it:)
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- WALLACE NGENE TARURU wallacengene@gmail.com
On Tue, Nov 24, 2009 at 3:42 PM, wallace ngene <wallacengene@gmail.com>wrote:
kindly note that this occurs even after reformatting and reinstalling your operating system...
It cannot be on a clean Windows install, unless you end up re-infecting the system using a certain media in your possession - like a flash disk! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
this has been evident on new laptop setup..confiker variant is present but being quarantined by eset nod32.. any network removal tool for confiker would help.. On Tue, Nov 24, 2009 at 3:59 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Tue, Nov 24, 2009 at 3:42 PM, wallace ngene <wallacengene@gmail.com> wrote:
kindly note that this occurs even after reformatting and reinstalling your operating system...
It cannot be on a clean Windows install, unless you end up re-infecting the system using a certain media in your possession - like a flash disk!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- WALLACE NGENE TARURU wallacengene@gmail.com
you will need to patch up your server with ms08-067 ... then download a tool called kidokiller from kaspersky website to clean up the virus. also run the following nmap command on all you network machines and it will identify all machines that maybe hit with conficker which then you will run kido killer then patch them up... nmap -PN -d -p139,445 --script=smb-check-vulns --script-args <ip> or Super user required due to stealth mode –sS option nmap -sS -PN -d -p139,445 --script=smb-check-vulns --script-args <ip> use the latest version of nmap... On Wed, Nov 25, 2009 at 11:16 AM, wallace ngene <wallacengene@gmail.com>wrote:
this has been evident on new laptop setup..confiker variant is present but being quarantined by eset nod32.. any network removal tool for confiker would help..
On Tue, Nov 24, 2009 at 3:59 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Tue, Nov 24, 2009 at 3:42 PM, wallace ngene <wallacengene@gmail.com> wrote:
kindly note that this occurs even after reformatting and
reinstalling your
operating system...
It cannot be on a clean Windows install, unless you end up re-infecting the system using a certain media in your possession - like a flash disk!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- WALLACE NGENE TARURU wallacengene@gmail.com _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
Eric hi,..the downloader tool seems to scan for the confiker but the nmap tool seems not to detect any machines on the network... which server should be patched with the update?is it the update server/antivirus server? Regards, Wallace On Wed, Nov 25, 2009 at 12:13 PM, Eric Mugo <kabugum@gmail.com> wrote:
you will need to patch up your server with ms08-067 ... then download a tool called kidokiller from kaspersky website to clean up the virus. also run the following nmap command on all you network machines and it will identify all machines that maybe hit with conficker which then you will run kido killer then patch them up...
nmap -PN -d -p139,445 --script=smb-check-vulns --script-args <ip>
or
Super user required due to stealth mode –sS option
nmap -sS -PN -d -p139,445 --script=smb-check-vulns --script-args <ip>
use the latest version of nmap...
On Wed, Nov 25, 2009 at 11:16 AM, wallace ngene <wallacengene@gmail.com> wrote:
this has been evident on new laptop setup..confiker variant is present but being quarantined by eset nod32.. any network removal tool for confiker would help..
On Tue, Nov 24, 2009 at 3:59 PM, Odhiambo Washington <odhiambo@gmail.com> wrote:
On Tue, Nov 24, 2009 at 3:42 PM, wallace ngene <wallacengene@gmail.com> wrote:
kindly note that this occurs even after reformatting and reinstalling your operating system...
It cannot be on a clean Windows install, unless you end up re-infecting the system using a certain media in your possession - like a flash disk!
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- WALLACE NGENE TARURU wallacengene@gmail.com _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke Other lists ------------- Announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science: http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi: http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general
-- WALLACE NGENE TARURU wallacengene@gmail.com
participants (3)
-
Eric Mugo -
Odhiambo Washington -
wallace ngene