We continue to have machines that we turn off the firewall completely and
after a reboot the firewall somehow get turned back on - No group policies
are being applied that would turn the firewall back on. The clients are
Windows XP Pro Service Pack 2.

Please tell me how on earth do I delete these virus infections located in
C:\Windows\System32 ?

They do not show up in searches

Richard Furlong


"Sabo, Eric" > wrote in message
...
> We continue to have machines that we turn off the firewall completely and
> after a reboot the firewall somehow get turned back on - No group policies
> are being applied that would turn the firewall back on. The clients are
> Windows XP Pro Service Pack 2.

Please tell me how to delete these viruses located in C:Windows\System32 ?

They do not appear in search, whereis or manual check.

Thank you,

Richard Furlong

"Sabo, Eric" > wrote in message
...
> We continue to have machines that we turn off the firewall completely and
> after a reboot the firewall somehow get turned back on - No group policies
> are being applied that would turn the firewall back on. The clients are
> Windows XP Pro Service Pack 2.

"Richard Furlong" > wrote in message
...
> Please tell me how to delete these viruses located in C:Windows\System32 ?
>
> They do not appear in search, whereis or manual check.
>
> Thank you,
>
> Richard Furlong

I am finding that various trojans set their attributes to hidden, system and
read-only. This keeps them from being easily found or deleted, but not
from operating.

Run a command prompt and navigate to the system32 directory. Type "dir /ah
" to list files with the hidden attribute. there *should* not be many;
almost all legitimate windows files are not set to hidden. Also check the
Windows directory.

To be able to delete the files that are not legitimate, use "attrib -s -h -r
<filename>". You'll then be able to see them and delete them, though if
they are running you might have to restart in safe mode to do this.

Be sure to check the filenames on google and with other Windows installs to
see if the files *are* legitimate.

HTH
-pk



>
> "Sabo, Eric" > wrote in message
> ...
> > We continue to have machines that we turn off the firewall completely
and
> > after a reboot the firewall somehow get turned back on - No group
policies
> > are being applied that would turn the firewall back on. The clients
are
> > Windows XP Pro Service Pack 2.
>
>

If you're able to do policy pushes the best way is to probably force it off
via policy.

I don't know why it's not staying off though. I keep it off on my desktop
without any problems. :-/
Is this happening with the machine under your control or with a user at the
keyboard?

--
Walter Clayton
Any technology distinguishable from magic is insufficiently advanced.


"Sabo, Eric" > wrote in message
...
> We continue to have machines that we turn off the firewall completely and
> after a reboot the firewall somehow get turned back on - No group policies
> are being applied that would turn the firewall back on. The clients are
> Windows XP Pro Service Pack 2.