Ok so this story of horror started a week ago.

I installed zone alarm, but it was a hassle so i installed kerio too.

Yesterday they were both installed, but i never used any of them, I had configured it so no component or auto protection would load from either fw.

However yesterday I ran anti-virus, and found out i had Gaobot, among other things, I had been lagging severly in online games.
I did netstat and found out I was connected to at least 100 smtp servers.

So I thought I'd start my firewall to stop all of it.
First I started zone alarm, but it's so annoying I thought I'd try kerio instead.

I uninstalled za but then I couldn't access anything with any program except IE.
I browsed around and found out I had to remove some files manually, and I did(which was a big job in itself btw). Everything worked again.
So I started kerio, but it was even more of a hassle than za.

Even when I permitted programs, they wouldn't even launch because of some strange permission error.
So I used the 'disable firewall' option and the programs launched.

However I couldn't access anything, including irc, messenge and steam(steampowered.com).
I unloaded all of kerio, and it still wouldnt access anything.

I restarted kerio, but now even when i permitted mirc, it wouldnt connect to any servers.

So I uninstalled kerio, and restarted.
And guess what, i STILL can't access anything.

I checked out the kerio website and found a manual uninstall guide, I removed everything they told me too, I used an advanced windows process explorer to check for any hidden processes, i rebooted, but nothing works.

So if anyone has any advice on how to fix this I'd greatly appreciate it. :/

Welcome to the PC Guide Forums!

Even when I permitted programs, they wouldn't even launch because of some strange permission error.

I am afraid we need more information. Please post the exact error messages you are seeing or we will only be guessing.

However yesterday I ran anti-virus, and found out i had Gaobot, among other things, I had been lagging severly in online games.

This is a serious infection, what AV are you using?

panda online virus scan.

Virus:Trj/Downloader.DY Renamed C:\WINDOWS\jpnnaifm.dll

Virus:Trj/Downloader.CZ Disinfected C:\WINDOWS\MSTASKSS.0XE
Virus:Trj/Downloader.CZ Disinfected C:\WINDOWS\system32\child.dll
Virus:W32/Gaobot.gen.worm Disinfected C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temporary Internet
Files\Content.IE5\UTCEGDA8\bot[1].exe


i deleted all of the files too. i dont think thats a problem.

also, forget the program launching thing, it went away when i disabled or closed the firewall.

right now i just need to remove all the files/keys that could be blocking my connection..

For what it's worth, here's what I know about FireWalls. First of all, from what I've read from people who know a lot more that I do, you should never have two firewalls on your system at one time. Even two versions of the same firewall will give you problems. Second, the proper way to uninstall ZoneAlarm is to first shut it down. ZA's instructions says first you should open ZA, then click on the Overview Tab, un-check it where it says "Load ZoneAlarm at startup." Then restart your computer, then uninstall it. It will not do any good to simply right-click on the ZA icon and choose, "Shut down ZoneAlarm." You have do do as I mentioned above. After it's totally un-installed, I would then uninstall Kerio. You might have to do the same thing with Kerio to uninstall it, I don't know.

Go on line, do not pass go, do not collect $200.00 Click on this link for an on-line virus scan.

After that

Download, install and update Spybot S&D

Download, install and update Adaware

Scan with Spybot & fix all problems

Shutdown

Scan with Adaware & fix all problems

Download Hijack this

Make a folder called HJT

Install the HJT.exe program to the HJT folder

Scan with HJT and post the log back here

I agree with everything FrankSG has articulated, You should not have two firewalls loaded on your computer, this is explicate if you look on the sites.

My preference of the two is ZoneAlarm it's never let me down yet, and it's no hassle to install. If you follow the instructions properly, it will even configure itself for you till you become knowledgeable enough to have your own custom settings.

Thanks:)

PS don’t forget your HiJack this log for classicsoftware - do as he says and he'll tell you whether your clean or not.

You CAN have two firewalls on the same system, but DO NOT run them both at the same time or you will have conflicts... The possible exception is that the WinXP firewall seems to be able to function with another firewall in place... I wouldn't run it that way though....

I agree with classicsoftware, it is likely that you are still infected and firewalls are to prevent infections, not to stop them...

Sorry about that Budfred I haven't made it clear enough.

you should not have two firewalls loaded on your computer

By this I mean loaded up at the same time. With ZoneAlarm however, any old version must be uninstalled before installing the newer version.

I have two firwalls on my system, along with several browsers, email clients, virus checkers, spyware utilities etc. - as computer geeks have to do these days to be safe.

It goes without saying that as a good practice I never load two at the same time.

I've probable confused you even more now so I'll shut up!

Thanks :)

Thank you all for replying, but, I think I fixed it now.

A simple reinstall of kerio did it :x
I'm safe from the virus, and I did a spybot scan, so.. I guess this is resolved.

Thanks so much though.

Don't be so hasty - in your own interests I would let Budfred and classicsoftware see a Hijackthis log.

You CAN have two firewalls on the same system, but DO NOT run them both at the same time or you will have conflicts...
Yes--I agree...

I would suggest if your not going to run ZA then get it completely off your system not knowing which windows here is the directions for which ever follow them carefully

http://www.hackfix.org/software/uninstall/zone.html

Yes I agree YODA74! I have two, but its simply because I am too lazy to uninstall the other. I only use ZoneAlarm, and I cannot think why anyone really needs two firewalls if they have found one that suits their personal needs.

Thanks:)

My OS is WinXP Home. I use ZA Pro for my firewall. The build-in fire wall that comes with XP, I have disabled. Actually, I think it comes disable by default. From what I've heard about the built in firewall, it's not that good. The best that can be said for it is that it's better than nothing. How true that is, I don't know. However, they say that when XP comes out with it's next service pack some time this summer, they are supposed to make a big improvement on the firewall. Does anyone have any information on this?

korky45


The only reason I say that is I have real issue's with ZA and when it screws up it will re replicate it's self and give you a bunch of trouble and so will any firewall but ZA in particular... some people have no issue's with it but personnaly I think it stinks IMHO There are others just as good if not better and what works well with one system may not work well with another.....You have to experiment and find what works well with the sys. you are useing. and when found the best thing to do is TOTALY get rid of the other, or you WILL have problems.

FRANK
the existing XP firewall only stops intusion but does not stop or notify about outgoing items, so IMHO is next to useless.

Yes in the SP2 it will be turned on by default. Which will cuase a few problems and headaches for quite a few folks. Two firewalls running at the same time. I assume that the user will have the choice whether to turn it of or not. Untill I know that it is an effective firewall I personally would not trust it. There is also supposed to be alot more security features as well.

Also There will be a CONSTANT nag screen if you have Win update turned off. MS is/will (be) trying to force users to do auto updates. I do not know if this nag screen could be turned off. I prefer to download and update maually allowing me to know exactly what is getting installed.) So this will be the second item I will be trying to disable.

Originally posted by ErnieK
FRANK
Yes in the SP2 it will be turned on by default. Which will cuase a few problems and headaches for quite a few folks. Two firewalls running at the same time. I assume that the user will have the choice whether to turn it of or not. Untill I know that it is an effective firewall I personally would not trust it.
When SP2 becomes available, I for one, will wait a few days before downloading and installing it. There will be millions of people using it as soon as it comes out, so if there are some major issues with it, they should turn up fairly quick. At least, that's my way of thinking.

I cannot think why anyone really needs two firewalls if they have found one that suits their personal needs.

I recently had a situation when I could have used two installed firewalls... I accidently messed up my access to websites and email by using LSPfix on bad advice... I ended up figuring out that I had to uninstall my firewall (Sygate) to fix it. I was on the web without the firewall for a few minutes to check it out and give an update to the people helping me. During that time, I was infected with Welchia. I figured that out and fixed it, but it was clear that I needed to have a firewall running for even just that few minutes. If I had Kerio or ZA installed, I could have saved myself some trouble....

Well, maybe I am just lucky so far but, I did a fresh clean install of XP 5 weeks ago and have only the XP firewall on along with Spybot S&D, AVG and Adaware running. I have all the updates and keep them all updated at least every 3 days and I have not had any problems with any malware getting into my machine. I better touch wood!!:D but so far it has been fine and access speed has been noticably faster than when I was using ZA and NAV. As long as nothing gets in, why would I worry about what is going out? Something must be right about the way I got things setup this time because I've had problems like Budfred where there have been infections before I could get updates installed. That was with w2k so' I'm sure the built in firewall with XP must help somewhat.

My 2 cents worth anyway and maybe some food for thought!

A firewall that blocks files from coming in protects against the obvious attackers, but it misses ones that you may inadvertantly install. There are a number of programs that contain trojans and other malware that will contact the web soon after they are installed if they are allowed. Since they are coming from inside your computer, a firewall that only blocks outside attacks misses them completely...

For instance, I have a game that I bought for a dollar. It includes backgammon which I like to play occasionally so I have kept it in spite of the fact that it also has some spyware installed. When I have run it, it has tried to connect to the internet, but I block it with my firewall. If you do not know that you have this stuff on your computer, you do not know that it is connecting....

If you use any file sharing, you may also download programs that promptly call home with your personal info... It may be that you have been lucky or it may be that you simply don't know yet that someone is pawing through your files and personal info.....

You need a firewall that goes both ways. If you want one that uses very few resources, use Kerio... It is more complicated, but it is often said to be the best free firewall available....

Originally posted by Budfred


I was on the web without the firewall for a few minutes to check it out and give an update to the people helping me. During that time, I was infected with Welchia.

It doesn't take long does it?! I had a similar problem last year, but caused by Outpost Pro crashing after an update. It was only down for less than a minute, but that was enough for welchia.

One lesson here is:
If you have to delete a firewall, or are installing software which requires a firwall/AV to be dropped -
Make sure you have all the files you need for your operation LOCALLY (i.e. on your machine)
Disable the link to the Internet (ctrl panel>network & Internet connections>) THEN switch off your firewall/AV or uninstall it if you need to.
Do whatever tasks you need to do.
Re-enable the Firewall/AV or reinstall as necessary.
Re-enable the Internet connection.