Windows Firewall damaged by 'Windows 7 antivirus 2012'
I run Windows 7. I think 64bit, not sure. I have been getting hit with a lot of rogue antiviruses and up till now have been fighting them off, but last night I was hit by a new rendition of "Windows 7 Antivirus 2012". I got a window saying explorer.exe wanted to make changes to my computer, I would tell it no and each time it would return. In between the constantly returning window I managed to open the task manager, find the process, and end the process. I then found the file and destroyed it with killbox. Everything seems to be back in working order now, except for the firewall. Every page in the control panel for windows firewall gives me an Administrator button that says use reccomended settings', when I click it it says it can't do that and gives me error 0x800705b4, which I understand to be an authentication error. The last time I had this I tried to reset my firewall with an admistrator command prompt, it would tell me it could not load wshelper.dll, so I did some stuff I cannot remember to reset my winsock and was then able to reset my firewall and all was good again. This time when I go into command.com and type 'netsh advfirewall reset' instead of the DLL message, I get 'An error occoured while attempting to contact the Windows Firewall service. Make sure the service is running and try your request again'. In my attempts to fix this myself I have been to the device manager. I had it 'show hidden devices' and located my Windows Firewall Authorization driver. I found it had been stopped, and so I started it again. It currently says it is started, but nothing has changed functionally. I have been into Services as an Administrator; Windows Firewall is not there. I was also told to look for Windows Event Controller and Base Filtering Engine and they are not there either. I have done an administrator command promtp with sfc /scannow and the first time it said it had made changes and the second time it said everythign was alright but nothing functionally has changed. I have been told to enter the following command prompts and gotten - the following results netsh advfirewall reset - error stated above net start mpsdrv - The requested service has already been started net start bfe - The service name is invalid net start mpssvc - the service name is invalid regsvr32 firewallapi.dll - Popup window stating DllRegisterServer in firewallapi.dll succeeded no functional change after that. I have also been told to try: sc config wuauserv start= auto - [SC] ChangeServiceConfig SUCCESS sc config bits start= auto - [SC] ChangeServiceConfig SUCCESS sc config DcomLaunch start= auto - Access is denied. net stop wuauserv - The Windows Update service was stopped successfully. net start wuauserv - The Windows Update service was started successfully. net stop bits - The Backround Intelligent Transfer Service was stopped successfully. net start bits - The Backround Intelligent Transfer Service was started successfully. net start dcomlaunch - The requested service has already been started. I have also tried a system restore, but whatever is screwing with my firewall is also screwing with that an it will not complete successfully. A Windows XP thread steered me toward a file called, I believe, netfw.inf in my windir folder, related to the firewall. This does not seem to be on my Windows 7 machine and I have been unable to find the Windows 7 equivalent. So, it appears my firewall is gone, or just pretending to be. I fixxed it last time by making some correction to my winsock but I cannot seem to find the process I used for that. Additionally, Microsoft Security Essentials has dissapeared from my system tray, though otherwise seems to be working fine. I am confident that this can be fixxed without a wipe and reinstall. Please help.
December 8th, 2011 1:11pm

I think you need try to think of this as a virus problem rather the firewall. Virus is probably masking the applets in the control panel and you are not able to make the needed changes. I personally would start here: Regedit Navigate HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Look for suspicious files: For example "C:\Program Files (x86)\...." is probably fine. Anything coming from some other location like “c:\Temp\...” is not Note their location boot in safe mode and try to remove/uninstall or even delete the suspicious programs Then go to Trend Micro and run their free online scanner http://housecall.trendmicro.com/
Free Windows Admin Tool Kit Click here and download it now
December 9th, 2011 2:02am

Brano is right, this sounds like a virus issue. I have seen issues where Windows 7 2012 is actually a virus/malware. Best thing to do is remove it from your computer. Follow the instructions brano has provided. I would also recommend going to the microsoft website and downloading and installing Microsoft Security Essentials. Its free and works great.
December 9th, 2011 8:48pm

I looked there and did not see anything that did not seem to lead back to something relevant. I tracked one back to a folder containing a bunch of stuff like 'fwupdate.exe' but none of it would run. The trendmicro scanner found something and killed it but there was no change. I also used the trendmicro rootkit buster. It found something. The control panel probem is still there but my security essentials tray icon is back, so that is something.
Free Windows Admin Tool Kit Click here and download it now
December 9th, 2011 11:09pm

Update your computer with patches and updates. I would probably say clear your system restore points, because large number of viruses like to attack restore that way when you restore system files you restore the virus as well.
December 9th, 2011 11:42pm

Yes its a virus. Please follow the instruction at http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fFakeRean to remove it. A snip from the same page: To remove/modify the changes that Win32/FakeRean has made to your computer, follow these steps: Click Start and then click Run. In the Open box, type explorer and then click OK. Navigate to the Windows directory (e.g. a typical path may be C:\Windows) and locate regedit.exe. Run Regedit: On Windows XP systems: Right-click on regedit.exe and select Run as. Uncheck "Protect my computer and data from unauthorized program activity" and click OK. On Windows 7 or Vista: Right-click on regedit.exe and select Run as administrator. Click Yes to accept the UAC prompt. Using Regedit, locate and then click on the following registry key: HKeyCurrentUser\Software\Classes (see example below) On the left panel, right-click on the following registry subkey: '.exe' Select Delete and then click OK. Locate and then click on the following registry key: HKeyCurrentUser\Software\Classes On the left panel, right-click on the following registry subkey: 'secfile' Select Delete and then click OK. Close Registry Editor.
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2011 12:17am

I have already gone over the computer with MS Essentials and Malaware and other programs a dozen times so I am pretty sure the program itself is gone. I found the .exe registry keyand deleted that, but did not find secfile. I also found a registry key called 'exefile' with similar stuff in it to .exe, but Google refuses to properly search for it (go on, try it, you'll see what I mean). Should I delete that one as well?
December 10th, 2011 10:21am

I am not sure if that reg key should be the reason for Firewall/BFE not coming up. It looks like your bfe drivers registry keys are removed/infected by the virus. Can you check if HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE is present on your system?
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2011 10:03pm

helo, i'm having the exact same problem with my firewall after removing win 7 antivirus 2012. i've been following the steps in your conversation so far and have had the same results. i don't have the ...services/BFE files in my registry if that's of any use.
December 11th, 2011 1:40am

Yea I'm having the exact same problems and do not have the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE in my registry.
Free Windows Admin Tool Kit Click here and download it now
December 11th, 2011 2:11am

that registry folder is missing. there's also no registry for 'windows firewall' in there. As I said before, I feel is worth mentioning again, when I run 'Services', BFE and Windows Firewall are not listed. Since I think I solved this problem before with a wWinsock issue I also feel worth mentioning that in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ I have a 'Winsock' folder and a 'Winsock2' folder which seems odd. But yeah, overall it looks like my firewall is just gone. Or, hidden, maybe.
December 11th, 2011 5:47pm

A previous rogue antivirus hid a bunch of icons on my desktop. Could this have done the same to my firewall and such?
Free Windows Admin Tool Kit Click here and download it now
December 12th, 2011 10:56am

I am having the same problem. I got rid of the virus, but it took out my firewall and probably some other services.
December 12th, 2011 6:04pm

As of now, the only way I am aware of to get firewall back is to Import BFE and Mpssvc registry key from some good Win7 machine having same SP level. This atleast worked for my machine. I would let you guys know If I find a better way of doing this.
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2011 2:04am

so how do we do that?
December 13th, 2011 4:11am

Considering you've had this problem i would probably suggest restoring your machine using a windows image. Yes some may say this is an easy way out and it is. But once your machine has been restored use a good antivirus and be careful on-line. Prevention is the best cure. (Always backup your data).The answers/solutions that I provide are from personal experience. They are as is and come with no warranty.
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2011 11:05am

Agree with Ethan, system restore is a good option. Changing registry key manually is always risky. @Malapterus: You can export Reg key from some good machine by going to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE regkey, Right Click and export it to Disk. it will store the file as <someName>.Reg. Take this file to affected machine, right click and Merge. this will create the BFE key. Similarly you can try for MPSSvc. You would need to add permission to these regkey, before you can actually start the service. Mail me and I can forward you the registry key dump I used, if you face any problem getting the regkey dump. To Add to permission: add NT Service\BFE account bfe regkey permission and NT Service\MpsSvc to MPssvc reg key. Give these accounts full access. hope this helps.
December 13th, 2011 9:38pm

Hi Make sure that PC is clean(free from zero access rootkit before trying this fixes) This firewall issue is commonly found on vista and windows 7 (64 BIT OS) This is symptom for rootkit on 64 bit systems if you find a folder called system64 C:/WINDOWS/SYSTEM64(not the sysWOW64) and a file called consrv.dll C:/WINDOWS/SYSTEM32/CONSRV.DLL You're infected by zero access rootkit.It is recommended to contact malware removal forums to remove it first and try the fix Download both the registry files Windows firewall - Firewall Base filtering engine - BFE Launch them,You should get a UAC prompt now Click YES & Restart your PC Now,Press Windows+ R key and type regedit and click ok go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE Right click on it-permissions Click on ADD and type Everyone and click ok Now Click on Everyone Below you have permission for users Select full control and click ok Now,open RUN and type services.msc and click ok start base filtering engine service and then windows firewall service You may also be missing security center and windows defender services Download Security center -wscsvc Windows defender - windefend Launch them and click YES when you get a UAC prompt Good luck
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2011 6:49pm

Hi Make sure that PC is clean(free from zero access rootkit before trying this fixes) This firewall issue is commonly found on vista and windows 7 (64 BIT OS) This is symptom for rootkit on 64 bit systems if you find a folder called system64 C:/WINDOWS/SYSTEM64(not the sysWOW64) and a file called consrv.dll C:/WINDOWS/SYSTEM32/CONSRV.DLL You're infected by zero access rootkit.It is recommended to contact malware removal forums to remove it first and try the fix Download both the registry files Windows firewall - Firewall Base filtering engine - BFE Launch them,You should get a UAC prompt now Click YES & Restart your PC Now,Press Windows+ R key and type regedit and click ok go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE Right click on it-permissions Click on ADD and type Everyone and click ok Now Click on Everyone Below you have permission for users Select full control and click ok Now,open RUN and type services.msc and click ok start base filtering engine service and then windows firewall service If you still have error starting windows firewall,give full control permission to this key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess You should able to start firewall now You may also be missing security center and windows defender services Download Security center -wscsvc Windows defender - windefend Launch them and click YES when you get a UAC prompt Good luck
December 14th, 2011 6:49pm

narenxp, Thank you. Your reg files and permission fixed the firewall. I had the entries in the registry but no settings. This virus is a nasty one! Thanks to Malapterus for posting and starting this thread. Clean the virus/trojan first. I started here which removed most of it. http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 ended here with combofix getting the rest. http://forum.avast.com/index.php?topic=87119.0 good luck everyone.
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2011 10:54pm

Worked for me. Thanks.
December 15th, 2011 6:42pm

Hi Download both the registry files http://www.mediafire.com/?317ea53a883288d http://www.mediafire.com/?z6aw8j7997qa7j9 Launch and import them to registry Restart your PC Now,open RUN and type regedit and click ok go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE Right click on it-permissions Click on ADD and type Everyone and click ok Now Click on Everyone Below you have permission for users Select full control and click ok Now,open RUN and type services.msc and click ok start base filtering engine service and then windows firewall service Good luck A restart was required for me after importing the registry entries. After restart, i had BFE and Windows Firewall as running services again. thanks for the help.
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2011 9:15pm

Good day to you all. I had the same problem and went through the steps however, my firewall was damaged or destroyed by this super nasty win 7 antivirus 2012. Thankfully I followed this threads advice and removed it. then I had no firewall. I followed the advice from this thread http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/0f4f6e47-afd3-45c7-8182-9487595270b1 . Which was from Ron Vernon and now have my firewall back up and running. Hi The Firewall Authorization Driver (mdsdrv.sys) is a protected windows system file. You can run the System File Checker tool and if the file is found to be corrupted, it will be replaced. Follow these steps carefully. Go to Start / All Programs / Accessories. Right click the 'Command Prompt' item and select the 'Run As Administrator' option. Click 'Continue' on the UAC prompt. In the command window type the following command. SFC /SCANNOW Press ENTER. This will take a few minutes to complete. Try not to use the computer while SFC is running. After the tool is finished, reboot the computer and check the Firewall options again. Let me know the results. If this post helps to resolve your issue, click the Mark as Answer or Helpful button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster. Ronnie Vernon Microsoft MVP Windows Desktop Experience
December 16th, 2011 12:41pm

narenxp! that got my firewall going also!!!!!
Free Windows Admin Tool Kit Click here and download it now
December 16th, 2011 9:26pm

Hi Download both the registry files http://www.mediafire.com/?317ea53a883288d http://www.mediafire.com/?z6aw8j7997qa7j9 Launch and import them to registry Restart your PC Now,open RUN and type regedit and click ok go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE Right click on it-permissions Click on ADD and type Everyone and click ok Now Click on Everyone Below you have permission for users Select full control and click ok Now,open RUN and type services.msc and click ok start base filtering engine service and then windows firewall service Good luck Hey bud, nice job on this fix, thanks for posting the registry keys. I just want to make one correction. Rather than giving the everyone group full permissions on BFE, it is more proper to give permission to NT SERVICE\BFE on the parameters subkey. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters There are also other keys which might need to be checked if this does not work for you. See this page for reference. http://blogs.technet.com/b/networking/archive/2011/06/14/the-windows-firewall-service-fails-to-start-registry-permissions.aspx
December 17th, 2011 2:45am

Yeah, i have Microsoft Security Essentials and the rogue sure was keen enough to slide right past its defenses and make its way into MY PC... by the by, I check for updates on a regular basis. It did lock (pop up when I tried to open) my firewall settings, task manager, etc., just as mentioned above, however, with two other accounts on my PC, it didnt pop up on the others like it did on my account. I could access the Registry Editor, task manager, and all that but the firewall settings were locked. On my account I couldn't do a thing; no task manager, no registry editor. no control panel. First thing that came to mind was to delete my account and the files. I actually UNINSTALLED MSE and re-installed it. Then I performed a System Restore, which brought back my account and unlocked the firewall settings. i can access task manager, and the registry editor and i dont see any suspicious files or keys that might tell me of its presence. Seems like things are as they were before the infection, but I still dont trust my PC until I wipe it and re-install from scratch.
Free Windows Admin Tool Kit Click here and download it now
December 21st, 2011 9:15pm

Great help here! I believe I have the exact same problem as Malapterus. I would like to try the fix that Narenxp has posted, as it seems to have worked for others but I am running Win 7 32bit not 64. Will these registry entrys work for me? Will this fix work for me? I have successfully removed all traces of the virus and done a root kit scan which says it fixed 2 items. Everything except for my firewall seems to be fine now. So I hope this is the last step but is it safe for a 32bit machine? Thanks for your time everyone.
December 22nd, 2011 6:40pm

It should work for 32bit machines as well, BFE and MPSSVC registry entries have no architecure specifc data.
Free Windows Admin Tool Kit Click here and download it now
December 22nd, 2011 6:56pm

Thank you, for your quick reply. I will try it now. I'll be back and let you all know my results. Thanks Again
December 22nd, 2011 7:38pm

Fixed, the whole process took 10 minutes. Thank you sooo much. Probably saved me having to fix my computer repair guys car for free. Now he will be paying me instead of the other way around. Happy Happy Joy Joy!! Thanks Again :)
Free Windows Admin Tool Kit Click here and download it now
December 22nd, 2011 7:53pm

Thank you very much narenxp, I got my Notebook to work again :D Greetings from Germany, Everytime I got a problem I have to look up on english speaking websites ;) Wish ya @ a merry X-MAS and a happy new years eve!!! Thanks @ @ll!!!
December 25th, 2011 8:12am

Win 7 Internet Security 2012 / Win 7 Home Security 2012./ Win 7 Anti Virus / Windows 7 Security 2012 all these are same spayware. If you are trying to remove this spyware, there are full instructions on how to do that manually at the link : http://123seminarsonly.com/Tips/007/Win-7-Internet-Security-2012.html http://www.easy2resolve.com/software-issues/remove-vista-security-2011-2012 If you wish you can download and run Norton Bootable Recovery Tool (NBRT). It is a Free Tool. To fix the issue with the Firewall you have to do the follwong. Enable the Base Filtering Engine service Click the Start button, and then click All Programs > Accessories > Run. In the Run dialog box, type the following text: services.msc Click OK. If you receive the User Account Control prompt, click Yes or Continue. In the Services window, under the Name column, locate and double-click Base Filtering Engine. To the right of Startup type, verify that Automatic appears. If Startup type is not Automatic, then in the drop-down list, click Automatic. To the right of Service Status, verify that Started appears. If the Service status is not Started, then click Start. Click OK. Exit the Services window. Restart the computer. —————————————————————————————- If the above one is not working try the following registry Fix. Registry editing for Turn On the Base Filtering Engine. Download the fix for 64 Bit OS Download the fix for 32 Bit OS Save the file on your desktop. Rename the file as BFE.reg Open the Registry Run-->Type REGEDIT and press on Ok. Now you will get a Registry Editor. Click on the File Menu in the Registry Editor and press on Import. Locate the file BEF.reg on the desktop. Press on Open. –> Yes -> Ok. Now restart the computer. After that go to the registry once again and go to the location HKLM\System\Current control set\services\BFE Right Click –> Permission –> Advance –> Add — > Everyone Now restart the computer. The issue will be fixed now.
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2011 10:40am

narenxp: You are my hero! Worked like a charm with my windows 7. I cringed at the thought of a clean install Thanks!!!
December 27th, 2011 8:40pm

Except it wiped my machines restore capabilities also.
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2011 8:53pm

Thanks for the feedback here. Windows will no longer boot on my infected hard drive: I first installed PC Doctor (from something I was reading before I came across this post), and it seemed to put the virus into remission. Then I completed all the steps provided by CrDev. Then, I was getting through narenxp's steps (which I noticed the .exe registry showed back up after I imported the BFE registry) when I decided to foolishly delete PC Doctor from my machine after the first restart (I thought PC Doctor would have interfered). As soon as I removed PC Doctor from my machine the virus began rapidly opening small warning windows which made me force a shutdown. Then as I restarted, Windows wouldn't even boot. I can't get any further than the black screen saying something like: "insert disc or choose boot option, pres esc to continue" And every key I press makes the same message drop on the screen again, and again, etc. I can't even get far enough to open in SafeMode. It simply doesn't recognize Windows. This is incredibly frustrating - and I'm on a work deadline to top things off. Does anyone know what might have happened here? It seems to have entirely taken out my C: drive ... I really do not want to have to reformat. Any suggestions or advice would be EXTREMELY helpful. PLEASE HELP.
December 27th, 2011 10:17pm

Win 7 Internet Security 2012 / Win 7 Home Security 2012./ Win 7 Anti Virus / Windows 7 Security 2012 all these are same spayware. If you are trying to remove this spyware, there are full instructions on how to do that manually at the link : http://123seminarsonly.com/Tips/007/Win-7-Internet-Security-2012.html http://www.easy2resolve.com/software-issues/remove-vista-security-2011-2012 If you wish you can download and run Norton Bootable Recovery Tool (NBRT). It is a Free Tool. Enable the Base Filtering Engine service Click the Start button, and then click All Programs > Accessories > Run. In the Run dialog box, type the following text: services.msc Click OK. If you receive the User Account Control prompt, click Yes or Continue. In the Services window, under the Name column, locate and double-click Base Filtering Engine. To the right of Startup type, verify that Automatic appears. If Startup type is not Automatic, then in the drop-down list, click Automatic. To the right of Service Status, verify that Started appears. If the Service status is not Started, then click Start. Click OK. Exit the Services window. Restart the computer. —————————————————————————————- If the above one is not working try the following registry Fix. Registry editing for Turn On the Base Filtering Engine. Download the fix for 64 Bit OS Download the fix for 32 Bit OS Save the file on your desktop. Rename the file as BFE.reg Open the Registry Run-->Type REGEDIT and press on Ok. Now you will get a Registry Editor. Click on the File Menu in the Registry Editor and press on Import. Locate the file BEF.reg on the desktop. Press on Open. –> Yes -> Ok. Now restart the computer. After that go to the registry once again and go to the location HKLM\System\Current control set\services\BFE Right Click –> Permission –> Advance –> Add — > Everyone Now restart the computer. The issue will be fixed now.
Free Windows Admin Tool Kit Click here and download it now
December 28th, 2011 8:46pm

It really works guys , I've been working on the problem of losing Firewall registry key for about a Week !! and I got nothing But now Thank God and Thanks to U ,it is solved , and My Firewall is ON :D :D and I just want to ask about something : Now I can turn on and off my Firewall but just from McAfee "it doesn't bother me" , But for Knowledge if I uninstalled McAfee is it going to be uncontrolled again ?? And meany Thaaaanks
December 29th, 2011 5:31pm

I did as above & BFE only started.I could not seen the windows FIrewall option.Also i cannot start ICS also.
Free Windows Admin Tool Kit Click here and download it now
December 30th, 2011 5:33am

To Narenxp: This worked perfectly for me--a bazillion thanks! I also ran Eset to do a virus scan and it picked up SEVEN viruses that AVG, Windows Malware and my beloved SpyBot all missed. Hopefully all is well again. All I know is that the firewall and networking are both back up and running again! (And, in an associated matter, I got the printer running again, too, having to tick the checkbox for making IE the default browser. Man, this virus/viruses really did a number on my machine and I thought I was going to have to wipe the drive and start over, which having installed some programs a number of years ago, would've been a pain in the arse, if not impossible, to re-install without buying them again.) I appreciate your taking the time to post your clear instructions and for sharing your knowledge. Best to you in 2012! --Jaxon
January 4th, 2012 6:26pm

Just wanted to let everyone know that this guy narenxp is a genius! Been trying to come up with a fix for win firewall for a while now!! Thank you very much for sharing this fix!!
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2012 9:09am

Hi Download both the registry files http://www.mediafire.com/?317ea53a883288d http://www.mediafire.com/?z6aw8j7997qa7j9 Launch and import them to registry Restart your PC Now,open RUN and type regedit and click ok go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE Right click on it-permissions Click on ADD and type Everyone and click ok Now Click on Everyone Below you have permission for users Select full control and click ok Now,open RUN and type services.msc and click ok start base filtering engine service and then windows firewall service Good luck wow thanks so much narenxp that fix worked great, fast, easy and effective. You rock!!
January 6th, 2012 7:32pm

I tried narenxp's fix and when I download bfe.reg and firewall.reg, it just brings me to a bing.com search page for Windows Registry Editor Version 5.00. This is the page that is coming up in the secure download manager
Free Windows Admin Tool Kit Click here and download it now
January 7th, 2012 9:13pm

Thanks MadHatter01, this method worked perfectly for me, i had Microsoft Firewall and Security Center missing following a malware attack (Win 7 Security 2012) and the registry files made the trick. - Import registry files threw Regedit's menu (File>Import) - Also in Regedit go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc Right click on it-permissions Click on ADD and type Everyone and click ok Now Click on Everyone Below you have permission for users Select full control and click ok This step was necessary for me to get the Microsoft Firewall service (You still have to manually start it threw services.msc).
January 9th, 2012 8:05am

The Technet page actually says to give permission to NT SERVICE\BFE on the Policy subkey. This seems to be the case when compared with my working Windows 7 box. Either way seems to work, though.
Free Windows Admin Tool Kit Click here and download it now
January 10th, 2012 3:57pm

i discovered a few days ago i was also having same issues. Started with sharing a network printer and that didnt work. then i went to start network discovery and every time i tunred it on it did not save the settings, it will reopen as OFF. Also no windows firewall or base filtering in the services panel. then onto to the registry and under services (as stated above) the BFE and MpsSvc had all default values. So i exported these 2 reg entries from my daughters PC which looked totally healthy n imported into mines n that solved all of the issues i was having. im running W7 ultimate w/SP1 64 bit, i have both files saved. If some1 tells me how to upload them to a site i will gladly try to help. I just kept reading on all searches i did that the OS must match or your pc wont boot. so is import at ur own risk GL
January 13th, 2012 9:39pm

First and foremost I am shocked that these anti-virus programs and microsoft doesn't have easy fix for this awful virus that removes windows firewall. I think it removes it or hides it- don't know what it does though. My windows firewall was also damaged by that 2012 virus in December. Even if I didn't allow the virus to download it still was able to take over all my programs by not allowing me access. I was "supposed" to be protected by Mcafee but it did not do its job it seems. I ran a scan and it quarantined the virus. It still didn't allow me to have access to my control panel. So I downloaded malwarebytes and it found some stuff in my registry and removed it. I am clear of the virus but my windows security seems to be gone. I went hours on end trying to figure out how to get it fixed. Microsoft fixes didn't do anything. I downloaded so much stuff from microsoft even Imagerepair which in the end says I have to pay to fix anything. Even to unistall Imagerepair was a pain. I even removed Mcafee and installed Microsoft Security Essentials thinking it would fix it. Now I followed your directions to install those registry keys. Does that mean my old onews were removed by the virus? i want to know what that virus did? It looks like I am not the only one and we are not getting answers about this virus. I got stuck at the following step: Now,open RUN and type services.msc and click ok start base filtering engine service and then windows firewall service I can't see anything that says base filtering engine?? Thanks!
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2012 3:39pm

I agree with you, everything i tried from MS did not fixed the issue. it appears that what ever virusi might of picked up it destroyed/wiped out the entries for the services BFE and MpsSvc in the registry. My entries had no values whatsoever. Once i imported form other PC they looked normal again.
January 16th, 2012 5:54pm

I have seen about 12 machines in the shop so far with permutations around this crapware its hard to block given it blocks everything makes it a nightmare for the average user once you have cleaned it up boot your windows dvd and select repair Windows MVP 2010-11, XP, Vista, 7. Expanding into Windows Server 2008 R2, SQL Server, SharePoint, Cloud, Virtualization etc. etc. Hardcore Games, Legendary is the only Way to Play Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
Free Windows Admin Tool Kit Click here and download it now
January 16th, 2012 6:20pm

Man you are awesome, fabulous, simply gr8.......i was struggling for this like hell, nobody had a simple and proper solution, but u made it man...thanks a ton.....apna HINDUSTAN ZINDABAD....THANKS A TON once again. Take Care. Sahil
January 18th, 2012 3:23pm

Windows 7 Antivirus 2012 is not Windows Firewall, of course. This is the fake information presented by this malware. Have you tried using Malwarebytes Anti-Malware to remove it? I think this anti-virus really protects PCs quite well. Moreover, it is free to remove the threats, unlike many other security applications. Another free program you might consider is called Superantispyware. You may delete Win 7 Antivirus 2012 for free with its help too. But yo need to be careful - the virus would not let you do it. It would block your attempts to run anti-virus program. In order to execute it there is a good trick for you to apply - try launching the remover with Adminstrator's rights as described here - http://www.deletevirus.net/win-7-antivirus-2012-scam-uninstall-tricks/ Then, of course, make sure to install Microsoft Security Essentials to prevent further damage and infection on your computer.
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2012 9:32am

Thank you! This worked for me.
January 19th, 2012 8:25pm

Naren, I did your fix and even looked further down the page and found the BFE fix for x64 bit win 7. the BFE works fine, but my firewall still won't turn on. When I try to start it on services.msc it says "Error 1068: The dependency service or group failed to start." Can you help me resolve this issue? I have looked at all the other posts and tried giving the permissions as stated further down. Also, as a side note, on services windows defender has started but also states in the description area <Failed to Read the description. Error Code: 1168> I don't know if that has something to do with my situation or anything.
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 7:10am

Thanks so much this fixed my problem perfectly!
January 24th, 2012 10:31am

I too Received this virus, Was able to get everything back except the action center icon is disabled where you turn on system icons, no way to turn it on. Any one have that too on Windows 7?
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2012 2:19pm

one way to fix the setup, works most of the time boot your Windows 7 DVD and select repair Windows MVP 2010-11, XP, Vista, 7. Expanding into Windows Server 2008 R2, SQL Server, SharePoint, Cloud, Virtualization etc. etc. Hardcore Games, Legendary is the only Way to Play Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
January 28th, 2012 2:35pm

Hey, I'm having a difficult time going through the process of downloading those two registries when i download them they do of course want to open as notepad, however I'm not sure how to rename them. after that I'm not even sure how to launch the registry file
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2012 10:56pm

Right click on the files Select OPEN WITH Click on BROWSE Navigate to C:/WINDOWS select the file called REGEDIT and click ok You should get a UAC prompt now Good luck
January 29th, 2012 10:49am

@wardamn Sorry for late reply You may be still infected by by zero access rootkit If you're sure that your PC is clean Uninstall your antivirus and try to start it If that doesnt work Go to RUN and type regedit and click ok Now navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpsdrv Do you find this key? If yes Go to RUN and type devmgmt.msc and click ok Now On top,click on VIEW--Show hidden devices Now expand Non plug and play drivers See if you have Windows firewall authorization driver If you have it -Right click on it-Uninstall Restart your PC and try to start the firewall Good luck
Free Windows Admin Tool Kit Click here and download it now
January 29th, 2012 10:53am

Thx narenxp, I had same problem with the windows firewall cause by zero access rootkit: Couldn't turn firewall on in control panel and in McAfee antivirus, couldn't see the service in services.msc, and I did what u posted and it works perfect now... great ty.
January 30th, 2012 1:54pm

who ever is behind that malware seems to be working overtime to circumvent detection and removal by major commercial security tools. last year I saw dozens of machines all infected with that crap, this year a couple have come in with a new version of the same crap Windows MVP 2010-11, XP, Vista, 7. Expanding into Windows Server 2008 R2, SQL Server, SharePoint, Cloud, Virtualization etc. etc. Hardcore Games, Legendary is the only Way to Play Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2012 4:08pm

Awesome info. I've been trapped for 10 days now. This fix worked after I downloaded and imported the registry files and restarted. Thanks a bunch!
February 1st, 2012 7:51pm

Thankyou! I had this issue for a while and decided to look into it, I found this and followed it precisely - it fixed the problem with the firewall, exellent.
Free Windows Admin Tool Kit Click here and download it now
February 3rd, 2012 7:39pm

I have followed this thread to resolve the issue with the firewall. I am running Vista, but the issue is exactly the same. I have not seen a similar solution for Vista. Will the download and inclusion of the two registry updates work on Vista?
February 3rd, 2012 11:10pm

boot your DVD and select repair, all documents etc will remain Windows MVP 2010-11, XP, Vista, 7. Expanding into Windows Server 2008 R2, SQL Server, SharePoint, Cloud, Virtualization etc. etc. Hardcore Games, Legendary is the only Way to Play Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2012 7:37am

I have followed this thread to resolve the issue with the firewall. I am running Vista, but the issue is exactly the same. I have not seen a similar solution for Vista. Will the download and inclusion of the two registry updates work on Vista? Yes they work on Vista & WIN7. But I have found that you do not need the registry edits (tweaks) for permissions to everyone. YMMVMaurice Naggar ~ MVP (Oct 2002 - Sept 2010)
February 4th, 2012 9:30am

I am yet one more happy customer of the thread. The download and incorporation of the reg files has solved all the issues, ..... bfe, firewall, security center, defender, and network discovery. Thanks to all who participate and assist with helping all of us resolve these issues! Ed
Free Windows Admin Tool Kit Click here and download it now
February 4th, 2012 3:50pm

Thank you very much Naren. Really appreciate the detailed steps and resolution. This fixed the issues that I was having. Regards, Parag
February 4th, 2012 9:15pm

Thank you so much this worked for me :) :)
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2012 3:07pm

I had a similar problem with my windows firewall not showing in the Services.msc. I tried and tried to "use recomended settings" and got the error stated above. I followed your procedure here and IT WORKED!!!! Thank you so much! I know it was Win 7 Antivirus 2012 as this wasn't a problem until after I removed that blasted infection. Thank you so much for taking the time to post that!
February 14th, 2012 5:56pm

Finally, I found a solution that worked for me. Thank You nanrenXP. This was exactly what ended up working for me. Needed those 2 reg files and I was able to get it all worked out after that.
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2012 10:20am

I did all that, it got base filtering agent back on the list of services, but, it still won't start. I get error 183 when I try to start it. I think the file bfe.dll was corrupted by the virus. I have another copy from another computer but cann't replace it because it says I don't have permission. Help
March 7th, 2012 3:15pm

Thanks so much. It is work for me.
Free Windows Admin Tool Kit Click here and download it now
March 28th, 2012 9:34am

Downloading .reg files and then restarting the mcahine after importing the registry keys worked. Thanks.
April 28th, 2012 8:41pm

Well all of the above got all of the services running again (BFE, Firewall, Security Center, Defender), but I am back to the original problem, where Network and Sharing Center is stuck at showing: "Identifying.... Network" I can click on the NW icon and see all of the WorkGroup PCs but NO Internet. This is a Vista 32Bit Home Prem. Version Tom
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2012 10:57pm

I suggest after fixing the registry to download Microsoft Security Essentials. I link to that and other tools on my IT site home page. Windows MVP 2011-12, XP, Vista, 7. Expanding into Windows Server 2008 R2, SQL Server, SharePoint, Cloud, Virtualization etc. etc. Hardcore Games, Legendary is the only Way to Play Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
May 17th, 2012 7:55pm

for other issues, create a new thread as this one is getting overrun Windows MVP 2011-12, XP, Vista, 7. Expanding into Windows Server 2008 R2, SQL Server, SharePoint, Cloud, Virtualization etc. etc. Hardcore Games, Legendary is the only Way to Play Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
Free Windows Admin Tool Kit Click here and download it now
May 17th, 2012 7:55pm

Thank you a thousand times over for your post. I had been trying to remove this virus and get my firewall back for days. Even my Word Starter had disappeared...nasty virus! I came across this post and figured since I was taking my laptop into the repair guy on Monday, what the heck, I would try it. It worked!!! Thank you so much! I will be ultra careful from now on about clicking on something that says it's a virus scan. You probably saved me $100.
May 20th, 2012 12:04am

just wanted to say thank you for solving my problem too!
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 10:27pm

narenxp, I have tried all of the above and although some of the error codes are not now poping up I still cannot get Windows Firewall to work. This may be a clue to a unique situation. When I try to show dependencies in Services for most items (including BFE which is running and Windows Firewall, which is not running), if not all - haven'e tried all of them, I get an error window with "Win 32: The specified module could not be found". Any ideas as to what I can try next? BTW, this is an OME laptop with preinstalled Windows 7 and I upgraded it to Windows 7 Professional.
May 25th, 2012 10:31pm

do an inplace upgrade with your Windows 7 DVD, simply boot the disk and select the repair option then when windows up back up insert the DVD again and select upgrade (this will retain all files and settings) and it will clean up any damage done by most variants of that crapware Windows MVP 2011-12, XP, Vista, 7. Expanding into Windows Server 2008 R2, SQL Server, SharePoint, Cloud, Virtualization etc. etc. Hardcore Games, Legendary is the only Way to Play Developer | Windows IT | Chess | Economics | Vegan Advocate | PC Reviews
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2012 10:39pm

Download farbar service scanner Checkmark all the boxes,Click on Scan,Please copy and paste the log here. Download minitoolbox Checkmark List last 10 Event Viewer log alone Click on Go and post the result.
May 26th, 2012 11:31pm

What can I say, I just need to thank enormously the guy who wrote this article. A life saver that allows me to do my job! THANK you so much for this article. It works all the way.
Free Windows Admin Tool Kit Click here and download it now
May 30th, 2012 2:02am

I had the same problem on Win7 Ultimate, I think as a result of Zone Alarm prohibitions - no virus. I could not share folders, although I could update. This HELPED LOADS. Thanks
June 8th, 2012 12:38am

Thanks narenxp! I had the same errors but mine was caused by "DVD or CD Sharing for Mac" application which purged my Windows Firewall service. Never doing that again! ---------------- "You can run, but you cannot hide. It will find you!"
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2012 4:59pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics