某些恶意软件删除了 Windows 防火墙的服务后，如何恢复它？

Question 1

你应该跑恶意软件字节或者SpyBot S&D确保没有其他任何程序（恶意软件/间谍软件/广告软件）干扰您的系统。免费在线扫描集只是为了确保一切都消失可能是个好主意。

一旦您知道系统已清理干净，请打开提升的命令提示符并运行SFC /SCANNOW系统文件检查。完成后，重新启动并查看防火墙服务是否恢复。

如果 SFC 不起作用，你可以尝试这个诊断来自微软。

Answer

你应该跑恶意软件字节或者SpyBot S&D确保没有其他任何程序（恶意软件/间谍软件/广告软件）干扰您的系统。免费在线扫描集只是为了确保一切都消失可能是个好主意。

一旦您知道系统已清理干净，请打开提升的命令提示符并运行SFC /SCANNOW系统文件检查。完成后，重新启动并查看防火墙服务是否恢复。

如果 SFC 不起作用，你可以尝试这个诊断来自微软。

Question 2

方法 1：调用“安装 API InstallHinfSection”函数安装 Windows 防火墙要安装 Windows 防火墙，请按照下列步骤操作：

Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command line, and then press ENTER:
Rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf
Restart Windows,
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER:
Netsh firewall reset
Click Start, click Run, type firewall.cpl, and then press ENTER. In the Windows Firewall dialog box, click On (recommended), and then click OK.

方法 2：将 Windows 防火墙条目添加到注册表重要提示本部分、方法或任务包含一些步骤，告诉您如何修改注册表。但是，如果您错误地修改了注册表，则可能会出现严重问题。因此，请确保仔细遵循以下步骤。为了增加保护，请在修改注册表之前备份注册表。然后，如果出现问题，您可以还原注册表。有关如何备份和还原注册表的详细信息，请单击以下文章编号以查看 Microsoft 知识库中的文章：322756 如何在 Windows 中备份和还原注册表

要将 Windows 防火墙条目添加到注册表，请按照以下步骤操作：

Copy the following text into Notepad, and then save the file as Sharedaccess.reg:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"DependOnGroup"=hex(7):00,00
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
  6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00002cd0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Double-click Sharedaccess.reg to merge the contents of this file into the registry and to create the Windows Firewall entry.
Restart Windows.
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER:
Netsh firewall reset
Click Start, click Run, type firewall.cpl, and then click OK.
Configure the Windows Firewall settings that you want to use.

如果这些方法不起作用，请重新安装 Windows XP SP2。

Answer

方法 1：调用“安装 API InstallHinfSection”函数安装 Windows 防火墙要安装 Windows 防火墙，请按照下列步骤操作：

Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command line, and then press ENTER:
Rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf
Restart Windows,
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER:
Netsh firewall reset
Click Start, click Run, type firewall.cpl, and then press ENTER. In the Windows Firewall dialog box, click On (recommended), and then click OK.

方法 2：将 Windows 防火墙条目添加到注册表重要提示本部分、方法或任务包含一些步骤，告诉您如何修改注册表。但是，如果您错误地修改了注册表，则可能会出现严重问题。因此，请确保仔细遵循以下步骤。为了增加保护，请在修改注册表之前备份注册表。然后，如果出现问题，您可以还原注册表。有关如何备份和还原注册表的详细信息，请单击以下文章编号以查看 Microsoft 知识库中的文章：322756 如何在 Windows 中备份和还原注册表

要将 Windows 防火墙条目添加到注册表，请按照以下步骤操作：

Copy the following text into Notepad, and then save the file as Sharedaccess.reg:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"DependOnGroup"=hex(7):00,00
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
  6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00002cd0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Double-click Sharedaccess.reg to merge the contents of this file into the registry and to create the Windows Firewall entry.
Restart Windows.
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER:
Netsh firewall reset
Click Start, click Run, type firewall.cpl, and then click OK.
Configure the Windows Firewall settings that you want to use.

如果这些方法不起作用，请重新安装 Windows XP SP2。

Question 3

成功删除上述病毒后，如果您发现 Windows 防火墙无法正常工作并出现 800 错误。那么很可能是 BFE、sharedaccess 等依赖项与防火墙服务一起被删除或损坏。

从我信任的可靠来源下载后可以重建服务哔哔电脑。重建服务后，它们可能无法启动并抛出拒绝访问等错误。为此，您应该转到hkey_local_machine\system\currentcontrolset\services\bfe&sharedaccess并为指定用户添加权限。

或者你可以去Windows 7 上防火墙无法启动。

Answer

成功删除上述病毒后，如果您发现 Windows 防火墙无法正常工作并出现 800 错误。那么很可能是 BFE、sharedaccess 等依赖项与防火墙服务一起被删除或损坏。

从我信任的可靠来源下载后可以重建服务哔哔电脑。重建服务后，它们可能无法启动并抛出拒绝访问等错误。为此，您应该转到hkey_local_machine\system\currentcontrolset\services\bfe&sharedaccess并为指定用户添加权限。

或者你可以去Windows 7 上防火墙无法启动。

Question 4

我暂时不会恢复或重新安装。您应该能够运行恶意软件工具，然后根据结果从那里开始。如果返回空，则返回 MS 并寻找防火墙的 .MSC 插件。

您要确保已删除所有内容，也许您只需要删除病毒/恶意代码并恢复防火墙。

Answer

我暂时不会恢复或重新安装。您应该能够运行恶意软件工具，然后根据结果从那里开始。如果返回空，则返回 MS 并寻找防火墙的 .MSC 插件。

您要确保已删除所有内容，也许您只需要删除病毒/恶意代码并恢复防火墙。

某些恶意软件删除了 Windows 防火墙的服务后，如何恢复它？

答案1

答案2

答案3

答案4

相关内容