-1

I installed some app that hacked my computer and I cleared this app but this app block google ip on my windows firewall but I cannot find the rule that blocked google on my machine I don't want to do a format I just want to find where is the ip is blocked or even allow the ip again 

netsh advfirewall reset

I notice that the virus requests netsh.exe while executed

That's not duplicated question I have no virus issue now , there is only a certain ip cannot be unblocked unless I do a format that's emans my firewall block it some where

Zumo de Vidrio
  • 330
  • 2
  • 14
Raelpaul
  • 9
  • 1
  • 5

2 Answers2

1

After long analysis Problem is located The Bad file is applying netsh rules with special policy using netsh advfirewall reset will not help it will leave the policy as it is with the same values filters so by deleting the policy issue solved , the other answer is considered as wrong answer that's why I posted my correct answer to help others , its not malware nor spyware or any thing else ..

simply I opened CMD as administrator and delete netsh rules eg.

netsh ipsec static delete rule ...
Raelpaul
  • 9
  • 1
  • 5
0

No method of removing any virus is ever 100% guaranteed.
You computer can not be trusted anymore, unless you do a full format and re-install from scratch.

Having said that, try these steps:

  1. Disable the Windows firewall. If it is still blocked it isn't caused by the firewall.
  2. Remove the file called "hosts" in c:\windows\system32\drivers\etc
  3. If that also doesn't bring a solution there is still malware left on your computer. Go back to my initial statement at the top.
Tonny
  • 29,601
  • 7
  • 52
  • 84
  • 2.... or check it contains only default data &/or data entered by yourself manually. – Tetsujin Jan 04 '17 at 13:54
  • 1
    @Tetsujin The default data is actually nothing (the localhost entry isn't actually used by Windows but handled in the internal name-resolver). If the poster is savvy enough to have hand-editted the hosts file I presume he can also tell the difference between his own edits and any extras that shouldn't be there. – Tonny Jan 04 '17 at 14:04
  • Ah, OK. Sorry, I'm used to Mac, which has some basic defaults. – Tetsujin Jan 04 '17 at 14:14
  • I used process hacker to identify if there is remote control on my pc and seems my pc is pretty clean , I did place that virus on other pc for test and its doing the same thing when it runs it called `netsh` and the ip that I am trying to unblock get blocked immediately.. it isn't malware or kinda infection there must be something deeper with the firewall – Raelpaul Jan 04 '17 at 14:18
  • 1
    @Raelpaul "I did place that virus on other pc for test" now you have two broken machines ... – DavidPostill Jan 04 '17 at 14:22
  • @DavidPostill yeah this is only for analysis purpose I just want to track down the block method :) – Raelpaul Jan 04 '17 at 14:25
  • @Realpaul host-file, Windows firewall, additional extra firewall installed by virus, name-resolver hijack by virus, traffic interceptor in tcp/ip stack or in the NDIS layer installed by the virus.... There are probably a dozen more methods I can't immediately remember. Most viri usually use multiple methods, with various levels of difficulty to detect and even more difficult to remove. – Tonny Jan 04 '17 at 14:30
  • @Tonny Your answer is totally wrong nothing should be done with hosts files I have found the real firewall rules and posted correct answer for certain issue – Raelpaul Jan 05 '17 at 05:39