I am running Windows 2003 R2 and had the box compromised by a virus. Symantec cleaned it all up I think, but I keep getting reinfections. After investigating the windows firewall, it had been disabled. Further, it appears that a group policy or something has been applied to it that I can't edit. When I open the firewall admin, I see an entry in the exceptions: 2941:TCP is allowed from all IPs. The problem is, I cannot edit it, it's grayed out. Also, explorer.exe has been added to the list and is also grayed out (that might have been there before though, I'm not sure). No other port exceptions are grayed out. In the exception config box, all entries do say group policy = no and when I run "netsh firewall show state" it says "Group policy version = none". Also, when I run gpedit.msc and go to Admin templates -> ... -> Windows Firewall, it indicates "Not configured" for every entry. So, can anybody tell me how I can remove this port exception from my firewall configuration? I'm pretty much baffled at this point. These servers are not on a domain, by the way, they are stand-alone boxes, if that's relevant to your answers. Thanks a bunch in advance for your help.

http://www.nnseek.com/e/microsoft.p... You may be able to deny it in network adapter advanced settings. The real issue is the problem in the first place. You are running it in either an unsecured manner or without any best practices. I think I'd consider a system wide sweep and reload all OS's and set to a much more hardened state. I read it wrong and answer it wrong too. So get off my case you goober.

Most modern viruses attack security software first. That is to say, they will shut down any firewall and antivirus software they find. The one you have sounds like it's part virus and part trojan. There are several online antivirus scanners you could try using to remove the virus. Once you've cleaned your system, your best bet would be to restore the most recent backup you have prior to the attack. You would of course want to restore the "System State".