Norton Uninstalling1. Use the Control Panel > Install/Uninstall Applications applet to remove Norton Antivirus (NAV) (it´s not necessary to remove other applications from the Norton SystemWorks not even LiveUpdate or LiveRegistration). Uninstallation routine by Control Panel is not sufficient enough to remove NAV 2000/2001/2002/2003 (and probably 2004, which I never tested and will not! I have been running Norton's antivirus 4 years and no more!). For some reason that does not remove the program software completely, they recommend the download of a special program (see third step). In any case, it would probably be best to recommend that former NAV users consider uninstalling that software before installing avast! (see sixth step).
2. Boot.
3. Use
RNAV2003 or
this link to download and then remove traces of NAV into your registry: for removing the most fastidious at clearing out the vestiges of the software and sparing users' headaches. Download and run the application. If you have already done the first step, choose 'No' to continue.
4. Boot.
5. Do not remove manually or using another software the Registry keys, it´s not necessary (by now) and may be dangerous. But, if you want and do not fell unconfortable walking through windows registry and deleating the many left behind entries, there is some good registry cleaners available to aid in complete removal of these.
Reg Cleaner is a good one but it is a Shareware (you can run once to do its job). Another links and applications could be found
here at the section
Registry Tools. For Windows 98, I recommend
RegClean.
If you have time, you can read more at this
Windows Registry Guide.
6. Install avast! (answer 'Yes' for the presence of another av, in this case traces of NAV). Starting with version 4.0.172, there is a functionality in avast! Setup to detect and warn the presence of Norton Antivirus installed on the target machine.
7. Boot.
8. You will have to change Registry "corrupted" keys by NAV (especially the following keys):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers
Do you see any Symantec driver listed here? Is the avast! driver listed? If not, you are not protected under DOS (cmd window). I do recommend the freeware
Registrar Lite to browse the Registry. It's a Freeware!
The solution is manually editing these Registry keys (corrupted by Symantec products or RNAV2003: see
rnav_log.txt which is generated by the application):
A Registry key must have this format: string,0,string,0,string,0,...,0,0
But in my case it looks some idiotic program did:
string,
0,0,string,0,string,0,0
You may have to export the key in the file, remove one zero from the first double zeros.
Be sure the strings end with double zeros.
Then import it back and reboot.
You should then see there the record for \<avast directory>\aswMonVd.dll similar to this:
Key name: HKLM\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers
Value name: VDD
Type: REG_MULTI_SZ
Type number: 00000007
Text: \<avast directory>\aswMonVd.dll
There must be the aswMonVD.dll in your avast directory too.
(Note: the first thing avast team thought was that the aswmonds.sys resident drive for DOS was not correctly registered in Windows. This is correct but, at that time, we don´t know the cause. We tried to edit the file C:\Windows\System32\Config.nt that looks like:
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40
device=\<avast directory>\aswmonds.sys
If the user set the last line as a comment: REM device=\<avast directory>\aswmonds.sys
The cmd window will work and DOS programs too (see letters a) and b) above). But, the DOS resident driver wouldn´t be loaded and the computer would not be completely protected against virus. The symptoms of this were:
a) into a cmd window it was forbidden to use DOS programs (16-bits). The user just get the prompt after the command and nothing happens, e.g.:
C:\pkunzip -n *.zip {enter}
C:\
By the way, with the WinZip Command Line 1.1 Beta1 the same effect were noted. This application is the command line version of WinZip 9.0 Beta (
www.winzip.com)
b) the cmd window just not 'change' its name with the command. For example, In
AutoIt 2.64 scripts (the best macro maker for Windows, thanks to Jonathan Bennett), sending a 'Run' command to cmd windows (e.g.: Run, C:\\pkzip.exe -n *.zip or RunWait, %COMSPEC% /C copy c:\\*.zip a:\\,, hide), the cmd window remains with the title C:\Windows\System32\cmd.exe).
The commands (programs) are not executed!9. At last (after the boot), make a eicar.com test (see links
here).
10. For me, this adventure was enough and works. Good luck and pray!