Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: vettebob2 on August 10, 2006, 10:09:56 PM
-
My computer which is only about 6 months old came with the Norton virus program installed. I uninstalled the thing and even used the programs at their site to rid my computer of all leftover stuff. Unfortunately my Security Center tells me that the Norton firewall is active???? How can this be when there is no software installed. I have looked through the REGISTRY and have noticed that there are 'mentions' of Norton. Soooooooooo, I guess my long winded question is: Is my Security Center indicating that Norton Firewall is active by something still resident in the REGISTRY????
Thanks
RHB
-
:) Hi Vette :
In addition to what you have already done, I would encorage you to use your
computer's "Search > All files and folders", using the search "term" "Symantec"
& later "Norton" and "Delete" everything it finds . You may also want to consider
using a registry cleaner to remove entries there .
-
Was this Norton Internet Security Suite or two independant programs, NAV and Norton Firewall ?
A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=)
-
Thanks for the suggestions.
Yes, it is the Norton Internet Security Suite.
I have used ALL of the "rid" type programs and software that SYMANTIC has to offer. It still shows Norton's firewall installed. When I turn on the Windows firewall my Security Center kinda indicates that I have more than one firewall going?????
At present I have the Windows Firewall NOT ACTIVE and hope that my NETGEAR network router and it's firewall is blocking stuff???
P.S. I even utilized Norton tech support and they too gave me ideas of what to do, but nothing helped.
HP is telling me to crash my system and put in a fresh install !!!!!!!!!!!!!!!!!!!
Cheeze, ain't that a little too aggressive????? There has to be a better fix than that???????????
-
Hello vettebob2:
I too have Norton Internet Security 2006 "pre-installed" on our new computer, and after reading about it being a resource hog, have decided to use Avast. After reading how much trouble you are having uninstalling the program, this scares me.
I have already been to the website and downloaded all the info and bookmarked when it is time to uninstall, but it sounds like you did all this.
We still have 50 some days left, so I'll be watching this thread to see if you succeeded in your removal. I can't imagine putting in a "fresh" install, as HP suggested.
Hope you find a solution....Soon!
Good Luck!
Safe1
-
Surely you still want the Norton firewall as neither your Router or XP's firewall provide outbound protection so I can't see why you are trying to get rid of the firewall when it is the anti-virus element of NIS 2006 that you are trying to get rid of ?
If you can give an example of some of the registry entries you found for Norton ?
If you really want to get rid of the NIS 2006 completely have you tried the add remove programs, is there still and entry for it ?
Good old HP support, I assume they have sent the sledge hammer in the post so you can crack this nut ;D
Also useful as a diagnostic tool - Download HiJackThis.zip (http://www.spywareinfo.com/~merijn/files/hijackthis.zip) - HJT Information HiJackThis Tutorial 1 (http://www.bleepingcomputer.com/forums/tutorial42.html) or HiJackThis Tutorial 2 (http://www.tomcoyote.org/hjt/#introduction) or HiJackThis Tutorial 3 (http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm)
Post the contents of the hijackthis log file here and we can see what may be running on your system from Norton/Symantec.
-
:) Hi all :
At times, the "info" coming from the Windows "Security
Center" is NOT reliable . I thought the Norton Internet
Security Suite ( dislike "Security Suite(s)" ) included an
antiSPYWARE "component" ; is that still on the computer ?
For good & FREE programs, see the info at :
http://members.accessbee.com/mitch/NewbieOldieUpdated.html .
-
I have run the "highjack this" program and copied the file to this message. I did not see how to 'attach' a fileto this message?? I will run a scan of the registry and post those findings on another message. Thanks for the interest and help, everyone,
Just found out I exceeded length of file so will send the log in 2 parts????
Logfile of HijackThis v1.99.1
Scan saved at 1:28:20 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\ShutDownPro\ShutDownPro.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DownLoads\hijackthis\HijackThis.exe
-
here is the second part of the 'high jack' file.
wrong again, exceeded the lenght again. so it will be 3 parts.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: ShutDownPro.lnk = C:\Program Files\ShutDownPro\ShutDownPro.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger
-
hope this 3rd part to high jack will post????
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.12/WinSSWebAgent.CAB
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144021712190
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4331.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
-
Here is what I found when using the 'search' tool in Windows.
When using the SEARCH FUNCTION these folder items were found
First using the word NORTON: Two separate folder items were found and with almost the same identification
NORTON It's location was C:\SWSETUP\SYMIS\US\NAV\External
NORTON C:\SWSETUP\SYMIS\US\NAV\External\Symantec
When using the word SYMANTEC: Two separate folders were found also.
Symantec It's location being C:\SWSETUP\SYMIS\US\External
Symantec location C:\SWSETUP\SYMIS\US\Setup\PControl
Hope these indicate something???
Thanks again for the interest and help.
-
You need fully remove NAV before we can think if these files aren't malware ones or something strange...
1) Remove NAV through Add/Remove programs from Control Panel. Boot.
2) Use Symantec removal tool following the three steps defined in the SymNRT (http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2006031710323113?Open&src=&docid=2005033108162039&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=&seg=) tool info.
3) Boot.
Full SymNRT info:
1. Download and save these three files to the Windows desktop:
a) ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat
b) ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SymNRT.exe
c) ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg
2. Run the three files that you just downloaded
a) On the Windows desktop, double-click the MSIFIX icon.
Click Run.
A black window may appear very briefly.
b) On the Windows desktop, double-click the SymNRT icon.
Click Run.
Click Next.
Click I accept the License Agreement, and click Next.
Type the letters and numbers that you see in the white box, and then click Next.
Click Yes or OK at each prompt.
You may need to click more than once. Your computer may be restarted for you more than once.
You may be asked to repeat some steps after the computer restarts.
c) On the Windows desktop, double-click the SYMMSICLEANUP icon.
Click Run, and then click Yes.
Click OK.
3. Boot.
-
I have run a scan of my registry now and found the following. I realized afterwards though that each 'finding' had addtional info, but hope what i have provided will be a good enough indicator on whether or not it needs to be deleted or not?????
When searching the registry I found the following items:
Using NORTON, the search found the following:
'My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo'
'My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IS CfgWiz
'My Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NAVAPSVC\0000'
'My Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NAVAPSVC\0000'
'My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NAVAPSVC\0000'
When searching the registry Using SYMANTEC, the search found the following:
''My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Automatic LiveUpdate Scheduler'
'My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Automatic LiveUpdate Scheduler'
'My ComputeHKEY_USERS\S-1-5-21-1031135394-873429524-2038709802-1005\Software\SupportSoft\ProviderList\symantec corporation'
-
To not mess with registry, uninstall Norton components and LiveUpdate by Control Panel.
Then follow the instructions I've posted before, the three steps.
For sure, LEGACY drivers are messing your system...
I hate Norton :(
-
:) Hi Vette :
One small note : your Sun Java is 2 Updates behind, which
is a serious security risk as it increases your chances of
getting a "Virtumonde" infection . Best to uninstall it, then
go to www.java.com/en & get their latest ( which should
be "Update 7", although the Sun Java site for unknown
reason said "Update 6" recently .
-
Hey Spiritsongs :o
Sun Java Runtime Environment 5.0 Update 8
their website still says Update 6-i had to get it at the link below
http://www.majorgeeks.com/download4648.html
it's update 8 now-not update 7 ;)
-
:) Hi Doc :
Thanks for the "heads up" on "Update 8" ; will be using
it myself later on AND recommending it on another thread
in that other forum .
-
This note is in response to TECH.
I did what you suggested.
1. There was no NAV to remove. None is listed in the "Add and Remove" programs area.
2. I downloaded the 3 files. The "SymNRT" only ask that I reboot at the end of the process. No steps were asked to be repeated. The "SYMMSICLEANUP" scared me!!! It asked if I wanted to write it into the Registry!!!!!!!! I said yes. And then I rebooted. When I attempted open the control panel something flashed up real fast and said something about 'installing' ????? I could not see what it was installing??? Anyway it was quick and when I got to the Security Setting icon I click on it and it said that the Norton Internet Security firewall was running???? I am just so baffled on how that can be when there is NO Norton products installed on this computer anymore?????
Bob Bray
-
2. I downloaded the 3 files. The "SymNRT" only ask that I reboot at the end of the process. No steps were asked to be repeated.
Ok, it's normal.
The "SYMMSICLEANUP" scared me!!! It asked if I wanted to write it into the Registry!!!!!!!! I said yes. And then I rebooted. When I attempted open the control panel something flashed up real fast and said something about 'installing' ??? I could not see what it was installing ???
No trouble, it's ok and working.
Anyway it was quick and when I got to the Security Setting icon I click on it and it said that the Norton Internet Security firewall was running ???
Well, are you running NIS ? ??? ::)
I am just so baffled on how that can be when there is NO Norton products installed on this computer anymore ???
No Norton? The paradise 8)
-
To Tech
I am baffled by your response????????
My Security Center is still telling me that NIS firewall is active????? That is what I'm saying by There is no Norton products installed BUT SECURITY CENTER IS STILL INDICATING THE FIREWALL IS???
I don't understand???
-
:) Hi Vette :
Like I said in "Reply #6" : "At times, the "info" coming from the Windows 'Security Center' is NOT reliable ". Would
encourage you to read the info at :
www.microsoft.com/windowsxp/using/security/internet/sp2_disablefwalerts.mspx .
AND as important, if not more so, is the info at :
www.microsoft.com/windowsxp/using/security/internet/sp2_wscintro.mspx .
On "page 2" is a diagram showing where you can turn
"Off" those "Settings", which I recommend be done .
-
I am baffled by your response????????
No... you're baffled by Symantec response :P
My Security Center is still telling me that NIS firewall is active????? That is what I'm saying by There is no Norton products installed BUT SECURITY CENTER IS STILL INDICATING THE FIREWALL IS???
If Spiritsongs is right, i.e., if Windows Security Center has a bad detection in this case... it's explained.
If not, you need to fully remove NIS ::)
-
Thanks everyone for trying to assist me in my dilemma.
Just to be clear, NIS program(s) is no where to be found installed anywhere on the harddrive of the computer
BUT....................................
Security Center must think that there is a firewall from Norton still existing???
Out of curiosity I clicked on the Windows Firewall to be active and when I checked the Security Center it comes up with "At least ONE of the firewalls installed on this computer is currently ON" Further on it states: "Note: two or more firewalls running at the same time can conflict with each other". This seems to indicated also that Security Center is detecting a firewall by Norton and thus indicating that when I activate the Windows Firewall I'm running two????
I think WE ALL can believe that I don't have Norton firewall and that if I activate the Windows Firewall I am actually running only one. Don't we??
So I'll try not to hung up about this no longer. I'm stuck with this silly indicator from Security Center.
I'm noticing that most of you would use a firewall other than Windows? I am currently using the "hardware" firewall that comes with the NETGEAR router. Any suggestions that will work with my peculiar situation?
Thanks again
Bob Bray
-
I'm noticing that most of you would use a firewall other than Windows?
Yeah... we want outbound protection and XP one just give us the inbound (and even this, weak...).
I am currently using the "hardware" firewall that comes with the NETGEAR router. Any suggestions that will work with my peculiar situation?
Comodo, Kerio, Jetico or ZoneAlarm (all free) in this order is my suggestion ;)
-
:) Hi Vette :
Momentarily back to your HijackThis log ; based on what
you have told us, the following should be "fixed" :
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
As I mentioned earlier, your Sun Java is several "Updates"
behind & is a serious security risk; should uninstall it, then
go to www.majorgeeks.com/download4648.html to get the
latest .
-
As I mentioned earlier, your Sun Java is several "Updates"
behind & is a serious security risk; should uninstall it, then
go to www.majorgeeks.com/download4648.html to get the
latest .
I have trouble with version 8 update... I had to downgrade to 7...
Installation crashed :'(
-
SpiritSong you said according to my log the following had to be fixed. How? Do What? There were several items you listed from my log, just what am I to do/fix???
By the way I have uninstalled the old Java and installed the new Java.
Also I have gone to several magazine web sites and found the the SYGATE "free" firewall was recommended to try so I am
thanks
-
Fix as in tick the fix box in hijackthis to the left of the entry when you have done a hijackthis scan.
Tutorial - HiJackThis Tutorial 1 (http://www.bleepingcomputer.com/forums/tutorial42.html) or HiJackThis Tutorial 2 (http://www.tomcoyote.org/hjt/#introduction) or HiJackThis Tutorial 3 (http://hometown.aol.co.uk/jrmc137/hjttutorial/tutorial.htm)
I would look again for a firewall, firstly those web sites should have also mentioned that Sygate free is a discontinued firewall, no more development. Secondly there is a flaw in sygate (localhost loop back) in that it can't tel what program is using a localhost proxy, it only detects the proxy and if you give that permission, any program that uses the proxy also gets through. So if you go with sygate you wil need to disable the transparent proxy of web shield and manually configure what browsers you to use the proxy.
There are others, Jetico, Sunbelt Kerio, etc. See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php. Also see http://www.thefreecountry.com/security/firewalls.shtml
-
:) Hi Vette :
The "abandoned" Sygate Personal Firewall, which I still use
AND is still a good firewall ( unless you use a "proxy" ),
can be downloaded from :
www.filehippo.com/download_sygate_personal_firewall/ .
There is an excellent "Setup Guide" at :
www.kotiposti.net/string/SPF_eng/SPFGuide.html .
-
My Security Center is still telling me that NIS firewall is active????? That is what I'm saying by There is no Norton products installed BUT SECURITY CENTER IS STILL INDICATING THE FIREWALL IS???
I found a solution: http://forum.avast.com/index.php?topic=22994.msg189891#msg189891 8)
-
TECH,
Sorry to be so ignorant but I don't have any idea how to disable WMI? I found it under Administrative but saw nothing on how to not have it doing its thing. And then the rest............................
-
Sorry to be so ignorant but I don't have any idea how to disable WMI?
Seems the solution does not work... look at that thread... :-\ :'(
Anyway, to disable WMI: Start Menu > Control Panel > Administrative Tools > Services
There should be buttoms on the toolbar to stop the Service... My Windows is not in English so I can't find the exactly words...
Maybe other user could help here...