I need some help for my avast! tweak tool

[RejZoR]

I found one thread about Nortons registry entiries that make avast! to work incorrect. there were 3 of them:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers

But i don't know if you need to delete entire key (VirtualDeviceDrivers) or just VDD value inside this key?
Are there any other entries that should be removed?

I'm going to impliment cleaning function for this into my avast! External Control tweak tool,so any help is greatly appreciated

Thx

[igor]

You definitelly shouldn't delete the entire VirtualDeviceDrivers key!
If you mean the keys under this main key... then probably yes. Anyway, better backup first

[RejZoR]

Ok found some more Symantec nasty files.
I would kick Symantecs programmer who created uninstaller for their product Terrible...

[Lisandro]

RejZor, I change this keys every time I uninstall/install avast! again. Because of them - and kubecj + vlk help - I'm here  

If you use RegistrarLite (Registry Editor), you can change the order of the drivers there. Put avast! in the first place and Symantec in the second.

This is a bug of Symantec! NAV puts two groups of zeros in the middle of the key, avoiding any other product to use that key correctly.

If you do not correct them, you won't be able to execute .exe files in a cmd window (DOS under XP) and you won't have a lot of files scanned (.exe, .com...): eicar test will fail  

Ask me whatever you want about this subject!

[RejZoR]

Thx for help Techincal I'll need it even more hehe

I dont quiet understand why first entry (HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers) is like this:
C:\PROGRA~1\Symantec\S32EVNT1.DLL
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll

Why is there so many aswMonVd.dll files and Nortons entry in the beginning? Isn't one instance of aswMonVd.dll enough? and i probably have to remove S32EVNT1.DLL right?

[Lisandro]

How many times I saw the same behavior  
Do not delete the Symantec driver. Do this:
1. Copy one complete entry of avast! and put it in the first line
2. Press enter
3. Let the Symantec driver at the end...

I just can imagine that the Symantec driver block the entry of appended data. avast! try one and another and another... The values were blocked by a double group of zeros at the end of Symantec entry. It's not allowed to an application to block that general key! But Symantec do it!  

[RejZoR]

Well i don't have any Symantec product on my PC anymore. Shouldn't i delete it instead of moving it at the end?

Can it be only like this?

(HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers)
"VDD"="C:\Program Files\Alwil Software\Avast4\aswMonVd.dll"

Oh and my tweak tool doesn't give a f**k about any zeros because it performs all operations on Regedit level (as you see it,not in hex values)

[Lisandro]

If you do not have any Symantec product, delete the driver from there. This is why we can't get rid from NAV so easy...

The Registry "corrupted" keys by NAV are:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers
If the avast! driver was not listed here you would not be protected under DOS (cmd window). The symptoms of this were:

   a) into a cmd window it was forbidden to use DOS programs (16-bits). The user just get the prompt after the command and nothing happens, e.g.:
   C:\pkunzip -n *.zip {enter}
   C:\
   By the way, with the WinZip Command Line the same effect were noted. This application is the command line version of WinZip 9.0 (www.winzip.com)

   b) the cmd window just not 'change' its name with the command. For example, In AutoIt 2.64 scripts (the best macro maker for Windows, thanks to Jonathan Bennett), sending a 'Run' command to cmd windows (e.g.: Run, C:\\pkzip.exe -n *.zip or RunWait, %COMSPEC% /C copy c:\\*.zip a:\\,, hide), the cmd window remains with the title C:\Windows\System32\cmd.exe). The commands (programs) are not executed!

As I said, I do recommend the freeware Registrar Lite to browse the Registry. It's a Freeware!
The solution is manually editing these Registry keys (corrupted by Symantec products or RNAV2003: see rnav_log.txt which is generated by the application):
   A Registry key must have this format: string,0,string,0,string,0,...,0,0
   But in my case it looks some idiotic program did:
   string,0,0,string,0,string,0,0
   You may have to export the key in the file, remove one zero from the first double zeros.
   Be sure the strings end with double zeros.
   Then import it back and reboot.
   You should then see there the record for \<avast directory>\aswMonVd.dll similar to this:
   Key name: HKLM\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers
   Value name: VDD
   Type: REG_MULTI_SZ
   Type number: 00000007
   Text: \<avast directory>\aswMonVd.dll
   There must be the aswMonVD.dll in your avast directory too.

For me, this adventure was enough and works. Good luck and pray!
If you don´t believe me, try eicar test from DOS (cmd window). See either DOS under XP / NAV. Good luck.  

[igor]

C:\PROGRA~1\Symantec\S32EVNT1.DLL
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll

You can safely delete the copies of the aswMonVd.dll item - there should be only one there.