Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

Anti-virus auto-protection and regedit are disabled !!!

Posted on 2004-03-21
7
Medium Priority
?
4,093 Views
Last Modified: 2007-12-19
my OS is xp. my PC is affected by virus so i format my HD and install XP with network cable disconnected so as not to affected by virus during the long-time installation. after the xp installation finished, the HD shld be "blank" except the xp system files. so i install the Norton anti-virus first with network disconnected. after the Norton installation, i have to run the Live!update virus definition, all these are OK. the problem is after the Live!update, the Norton will do full system scan and start auto-protection, at this time Norton is disabled, email scan, full system scan and auto-protection all are disabled. when i tried again, even if i click on the Norton icon, it doesnot make any sense. i use the symantec "fixWelth","fixblast",and Macfee "Stinger" scan my full system with network disconnected, some virus "Svchose.exe""welchia" are deleted, but the Norton anti-virus atill doesnot work and the "CPU usage" in "task manager" is 100%, someone says this is due to the duplication of SVchost.exe.Another more important is when i tried to run "regedit", the "regedit" window will close soon automatically before i take any measures. Can some one tell me what virus it is ,how to remove, and how to enable my Norton anti-virus ? thanks a lot!
0
Comment
Question by:fluuuuu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 18

Expert Comment

by:chicagoan
ID: 10648393
I would start over:
Wipe the drive with the manufacturer's destructive test utility, wdclear or killdisk.
Power cycle the machine.
Boot from the XP CD and do your install.
Create your partitions but leave one  big enough to make a drive image of (5GB or so FAT32 partition)
Connect fromo behind a NAT router, with none of your other LAN machines running - and register - do services packs and all updates. At this point I'd run the baseline security analyzer
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
and once you've got the machine to your liking make a ghost image in the fat 32 partition
now install your AV software and do updates, if that goes well, replace the drive image with the current working image

now start to work on you applications, etc

0
 

Author Comment

by:fluuuuu
ID: 10655480
so complicated. is this a virus ? is there any removal tools ?
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 10656280
You can try one of the online scanners: www.mcafee.com to see what it finds.

0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Expert Comment

by:CyberQuad
ID: 10660350
Scan your PC with the FREE online scan here: http://us.mcafee.com/root/mfs/default.asp?cid=9059
Make a note of the viruses it finds.
Post your virus findings here and I will give you further instructions on how to remove the virus for good and tell you how to protect your system from future infection from viruses.

-Brian
0
 

Author Comment

by:fluuuuu
ID: 10667180
thanks to all of you. i think i will re-install OS this week. and if it still doesnot work,i come back
0
 

Accepted Solution

by:
korsuas earned 120 total points
ID: 10800286
man, dont jump to reintalling so soon - even though it's prb the best solution.

what I did i my case - same problem - I extracted the original svchost.exe from the xp kit.
I booted of a clean diskette, overwritten the bad svchost with the new one extracted fromthe kit.

voila, no more problems:)

that's all you have to do.
if any other system files are believed to be virused, do the same.

easy as 3.14159265...:)

regards,
Adrian Korsuas
0
 

Expert Comment

by:korsuas
ID: 10812475
for all of you that handle security q, please keep in mind that there is a default program in windows called: sfc
whis is and does
Microsoft(R) Windows XP Windows File Checker Version 5.1
(C) 1999-2000 Microsoft Corp. All rights reserved

Scans all protected system files and replaces incorrect versions with correct Mi
crosoft versions.

Tested it, but don't know if it's good for smtg. Expecially now that I hace SP2 installed:))
Anyway, just a thought...

rgds,
Adrian Korsuas
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

647 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question