• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4095
  • Last Modified:

Anti-virus auto-protection and regedit are disabled !!!

my OS is xp. my PC is affected by virus so i format my HD and install XP with network cable disconnected so as not to affected by virus during the long-time installation. after the xp installation finished, the HD shld be "blank" except the xp system files. so i install the Norton anti-virus first with network disconnected. after the Norton installation, i have to run the Live!update virus definition, all these are OK. the problem is after the Live!update, the Norton will do full system scan and start auto-protection, at this time Norton is disabled, email scan, full system scan and auto-protection all are disabled. when i tried again, even if i click on the Norton icon, it doesnot make any sense. i use the symantec "fixWelth","fixblast",and Macfee "Stinger" scan my full system with network disconnected, some virus "Svchose.exe""welchia" are deleted, but the Norton anti-virus atill doesnot work and the "CPU usage" in "task manager" is 100%, someone says this is due to the duplication of SVchost.exe.Another more important is when i tried to run "regedit", the "regedit" window will close soon automatically before i take any measures. Can some one tell me what virus it is ,how to remove, and how to enable my Norton anti-virus ? thanks a lot!
0
fluuuuu
Asked:
fluuuuu
  • 2
  • 2
  • 2
  • +1
1 Solution
 
chicagoanCommented:
I would start over:
Wipe the drive with the manufacturer's destructive test utility, wdclear or killdisk.
Power cycle the machine.
Boot from the XP CD and do your install.
Create your partitions but leave one  big enough to make a drive image of (5GB or so FAT32 partition)
Connect fromo behind a NAT router, with none of your other LAN machines running - and register - do services packs and all updates. At this point I'd run the baseline security analyzer
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
and once you've got the machine to your liking make a ghost image in the fat 32 partition
now install your AV software and do updates, if that goes well, replace the drive image with the current working image

now start to work on you applications, etc

0
 
fluuuuuAuthor Commented:
so complicated. is this a virus ? is there any removal tools ?
0
 
chicagoanCommented:
You can try one of the online scanners: www.mcafee.com to see what it finds.

0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
CyberQuadCommented:
Scan your PC with the FREE online scan here: http://us.mcafee.com/root/mfs/default.asp?cid=9059
Make a note of the viruses it finds.
Post your virus findings here and I will give you further instructions on how to remove the virus for good and tell you how to protect your system from future infection from viruses.

-Brian
0
 
fluuuuuAuthor Commented:
thanks to all of you. i think i will re-install OS this week. and if it still doesnot work,i come back
0
 
korsuasCommented:
man, dont jump to reintalling so soon - even though it's prb the best solution.

what I did i my case - same problem - I extracted the original svchost.exe from the xp kit.
I booted of a clean diskette, overwritten the bad svchost with the new one extracted fromthe kit.

voila, no more problems:)

that's all you have to do.
if any other system files are believed to be virused, do the same.

easy as 3.14159265...:)

regards,
Adrian Korsuas
0
 
korsuasCommented:
for all of you that handle security q, please keep in mind that there is a default program in windows called: sfc
whis is and does
Microsoft(R) Windows XP Windows File Checker Version 5.1
(C) 1999-2000 Microsoft Corp. All rights reserved

Scans all protected system files and replaces incorrect versions with correct Mi
crosoft versions.

Tested it, but don't know if it's good for smtg. Expecially now that I hace SP2 installed:))
Anyway, just a thought...

rgds,
Adrian Korsuas
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now