?
Solved

Anti-virus auto-protection and regedit are disabled !!!

Posted on 2004-03-21
7
Medium Priority
?
4,092 Views
Last Modified: 2007-12-19
my OS is xp. my PC is affected by virus so i format my HD and install XP with network cable disconnected so as not to affected by virus during the long-time installation. after the xp installation finished, the HD shld be "blank" except the xp system files. so i install the Norton anti-virus first with network disconnected. after the Norton installation, i have to run the Live!update virus definition, all these are OK. the problem is after the Live!update, the Norton will do full system scan and start auto-protection, at this time Norton is disabled, email scan, full system scan and auto-protection all are disabled. when i tried again, even if i click on the Norton icon, it doesnot make any sense. i use the symantec "fixWelth","fixblast",and Macfee "Stinger" scan my full system with network disconnected, some virus "Svchose.exe""welchia" are deleted, but the Norton anti-virus atill doesnot work and the "CPU usage" in "task manager" is 100%, someone says this is due to the duplication of SVchost.exe.Another more important is when i tried to run "regedit", the "regedit" window will close soon automatically before i take any measures. Can some one tell me what virus it is ,how to remove, and how to enable my Norton anti-virus ? thanks a lot!
0
Comment
Question by:fluuuuu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 18

Expert Comment

by:chicagoan
ID: 10648393
I would start over:
Wipe the drive with the manufacturer's destructive test utility, wdclear or killdisk.
Power cycle the machine.
Boot from the XP CD and do your install.
Create your partitions but leave one  big enough to make a drive image of (5GB or so FAT32 partition)
Connect fromo behind a NAT router, with none of your other LAN machines running - and register - do services packs and all updates. At this point I'd run the baseline security analyzer
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
and once you've got the machine to your liking make a ghost image in the fat 32 partition
now install your AV software and do updates, if that goes well, replace the drive image with the current working image

now start to work on you applications, etc

0
 

Author Comment

by:fluuuuu
ID: 10655480
so complicated. is this a virus ? is there any removal tools ?
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 10656280
You can try one of the online scanners: www.mcafee.com to see what it finds.

0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 

Expert Comment

by:CyberQuad
ID: 10660350
Scan your PC with the FREE online scan here: http://us.mcafee.com/root/mfs/default.asp?cid=9059
Make a note of the viruses it finds.
Post your virus findings here and I will give you further instructions on how to remove the virus for good and tell you how to protect your system from future infection from viruses.

-Brian
0
 

Author Comment

by:fluuuuu
ID: 10667180
thanks to all of you. i think i will re-install OS this week. and if it still doesnot work,i come back
0
 

Accepted Solution

by:
korsuas earned 120 total points
ID: 10800286
man, dont jump to reintalling so soon - even though it's prb the best solution.

what I did i my case - same problem - I extracted the original svchost.exe from the xp kit.
I booted of a clean diskette, overwritten the bad svchost with the new one extracted fromthe kit.

voila, no more problems:)

that's all you have to do.
if any other system files are believed to be virused, do the same.

easy as 3.14159265...:)

regards,
Adrian Korsuas
0
 

Expert Comment

by:korsuas
ID: 10812475
for all of you that handle security q, please keep in mind that there is a default program in windows called: sfc
whis is and does
Microsoft(R) Windows XP Windows File Checker Version 5.1
(C) 1999-2000 Microsoft Corp. All rights reserved

Scans all protected system files and replaces incorrect versions with correct Mi
crosoft versions.

Tested it, but don't know if it's good for smtg. Expecially now that I hace SP2 installed:))
Anyway, just a thought...

rgds,
Adrian Korsuas
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question