Solved

Problem booting - need to edit boot record?

Posted on 2004-10-07
17
4,402 Views
Last Modified: 2013-12-29

I have a friend who uses Win 98.  He downloaded Norton Security 2005 and his computer would not work.  We tried everything to get rid of it.  Booting to safe mode would not let us uninstall.  We disabled it from startup win Msconfig.exe.  We tried booting with confirmation and tried to stop it from starting that way.  Nothing would get rid of this.  Finally out of desperation and 3 hours later, we just decided to delete it from the registry.  Which worked.

Now when he boots up he gets the following messages:

win registry of system.ini files refers to this device file but device no longer exists

C:Programs~1\symantec\symemt.386
C:Programs~1\Norton~2\Norton~1\savrtpel.vxd

We can click enter and the machine will boot into windows, but I want to stop these messages from appearing.

I imagine I have to edit the System.ini file?  But I am not sure, and don't want to break anything, now that it is working perfectly, except for this one problem.

Thanks in advance for your help.
0
Comment
Question by:GDoucette
  • 8
  • 3
  • 3
  • +3
17 Comments
 
LVL 59

Expert Comment

by:LeeTutor
ID: 12249273
You can make a backup copy of System.ini (which is in the Windows directory) by copying it to another directory, and perhaps renaming it (the copy) to System.bak or something similar.  Then click on Start, select Run, type SYSEDIT, click OK, and click on the tab for System.ini.  You should find a line or lines similar to those mentioned in your question. Delete them and reboot.
0
 
LVL 13

Expert Comment

by:gonzal13
ID: 12249756
There is nothing to edit in system.ini related to Norton.

Check config.sys and autoexec.bat

Do this by going to dos through Windows
Type cd.. to go back to the c:\ prompt
type edit edit config.sy  Now nothing will be edited unless you go to file and click on save
To remove an item:   Move the Underscore directly under the first letter in the command line
Type in Caps  REM
go to FILE SAVE and click on SAVE
Choose FILE click on exit
Repeat the proces for autoexec.bat
Whe you finish and have exited, type Exit to get out of the dos mode

gonzal13(Joe)
0
 
LVL 10

Expert Comment

by:For-Soft
ID: 12253047
Run REGEDIT. Search for symemt.386 and savrtpel.vxd. If found, delete it.

It would be good to make a copy of user.dat and system.dat files, before you start.
0
 
LVL 13

Expert Comment

by:gonzal13
ID: 12253225
win registry of system.ini files refers to this device file but device no longer exists

C:Programs~1\symantec\symemt.386
C:Programs~1\Norton~2\Norton~1\savrtpel.vxd
 The statement above is misleading. The reference is in the Registry due to the fact that you most likely did not remove the program through the COntrol Panel  'Install/Uninstall'  Would reinstall the programs and then uninstall them

You can always go through Windows Explorer, windows/system and copy scanreg.exe to a floppy.

Reboot the machine hit f8 rapidly intil the dos screen appears
Chose dos mode
change to a:\
type scanreg /restore and select the registry date befoer the software installation

gonzal13(joe)
0
 
LVL 6

Expert Comment

by:caza13
ID: 12253408
You can use the System Configuration Utility (msconfig) to temporarily disable lines in the system.ini file using the selective startup function.  That way you can figure out which lines are causing the problem without permanantly changing anything.  You can even temporarily disable the entire system.ini file to quickly determine if something in it is causing the problem.
0
 
LVL 38

Accepted Solution

by:
BillDL earned 250 total points
ID: 12254408
I have a strong feeling that there is a typographic error in the name of the .vxd file you have quoted, GDoucette.  I believe the file name should be SYMEVNT.386 rather than SYMEMT.VXD.

In all probability, you will find that the files C:\Program Files\Symantec\ - SYMEVNT1.DLL, SYMEVENT.SYS, and S32EVNT1.DLL and also C:\WINDOWS\SYSTEM\ - SYMEVNT.386 and SYMEVNT1.386 also exist on your computer and may be listed in your registry as "shared dll's" under the following keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs

There MAY probably also be entries relating to "Live Update" in that same key, eg.
 
C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL

Delete these lines in that registry key.

If you also have any ActiveX components sitting in your C:\Windows\Downloaded Program Files folder related to Norton AntiVirus (eg. Symantec AntiVirus Scanner" and Symantec RuFSI Utility Class", then they could well appear as shared dll's in that key.  If you DO have any ActiveX files there, right-click on them and select "Properties", then check what files it lists under the "dependencies" tab.  Take note of them, and then look for them under that same registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs

Delete the ActiveX files and the lines that relate to those named files in the registry key.

SYMEVNT.386 and SYMEVNT1.DLL exist in 2 places on my system:

C:\Windows\system
C:\Program Files\Symantec

The ones in the windows\system folder are the same version and date as the ones in the \program files\symantec folder, so you should delete BOTH copies of each file.

There should also be a registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SYMEVNT

Delete the entire key IF there is an entry in it named "StaticVxD" and the value = "C:\PROGRA~1\SYMANTEC\SYMEVNT.386".

I have very strong doubts that SYMEVNT.386 or SYMEVNT1.DLL will be mentioned in any of your .INI files.

OK, now for the other file you mentioned SAVRTPEL.VXD.

I suggest that you search the registry and will probably find it listed under the:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\
key as "SAVRTPEL" and there will probably also be a "StaticVxD" item showing the value as "C:\PROGRA~1\SYMANTEC\SAVRTPEL.VXD".

IF SO, then delete the "SAVRTPEL" key.

Look under the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs
key for any entries matching "SAVRTPEL.VXD" or "SAVRTPEL.DLL".  Delete any that relate directly.

Look also under C:\Windows\System for duplicate copies of the files that would probably also have been present in the folder C:\Program Files\Symantec.  Delete them.

I can't provide any more precise details than this regarding the SAVRTPEL.VXD file, because I don't have Norton System Works installed, only Norton AntiVirus.

You most likely have a HUGE number of other related files left on your system, and an equal number of redundant entries in the registry also that may or may not cause further error messages.

You MIGHT find that the REGCLEAN Utility could weed them out:

Info and download links:
http://www.createwindow.com/wininfo/regclean.htm
http://www.createwindow.com/wininfo/ReadMe.htm

It creates an UNDO.REG file that will reverse any changes it makes if you double-click on the .reg file.

There is an alternative Registry Cleaner available, BUT I have NOT tested this:

http://www.vtoy.fi/jv16/RegCleaner.exe

NOTE:  The advice above about restoring the registry to the state it was in BEFORE installing this Norton Suite could save you a LOT of problems:

SCANREG  /RESTORE.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12254418
Just to correct my OWN typo in the first line of my comment:

typographic error in the name of the .vxd file you have quoted, GDoucette.  I believe the file name should be SYMEVNT.386 rather than *** SYMEMT.VXD ***.

should read:

typographic error in the name of the .vxd file you have quoted, GDoucette.  I believe the file name should be SYMEVNT.386 rather than *** SYMEMT.386 ***.

I hope you got what I meant though.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12254654
Incidentally, look in Add/Remove Programs for:

LiveReg (Symantec Corporation)
LiveUpdate (Symantec Corporation)

I have a feeling that these won't allow an uninstall, because components may already have been deleted from the C:\Program Files\Symantec folder, but both of these additional Norton Programs would normally be able to uninstall entirely independently of Norton Antivirus, and they will have created the following folders and registry entries:

C:\Program Files\Common Files\Symantec Shared

containing the sub-folders:

LiveReg
Script Blocking
VirusDefs

delete the entire "Symantec Shared" folder.

C:\WINDOWS\All Users\Application Data\Symantec
with sub-folders

LiveSubscribe
LiveUpdate
Norton AntiVirus

delete the entire "Symantec" folder.

C:\WINDOWS\Application Data\Symantec
C:\WINDOWS\Application Data\Symantec\Shared
C:\WINDOWS\Application Data\Symantec\Shared\Sessions

Delete the entire "Symantec" folder.

Look also in the folder:

C:\WINDOWS\Installer

Right-Click each of the *.msi files in there and select "Properties".  In the "Summary" tab, you will see what program this is the installer for.  The one(s) for Norton System Works will probably be there.  Delete it/them.

Now open REGEDIT again and get rid of the registry keys that point to the "Install Source" and the "Uninstall String".

HKEY_CURRENT_USER\Software\Symantec

As long as you have no other Symantec or Norton products installed (they would be listed in the sub-keys), delete the "Symantec" key.

HKEY_LOCAL_MACHINE\Software\Symantec

You will probably see a sub-key in there named "Symevent" which takes us back to the previous problem.  As long as you have no other Symantec or Norton products installed (they would be listed in the sub-keys), delete the "Symantec" key.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths

Look at the names of the sub-keys and see if any relate directly to the Norton .exe files, eg.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Navw32.exe (Norton AntiVirus)

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\RESCUE32.EXE (Norton Rescue)

If the "Rescue32.exe" key exists, then Norton rescue has been installed and remnants will probably still be in the folder "C:\Program Files\Rescue Disk\" which can be deleted.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

also look for the sub-keys "RunServices" in those keys above.

There MAY still be entries in there for Norton components instructing them to load at startup.  delete the relevant entries from the "Run" or "RunServices" keys but be sure that they DO relate to Norton before doing this.  This is what caza13 was suggesting through use of the MSCONFIG utility in Windows.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall

Go down through each of the sub-keys looking for any that relate to Norton or Symantec.

Some will have {long-numbers} instead of names, but if you click on each in turn, you will see details in the right-hand pane that will tell you whether they are relevant, for instance, Norton AntiVirus 2002 uses the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3075C5C3-0807-4924-AF8F-FF27052C12AE}

It should be quite evident when you have the right one(s) and you can delete that specific sub-key.

IF ytou haven't already been able to uninstall LiveUpdate or LiveReg from the Add/Remove Programs as mentioned earlier, then you may find the following sub-keys to delete:

HKEY_LOCAL_MACHINE\..\..\LiveReg
and
HKEY_LOCAL_MACHINE\..\..\LiveUpdate

The 2nd one may have the version number as part of the name of the sub-key.

The same applies to the Norton Rescue sub-key that can be deleted:

HKEY_LOCAL_MACHINE\..\..\Norton Rescue

That should clean up your system a fair amount, but there will still be a lot of redundant registry entries left like:

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu

HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu

In that same key, ie.

HKEY_CLASSES_ROOT\

You will probably also see a LOT of sub-keys with names that start with "Symantec."  personally I wouldn't risk just deleting ALL of them, but the risk is yours.  Put it this way, what other Symantec programs are left on your computer?

If you know for absolute certain that there are none, then feel free, but doing this incurs risks all round and the entries may do no further harm until you ever format and reinstall.


0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 13

Expert Comment

by:gonzal13
ID: 12255370
Bill:

You are right, if one does not do a complete uninstall it using the Install/uninstall software feature in the control panel for 99 percent of the programs, it will lead to stragglers in the Registry.

With Norton, one must do it with the cd Rom.  At this point the client may be offered to uninstall Norton competely. If not, then to install it and using the cd rom again, uninstall it. Norton knows when the program is installed and then offers to uninstall it. For Norton this is the best measure.

gonzal13(joe)
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12256257
What we have no idea about are the following details:

1. The specs for the computer Norton Internet Security was installed on
2. Does that computer match the minimum specifications
3. Was it installed from a download or from CD
4. If from either of the above, was it a genuine purchase or a copy of someone else's
5. If either mentioned at No. 3, was it a "try before buy" version or upgrade version
6. Was there already a virus on the computer that hindered the installation
7. What exactly is meant by "his computer would not work".

Taking these in order above:

1. and 2. For Windows 98 and 98SE

133MHz or higher processor
96 MB of RAM
200MB Hard Drive Space
800 x 600 video resolution
16-bit color resolution
IE 5.5 or above
Internet connection for product activation.

I don't know whether the installation would detect anything below spec before installing and discontinue, or if it would just cause the computer to "not work".

3. and 6. Installing from CD-Rom or Download.

http://service1.symantec.com/SUPPORT/nip.nsf/docid/2004090714323036
http://service1.symantec.com/SUPPORT/nip.nsf/docid/2004092111320636

Were the recommended procedures followed?

(a) Verify that the computer is virus-free or this could abort or hinder an installation
(b) Uninstall any other antivirus or firewall programs
(c) Stop all running programs using MSCONFIG and then Task List after rebooting
(d) Delete all files in the Windows Temporary folder
(e) Defrag and Scandisk
(f) Start Installation
(g) Pre-Install Scan scans computer for viruses before installation routine (done or aborted?)
(h) Install (was it to default directory or to some other folder?)
(i) Restart Windows (did you at that time, or did you try and configure it first?)
(j) Configuration Wizard should run at reboot (did it?)
(k) Configuration Wizard goes online to activate NISecurity and complete post-installation setup (did it, or did you opt to do so later?)
(l) LiveUpdate attempts to run online (did you let it?)

6. Were you ever notified that the installation had failed, as indicated on this page?

http://service1.symantec.com/SUPPORT/nip.nsf/docid/2004091709115336

Possible reasons for a failed install are the presence of an existing virus.  If the installation failes, you should be informed of this, but prompts asking if you want to try again fail to allow installation.  Subsequent efforts to uninstall may also fail due to the presence of certain files and registry entries.  The above page suggests RENAMING the folders, but I see no reason for doing so when they can just as easily be deleted.

If this has occurred, then delete the following folders:

C:\Program Files\Symantec
C:\Program Files\Common Files\Symantec Shared
C:\Windows\All Users\Application Data\Symantec

and delete all files in the c:\windows\temp folder.

From DOS, you would have to use short filenames and keep the renamed folder to 8 characters, something like this:

c:
cd progra~1
deltree /y symant~1
cd common~1
deltree /y symant~1
cd \
cd windows
cd alluse~1
cd applic~1
deltree /y symant~1
del c:\windows\temp\*.*

There is a .REG file (CCremove.REG) detailed on the above page designed to remove leftover registry entries that can prevent a reinstallation and/or successful uninstallation:

http://service1.symantec.com/SUPPORT/nip.nsf/949e46314f0916a0852565d00073bbfd/2271fb2a2b60de1b88256f120058fa1b/$FILE/ATTD6TR0/CCremove.reg

This file only removes the key:

HKEY_LOCAL_MACHINE\Software\Symantec\SymSetup\RefCounts
and all values

and ensures that the path to C:\Program Files\Common Files\Symantec Shared is set in the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps

It does NOTHING ELSE apart from this, and is primarily intended to allow a reinstallation.

To run the .REG file from Windows, just double-click OR Right-Click > "Merge".

To run from DOS, place the .reg file in the c:\windows folder and then use the following command after changing to that folder:

regedit  /s  ccremove.reg

or, if that doesn't work, try

regedit  /s  ccremo~1.reg

To address a specific point raised by GDoucette in the original question, Norton Internet Security CANNOT be uninstalled from Add/Remove programs in "Safe Mode":
http://service1.symantec.com/SUPPORT/nip.nsf/docid/2004092315151236

All of the details (apart from the preinstallation procedures and post installation procedures) I have discussed in my previous comments describing how to perform a cleanup.

There are quite a few reasons why the installation might have failed, but I suggest that we go no further in providing more explanations until GDoucette decides to return to this question and provide some acknowledgement or feedback.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12256444
Actually, the following might make things easier to do and can be performed from DOS.   It is based ONLY on the details that I can ascertain from my installation of Norton AntiVirus and the details I have verified online.  The .reg file will ignore entries that it does not find.

You will first copy the batch file and .reg file to the c:\windows folder, and then run the batch file.

First create a file named remnis.txt containing the following and copy it to the c:\windows folder:

;----------- start of text to copy (don't include this line) ----------------
REGEDIT4

[-HKEY_CURRENT_USER\Software\Symantec]

[-HKEY_LOCAL_MACHINE\Software\Symantec]

[-HKEY_USERS\.DEFAULT\Software\Symantec]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Navw32.exe]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\RESCUE32.EXE]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Norton Rescue]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SYMTDI]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SYMEVNT]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\SAVRTPEL]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Program Files\\Symantec\\LiveUpdate\\S32LIVE1.DLL"=-
"C:\\Program Files\\Symantec\\LiveUpdate\\S32LUIS1.DLL"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\IraLsClt.dll"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe"=-
"C:\\Program Files\\Common Files\\Symantec Shared\\Sevinst.exe"=-
"C:\\WINDOWS\\SYSTEM\\symdns.vxd"=-
"C:\\WINDOWS\\SYSTEM\\symredrv.vxd"=-
"C:\\WINDOWS\\SYSTEM\\symfw.vxd"=-
"C:\\WINDOWS\\SYSTEM\\symndis.vxd"=-
"C:\\WINDOWS\\SYSTEM\\SymRedir.dll"=-
"C:\\WINDOWS\\SYSTEM\\symtdi.vxd"=-
"C:\\WINDOWS\\SYSTEM\\savrtpel.vxd=-
"C:\\WINDOWS\\SYSTEM\\SYMEVNT.386"=-
"C:\\WINDOWS\\SYSTEM\\SYMEVNT1.DLL"=-
"C:\\WINDOWS\\SYSTEM\\S32EVNT1.DLL"=-
"C:\\WINDOWS\\SYSTEM\\savrtpel.vxd=-
"C:\\WINDOWS\\SYSTEM\\savrtpel.dll=-
"C:\\WINDOWS\\SYSTEM\\Navapgui.dll"=-
"C:\\Program Files\\Symantec\\SYMEVNT.386"=-
"C:\\Program Files\\Symantec\\SYMEVNT1.DLL"=-
"C:\\Program Files\\Symantec\\S32EVNT1.DLL"=-
"C:\\Program Files\\Symantec\\SYMEVENT.SYS"=-
"C:\\Program Files\\Symantec\\savrtpel.vxd=-
"C:\\WINDOWS\\Downloaded Program Files\\SymAData.dll"=-
"C:\\WINDOWS\\Downloaded Program Files\\ActiveData.dll"=-
"C:\\WINDOWS\\Downloaded Program Files\\rufsi.dll"=-
"C:\\WINDOWS\\Downloaded Program Files\\navapi.vxd"=-
"C:\\WINDOWS\\Downloaded Program Files\\navapi32.dll"=-
"C:\\WINDOWS\\Downloaded Program Files\\avsniff.dll"=-
;----------- end of text to copy (don't include this line) ----------------

Now create a file named remnis.BAT containing the following, and copy it to the c:\windows folder:

::----------- start of text to copy (don't include this line) ----------------
@echo off
attrib -h -r -s user.dat
copy user.dat user.old
attrib +h +r +s user.dat
attrib -h -r -s system.dat
copy system.dat system.old
attrib +h +r +s system.dat
if exist c:\progra~1\symant~1\NUL  deltree /y  C:\Progra~1\Symant~1
if exist c:\windows\system\SYM*.* del c:\windows\system\SYM*.*
if exist c:\windows\system\NAV*.* del c:\windows\system\NAV*.*
if exist c:\windows\system\S32EVN*.* del c:\windows\system\S32EVN*.*
if exist c:\windows\system\SAVRTPEL*.* del c:\windows\system\SAVRTPEL*.*
if exist C:\progra~1\common~1\symant~1\NUL deltree /y C:\progra~1\common~1\symant~1
if exist c:\windows\applic~1\symant~1\NUL deltree /y c:\windows\applic~1\symant~1
if exist c:\progra~1\norton~1\NUL deltree /y c:\progra~1\norton~1
if exist c:\progra~1\rescue~1\NUL deltree /y c:\progra~1\rescue~1
del c:\windows\downlo~1\*.*
regedit /s remnis.txt
exit
::----------- end of text to copy (don't include this line) ----------------

From DOS, you can then change directory to c:\windows and run remnis.bat using the command  REMNIS.

ALL registry editing and the use of the deltree command carry risks, but if you are willing to use it, then it will remove a lot of the files and entries created by Norton Internet Security.

If something fails, then boot to DOS and execute the following commands in sequence to restore the registry.

attrib -h -r -s user.dat
ren user.dat user.bak
ren user.old user.dat
attrib +h +r +s user.dat
attrib -h -r -s system.dat
ren system.dat system.bak
ren system.old system.dat
attrib +h +r +s system.dat

OK, that's all I intend to say until we get feedback.
0
 
LVL 5

Author Comment

by:GDoucette
ID: 12258170
Oh my,

I have alot of reading to do.

So this is not my computer so I am not sure exactly what happened prior to install of Norton.  What I was told is that it was working perfectly.  The user went onto the Symantec website downloaded Norton Security and when it was finished he rebooted his computer.

When he rebooted he would get to the desktop and it would stop responding.  If he clicked start nothing would happen.  The only way he could shut down was by Ctrl Alt Del.  No programs were running.

I booted into safe mode, went into msconfig and disabled everything except for Win items, from startup.  Tried rebooting normally would not work.  

Booted with confirmation, told Norton items not to start, still would not work when booted.  

Tried to go into safe mode to uninstall Norton, kept getting error cannot uninstall in safe mode.

Tried everything I could possibly think of, nothing worked.  He was desperate and asked me to format his system, I said I could remove Norton from the registry, so at least he wouldn't loose anything else.

So thats what we did.  Then we were able to boot up.  I ran Trend on the machine, no viruses were found.  I ran Adaware and Spybot and picked up 200+ spyware.  Deleted those.  Deleted a bunch of junk, Kazza, Messenger +, etc. off the machine.

Everything works fine now with the exception of those few lines at startup.  I imagine I didn't delete everything from the regsitry.

I am going over to his house tommorrow and will take your suggestions, will let you know what happened.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12263256
That's some excellent feedback, and thanks.

My comments were really just some ideas that might help you locate settings and entries.

I suspected that this might have been a download and install process.  Sounds to me like your client has possibly "run this program from source" rather than downloaded the file "NIS_Retail.EXE" and used that file to start the installation once offline.

A few immediate possibilities if that was the case:

1. Slow connection aborted the download connection midway through installation leaving debris in temporary internet file folder and memory choked up leaving it unable to do its initial scan for viruses, which includes scanning the memory
2. Presence of existing AntiVirus or Firewall software has aborted or interfered with the installation, with the same results as above
3. Presence of Viruses or Running processes such as the spyware has resulted in the same as 2 above.

It looks as though it has gone further than the stage mentioned on the page http://service1.symantec.com/SUPPORT/nip.nsf/docid/2004091709115336 whereby it would have shown the message "Norton Internet Security 2005 installation has failed. Would you like to try again?".  Had that been the case, then renaming the folder C:\Program Files\Common Files\Symantec Shared and then running the .reg file http://service1.symantec.com/SUPPORT/nip.nsf/949e46314f0916a0852565d00073bbfd/2271fb2a2b60de1b88256f120058fa1b/$FILE/ATTD6TR0/CCremove.reg would have removed the debris and allowed a reinstallation from the downloaded file.  Given my suspicions, however, I believe that "NIS_Retail.EXE" was not even downloaded to the hard drive and a reinstallation would not have been possible anyway.

You have done a lot of cleaning up, and as those 2 error lines are the only problems right now, I think you should be homing right in on the registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SharedDLLs

to look for mentions of those 2 files.

and

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD

to look for sub-keys named after those 2 files.

Regards
Bill






0
 
LVL 5

Author Comment

by:GDoucette
ID: 12278057

Bill your suggestions worked.  I cleaned up the remaining files in the Registry.

Thanks.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12279332
Hey, that IS GREAT NEWS, GDoucette, and thanks.  Some things ARE worth persevering with.

It's a pity that Symantec haven't created a cleanup tool for that application.  They has tools for Norton AntiVirus 2003 and 2004, but as far as I know that was all.  The tools don't work on earlier versions, and where NAV is installed as part of a software "suite", then it only addresses part of the problem.

Are you going to reinstall Norton Internet Security 2005 then?  ;-)
0
 
LVL 5

Author Comment

by:GDoucette
ID: 12286776

He doesn't want to compromise his system, so he doesn't want to reinstall it.  

I did show him some free online virus scanners he can use untill he decides what he wants to do.

Gen
0
 
LVL 38

Expert Comment

by:BillDL
ID: 12288873
You know, I'm still using a 90 day OEM Norton AV 2002 version on this PC.  I know it's cheating, but I've got the uninstall sequence off to a tee now, and I have a batch file that wipes out the residual files and folders, and then a .reg file that reinstates my settings again after a reinstall for another 90 days.  A 10 minute job with 4 reboots is all it takes, and the Intelligent Updater Definition Updates that I download manually are recognised without fail.  Just don't touch that "LiveUpdate" link  :-)

I have found that AVG AntiVirus (free edition - after registration) scans emails thoroughly and hasn't missed one virus yet.  The problem is that the "Resident Shield" ("AutoProtect" in Symantese) does slow down a slower computer quite significantly and can lead to freezes.  A well trained operative will meticulously scan all downloads for viruses, so I tend to suggest leaving it off.  Automated online definition updates are flawless, and I haven't had one mess up yet.

Zone Alarm firewall is well quoted by some quite influential people like Steve Gibson (http://www.grc.com/default.htm) of Gibson Research, and I haven't seen too many problems with it.  I recommend that all online computers be tested with his "Shields Up" page for open ports and other security holes:  https://www.grc.com/x/ne.dll?bh0bkyd2  (if you try that with a firewall running, expect to see probing from IP addresses: 204.1.226.224 to 204.1.226.255  - all owned by grc.com).

My impression is that so many of the vendors of current software all expect that we are running Windows XP, and haven't taken the time to fully test their offerings in Windows 98 which they now see as old-hat.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Several part series to implement Internet Explorer 11 Enterprise Mode
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now