Antispyware updates /symantec Antivirus

[Guest]

With todays antispyware updates (2/10/2006), we noticed that several people
had to remove their Symantec Antivirus through several pages of registry key
removals. Their seems to be many postings on the internet with similar
statements The antispyware apparently thinks that some of the keys under
HKEY_LOCAL_MACHINE\software\intel\landesk\vprotect6 are pws.don stealer. It
seems to be in systems with Symantec antivirus 8.1 and up, and turns off the
Symantec real time protection. You can neither uninstall, or reinstall the
antivirus client without removing several pages of registry keys, takes about
30 minutes. You can then uninstall the Microsoft anti Spyware, and reinstall
the symantec Antivirus.

 

[Guest]

Latest Antispyware definitions (version 5805, 5807) detects Symantec
Antivirus files as PWS.Bancos.A (Password Stealer). Users panic and do
"remove" and now you have exposed system. Because Symantec Antivirus is now
corrupt and will not protect your PC from incoming virus.

 

[Bill Sanderson]

5807 is intended to fix this issue. I believe that it does, and that if you
are seeing this issue still, with 5807 supposedly in place, that the update
is not complete.

I need some confirmation of that, if possible.

Please go to Help, about, and hit the Diagnostics button, and post the line
ending in a pair of numbers separated by a "/"

Are these numbers equal?

--

 

[Guest]

Mine says 160/160.

5807 is intended to fix this issue. I believe that it does, and that if you
are seeing this issue still, with 5807 supposedly in place, that the update
is not complete.

I need some confirmation of that, if possible.

Please go to Help, about, and hit the Diagnostics button, and post the line
ending in a pair of numbers separated by a "/"

Are these numbers equal?

 

[Guest]

Hi,

I am having this problem, ran the MS Anti-Spyware updater which took me from
version 5805 to 5807. I re-ran a deep scan of the system, and it still
reports the same problem.

The Numbers Bill Sanderson asked for are:

Definitions Increment Version: 160/158

Thanks,

Brian Dierks
(e-mail address removed)

 

[Guest]

Mine say "Definitions Increment Version: 160/158"

 

[Guest]

I just forced another update and it now shows
"Definitions Increment Version: 160/160"

If I force another update it goes back to the 160/150. What's up?

 

[Guest]

Bill is correct. It looks like it is truly fixed. There must have been some
glitch in the update mechanism.

I just forced one last update and then ran a deep scan. My Symantec v
10.0.1.100 is still in place this time and was not disrupted.
Here is a portion of the Diagnostics screen.

Definitions Update Date: 2/10/2006 4:52:18 PM
AutoUpdater Enabled: 1
AutoUpdater AutoApply Enabled: 0
Definitions Increment Version: 160/160
Definitions ThreatAuditThreatData: 1355029
Definitions ThreatAuditScanData: 3098970
Definitions DeterminationData: 806390
Software Update Check Date: 2/9/2006 4:49:58 PM
AutoUpdater Software Enabled: 1
TotalThreatsDetected: 0
TotalScansRun: 13
LastScanDate: 2/10/2006 4:57:48 PM

 

[Bill Sanderson]

I'm glad to hear this result-'cause I've got one other which is still
equivocal--160/160, but still a detection.

 

[Guest]

At this point I can not uninstall Norton Corp. I am
left unprotected. Does anybody that has or had the same problem know a work
around to uninstalling Norton Corp? I first need to uninstall before having a
chance of reinstalling Norton Corp. Does anybody know if there is any other
damage done from this false bug?
I just want to get Norton back up at this point, any help?
Thanks SteveR

 

[Bill Sanderson]

Until you see 160/160 the 5807 is not fully in place, and I would ignore
scan results showing the false positive.

--

 

[Bill Sanderson]

We are seeing the difficulties of the beta1 update system in action.

I've posted elsewhere in this group in the last minutes, a post with 4 lines
from Diagnostics.

You need to see 160/160, and the same results for the other three lines in
that post.

I can't give you a sure recipe for getting the definition update process to
work--it's been difficult throughout the beta--but keep trying file, check
for update. If there is an HTTP caching server under your control, ask that
its cache be flushed.


--

 

[Bill Sanderson]

Another Symantec Corporate user has reported that uninstalling using the
original CD to start the process has worked, and that he can then reinstall,
also using code off the CD.

--

 

[Bill Sanderson]

What's up is a pretty common problem with definition updates, and one that
will be fixed when beta2 is released, which will be fairly soon, I believe.

See whether retrying file, check for updates, can get these numbers equal.

If you have a web caching server on your network--for example, Small
Business Server networks may have such a cache as part of ISA
Server--flushing the cache may help.

 

[Guest]

It seems to only remove the registry entries for NAV - returning the system
to a previous restore point (before the dud scan) got NAV working again for
me.

However it doesn't seem to want to update past 160/158.

 

[Guest]

Graeme,
What version of Symantec do you have? I have 8.1.0.825 and tried
to uninstall from cd disk and I still can not remove. I am getting the same
actions as if I were trying to remove it from the control panel add/ remove
programs. It attempts to try and remove and does nothing. Anybody else with
the version 8.1.0.825 Corp verson have any other suggestions? I have a
computer repair guy telling me I may have to scratch the hard drive and start
over! Help please
At this point still trying to uninsall symantac and reinstall.

Thanks
SteveR

 

[Guest]

I was able to simply use the remote client deployment tool with the NAVCorp
10 setup to install to the one machine of ours that was affected...took about
30 seconds. Ran a scan and all seems well.

Can't say for earlier versions but 10.x seems to recover nicely

 

[Guest]

Steve,

I have had troubles with assorted versions of Corporate NAV failing to
uninstall, and have found that a forced uninstall will usually do the trick.
If uninstalling fails from "Add/Remove Programs..." then proceed along this
route:

- Start deleting the files and folders that have been installed by the NAV
install program. Searching your hard disk for "symantec", "nav", and "norton"
should flush out most of these. Exercise care if you have other Symantec
products installed on the machine, as files and folders can be shared across
products.

- Clean up the Registry with the WinDoctor portion of Symantec's SystemWorks
package. Don't install the product, but run just WinDoctor directly from the
CD. This will help remove registry entries related to NAV.

- If you find that there are parts of NAV that you cannot remove because
they are still in use (the process is still running under Windows) then you
will need to try shutting down the process from within Windows, modifying
it's startup parameters using Windows XP's Recovery Console (You will need
your Windows XP CD to boot from to run the Recovery Console.). Or, you may
also have some luck using a process explorer tool such as Process Explorer
from Sysinternals (www.sysinternals.com) to shut down the process.

- Then, remove any other files and folders related to the Corporate NAV and
re-run WinDoctor to clean up the Registry.

I have had good luck with this to fix problems with Corporate NAV installs.
It is a bit brutal, but if done carefully seems to work. You might also want
to take a look at the Symantec Knowlegebase on Symantec's website. It is
pretty good, but sometimes requires repeated searches with different keywords
to find what you are looking for.

Best of luck.

Brian

 

[Guest]

Mine is 160/160

5807 is intended to fix this issue. I believe that it does, and that if you
are seeing this issue still, with 5807 supposedly in place, that the update
is not complete.

I need some confirmation of that, if possible.

Please go to Help, about, and hit the Diagnostics button, and post the line
ending in a pair of numbers separated by a "/"

Are these numbers equal?

 

[Bill Sanderson]

The stickiness on updating can be very hard to solve--we have no perfect
fix, nor even, as far as I'm concerned, a perfect model of what is going
wrong.

Let me see if I can find the manual update instructions--that kind of
desperation is probably appropriate now:

Here's a post from plun from June, 2005:

Well thats old news..................
----
Right click on MSAS icon within systray and choose shutdown.

Right click and "Save target as..."
http://download.spynet.com/ASDefinitions/gcDeterminationData.gcd

http://download.spynet.com/ASDefinitions/gcThreatAuditScanData.gcd

http://download.spynet.com/ASDefinitions/gcThreatAuditThreatData.gcd

Copy/paste these files to Program files/Microsoft Antispyware

Restart MSAS and "check for updates"