Did you *ever* have any Norton Anti-Virus installed, and then uninstalled
it?
Tom
You have "Remnants" left from a trial version. You need to do a few
items to fully purge it from the PC.
1.) Check Add/Remove programs for Symantec WMI, Live Update
and Live Reg - If found uninstall
2.) Full system search for string Symantec - likely will return 2 or
more folders, remove all
3.) Device Manager - Non Plug & Play category check for drivers
that begin with the characters Sym----
4.) From the Services Map in the Registry you'll need to find and
remove the SymEvent service and a few others.
5.) Using a tool called RegSeeker, Find and remove all entries in the
Registry using search string
a.) Syman
b.) Norto
This is a 7.0 on the 10 point "Shoot-Yourself-in-the-Foot" PC risk scale.
Best done only if you can image the System partition before starting. I've
done this process 100+ times but it is somewhat risky and tedious.
I made a few omissions on the steps in the previous reply.
For locating the drivers in the Non-Plug and Play category, you
must add a couple of System Environment variables and toggle
a setting in the Device Manager display. You need to add the
following two System level Environment variables
DevMgr_Show_NonPresent_Devices
DeviMgr_Show_Details
and set each one's value = 1
When using Device Manager, Click View and tic/check the
option that says "Show Hidden Devices". Once these steps are
done you'll likely see a number of "Phantom" entries appear.
Phantom entries appear in diminished tone or grayed out. They
are safe to remove from all categories - Except System & Sounds.
Environment Variables are accessible from My Computer, Properties,
System, Advanced (TAB) -button in 3rd sub category.
The Service map is an alphabetical listing in the registry.It is found
at::
HKLM_System\CurrentControlSet\Services
Scrolling down the list you'll most likely find Sym..... entries, such
as SymEvent. You can either set it's "Start" value = 4 (Disabled)
or remove the entire entry.
- On the Risk Scale warning, it's hard to know the skill level of the
poster and the steps to remove Symantec are fairly complicated.
^DevMgr_Show_NonPresent_Devices
DeviMgr_Show_Details
Sounds like you've made good progress, but Symantec is about as
resistant to software death/removal as AOL. That "Worm Protection"
is a relatively new feature. I left/abandoned all Symantec/Norton
software a couple of years ago, so I may be unfamiliar with steps to
get rid of that feature. At this stage you might want to use one of the
"Removal" tools that Symantec provides. Their names vary according
to the product installed (SymNRT, RNIS). Unfortunately, the way
that Norton gets installed it uses a large number of CSLIDs and this
is probably where the remnant is embedded. I would go to Symantec's
support site and do a search for "Removal Tools". Otherwise, I'd have
to do a Remote Assistance onto your machine to check for items that
might have been missed. I wouldn't do a re-install at this point, unless
you've reached your limit with removal work. It seems like you are
close to resolution - but the remaining issue(s) sounds like Symantec's
replacement of Security Center with it's own monitoring tool. (WMI).
Sounds like you've made good progress, but Symantec is about as
resistant to software death/removal as AOL. That "Worm Protection"
is a relatively new feature. I left/abandoned all Symantec/Norton
software a couple of years ago, so I may be unfamiliar with steps to
get rid of that feature. At this stage you might want to use one of the
"Removal" tools that Symantec provides. Their names vary according
to the product installed (SymNRT, RNIS). Unfortunately, the way
that Norton gets installed it uses a large number of CSLIDs and this
is probably where the remnant is embedded. I would go to Symantec's
support site and do a search for "Removal Tools". Otherwise, I'd have
to do a Remote Assistance onto your machine to check for items that
might have been missed. I wouldn't do a re-install at this point, unless
you've reached your limit with removal work. It seems like you are
close to resolution - but the remaining issue(s) sounds like Symantec's
replacement of Security Center with it's own monitoring tool. (WMI).
Based on the website, you can temporarily place the domain in your
"Trusted Zone" which effectively lowers the security so the ActiveX
component should install without prompting. Once you've gotten the
add-in, then remove the site/domain from the Trusted Zone.
IE, Tools, Internet Options, Security, Trusted Sites (Selected), Sites
Button - add domain and uncheck "Require Server Verification...."
(Example: http://*.symantec.com)
Reverse these steps after you've completed the removal process.
Hello again,Based on the website, you can temporarily place the domain in your
"Trusted Zone" which effectively lowers the security so the ActiveX
component should install without prompting. Once you've gotten the
add-in, then remove the site/domain from the Trusted Zone.
IE, Tools, Internet Options, Security, Trusted Sites (Selected), Sites
Button - add domain and uncheck "Require Server Verification...."
(Example: http://*.symantec.com)
Reverse these steps after you've completed the removal process.
Based on the website, you can temporarily place the domain in your
"Trusted Zone" which effectively lowers the security so the ActiveX
component should install without prompting. Once you've gotten the
add-in, then remove the site/domain from the Trusted Zone.
IE, Tools, Internet Options, Security, Trusted Sites (Selected), Sites
Button - add domain and uncheck "Require Server Verification...."
(Example: http://*.symantec.com)
Reverse these steps after you've completed the removal process.
Kenneth said:Hello again,
You're gonna love this...
Using live chat, I eventually got the link from Symantec for
the tool that would "remove all traces."
But, I cannot run the tool because it requires that I
install an ActiveX Control, and (you guessed it) that is
blocked by my firewall though, of course, I have not
firewall running.
Might you have any further thoughts...?
Thanks again,
Hi again,
Right now, I can find only one mention of Symantec in the
Registry. It is at:
HKLM\Software\Microsoft\Security Center\Monitoring\Symantec
AntiVirus.
When I try to delete it, it seems to be gone.
Then, when I re-boot, it is back in the Registry.
Might that be my problem? And if so, how can I permanently
delete it?
Sincere thanks, as before,
Also search your registry for Norton.
Alias said:Reformat and do a clean install.
What a mess you have going on there.
Would really like to have that setup saved.
Good luck and keep us posted.
Hi Kenneth,
Most times when this happens, Norton gives the message that you don't have
the necessary rights, etc to disable or enable. Just another part of their
mess. I would suggest using the Norton uninstaller and start over.
ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SymNRT.exe