Uninstall Symantec LiveUpdate.. proclaimed spyware

[lurker]

I thought I completed removal of Norton AV and Symantec Live Update.

Here is what I found in my event log...

Event Type: Warning
Event Source: WinDefend
Event Category: None
Event ID: 3004
Date: 6/17/2006
Time: 7:08:44 AM
User: N/A
Computer: QUEENIE
Description:
Windows Defender Real-Time Protection agent has detected spyware or
other potentially unwanted software.
For more information please see the following:
http://www.microsoft.com
Scan ID: {E9DE0FB9-677D-4D40-BE9C-C1AC67DBA477}
User: QUEENIE\titianlady
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found:
regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\LiveUpdate
Install;runonce:HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\LiveUpdate
Install;file:e:\temp\Uninstaa.exe
Alert Type: Unknown
Detection Type:


I guess that means that my re-boot did not run the required Uninstaa.exe

Is that correct?

 

[Guest]

http://basconotw.mvps.org/SymRem.htm

http://searchg.symantec.com/search?...US&proxystylesheet=symc_en_US&site=symc_en_US

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

 

[lurker]

Wow,
Talk about a shotgun approach.

Thanks for the pointers.

I picked this news group because I am concerned about Windows Defender
treatment of an uninstall process that is legitimate. I have already
been directed to manual removal procedures regarding Symantec with past
issues regarding NAV.

I think this uninstall issue needs to be addressed by Microsoft. This
post is simply my action other than "ignore the issue" and to make
others aware of the exposure.

Since I have my temp folder on a RAM drive, I already know how to
capture uninstall programs and deal with it, but I certainly did not
expect Windows Defender to zap it before I can do my thing. I would
liked to have been warned.

king-daddy

 

[Bill Sanderson MVP]

Since I have my temp folder on a RAM drive, I already know how to capture
uninstall programs and deal with it, but I certainly did not expect
Windows Defender to zap it before I can do my thing. I would liked to have
been warned.

Windows Defender didn't "zap" anything. It simply recorded a warning
message in a log file that an unknown bit of code was found in a location
which would allow it to run on your system.

This seems entirely normal to me--I wouldn't expect Windows Defender to have
this uninstall code in its database of known-good stuff.

Again--no action was taken except to record this log message--I think it is
quite likely that the uninstall proceeded as expected, although I've enough
personal experience with such uninstalls that I realize that this is often
not the case!