libupd~1.exe

[Guest ellas]

bloody hell still at it

[mark2]

the zipped files like the one you had to unzip and double click yesterday, if you search for startuplist.zip you should find it

[mark2]

Getting there ellas <_>

[mark2]

Thats the one , looks a lot better than it did yesterday, but Ill have tio call it a day for now can't get back till tomorrow evening, but if anyone else can see anything nasty there perhaps they can point it out.

If you go to http://www.spywareinfo.com/articles/hijacked/ if there are any stepswe have missed with the hijacker cleaning.

Can't get back till tomorrow night now bout 6.30

[Guest ellas]

no mark2 loves doing this :D

[mark2]

Also have a look http://www.pacs-portal.co.uk/startup_pages...tartup_full.htm and compare your startuplist programs see if any are listed there as Spyware or virus, and run spybot once more and another A/V scan.

:D should keep you out of mischief :D

Back tomorrow ;)

[mark2]

Very true :D ellas but learning how much I don't know :o

[Guest northamuk]

Shurely this thread is setting a Record which will NEVER get broken!! :o :D

[Randy_Bell]

Shurely this thread is setting a Record which will NEVER get broken!!  :o  :D

Yep this is a marathon thread all right. Once p2ccolo gets NAV reinstalled, up-to-date, and functioning properly: I still recommend he d/l and try TrojanHunter, especially since he was infected by sooooo many trojans. ;)

[mark2]

Found the reason for hijacker coming back

The reason for this is most likely an entry in the run section of the registry. In many cases, it has either been "regedit.exe /s filename" or "\windows\ regedit.exe /s filename". That command will cause regedit to import whatever text is in the file into the registry if it's in the right format, regardless of the filename and extension

we have it here

reg = regedit /s "C:\Documents and Settings\me\reg.reg,

unless that is the back up copy you made of the registry, have another look see if you can change your homepage to what you want now and if it stays

[Guest Clint]

Here is the post for the first link:

© 1995-2003 Symantec Corporation.

All rights reserved.

Legal Notices

Privacy Policy

start over

my product is Norton AntiVirus 2002 for Windows 2000/NT/Me/98/XP change product

Document ID:2002051609330106

Last Modified:12/17/2002

Problems with Symantec software may be caused by a virus infection

Situation:

You encounter at least one of the following problems:

- When you start your Symantec product (such as Norton AntiVirus, Norton SystemWorks, or Norton Internet Security), the program window appears briefly and then disappears

- You cannot complete LiveUpdate successfully

- You cannot install or run Symantec products

- You receive an email message, indicating that you are infected with the W32.Klez virus

- You see "out of memory" error messages

- Your computer stops responding during virus scans

- Your Internet connection is much slower than usual

- Your firewall software detects "Wink???.exe" accessing the Internet

- You see low disk space error messages

- Nmain caused an error in Nmain.exe

- Nmain caused an invalid page fault in Nmain.exe

Solution:

These symptoms are known to occur on computers that are infected by one of the following viruses or worms:

a W32.Klez variant

W32.Bugbear@mm

Follow the steps in each section in the order listed to make sure that your computer is not infected:

W32.Klez variant:

To determine whether your computer is infected with a W32.Klez variant, download and run the W32.Klez removal tool.

NOTE: Carefully review the removal instructions before running the W32.Klez removal tool. An online demonstration on how to download and run the tool is available with audio and without audio.

For detailed information about a particular W32.Klez variant, click the appropriate write-up:

W32.Klez.H@mm

W32.Klez.gen@mm

W32.Klez.E@mm

W32.Klez.D@mm

W32.Klez.A@mm

W32.Bugbear@mm

To determine whether your computer is infected with W32.Bugbear@mm, follow the removal instructions in the W32.Bugbear@mm write-up. After the worm is removed, run LiveUpdate to download the latest virus definitions and scan the computer.

If the removal tool does not detect a virus infection, then the problems that you are encountering are not likely the result of a virus infection. To continue searching the knowledge base for a solution to your problem, click the KNOWLEDGE BASE link at the bottom of this page. Select your product and version, and then click Continue. On the "search the knowledge base" page follow the instructions to enter your search criteria, and then click search.

Please rate the quality of this document:

low high

1

2

3

4

5

Is this document well written and easy to use?

Submit specific suggestions to improve the quality of this document.

Product(s): Norton AntiVirus 2000, Norton AntiVirus 2001, Norton AntiVirus 2001 Professional Edition, Norton AntiVirus 2002, Norton AntiVirus 2002 Professional Edition, Norton AntiVirus 2003, Norton AntiVirus 2003 Professional Edition

Operating System(s): Windows 95, Windows NT 4.0, Windows 98, Windows 2000, Windows Me, Windows 95B, Windows 98 SE, Windows XP Home Edition, Windows XP Professional Edition

Date Created: 05/16/2002

BULLETINS | KNOWLEDGE BASE | SPAMWATCH | DOWNLOADS

TUTORIALS | REGISTER | SUPPORT POLICY | CONTACT

[Guest Clint]

Here is the post for the second link:

© 1995-2003 Symantec Corporation.

All rights reserved.

Legal Notices

Privacy Policy

start over

my product is Norton AntiVirus 2002 for Windows 2000/NT/Me/98/XP change product

Document ID:2001092513534506

Last Modified:12/11/2002

Error: "The System Administrator has set policies to prevent this installation" when installing Norton AntiVirus 2002

Situation:

When you start the installation for Norton AntiVirus (NAV) 2002, you see the error message "The System Administrator has set policies to prevent this installation."

Solution:

This error message can have different causes. It can occur under Windows NT/2000/XP if you are not logged on as administrator. It can also be caused by a corrupted installation or a partial uninstallation of a previous version of NAV.

If you are running Windows NT/2000/XP, then verify that you are logged on as administrator. If you are not, then log on as administrator, and then reinstall NAV.

To fix a corrupted or partial installation, follow these instructions to uninstall NAV, run the Rnav.exe removal utility to remove all previous versions of NAV, delete the NAV program folder and the virus definitions folder, and then reinstall NAV.

To uninstall NAV by using the Rnav.exe or SymClean removal utility:

1. In the document How to uninstall Norton AntiVirus, follow the steps in the To uninstall NAV from the Control Panel section, then follow the steps in the To uninstall NAV using the Rnav.exe removal utility section.

2. If NAV was installed as part of NSW, then follow the instructions in the document How to uninstall Norton SystemWorks 2002 to uninstall NSW, and then follow the instructions in the document How to use the Norton SystemWorks cleanup utility (SymClean) to run the NSW removal utility.

3. After NSW has been removed, run the Rnav.exe removal utility to make sure that all of NAV has been removed.

4. Restart the computer.

To delete the NAV and virus definitions folders and the virus definitions registry entries:

1. Restart the computer.

2. Open Windows Explorer.

3. Delete the following folders:

For Windows 98/Me/2000/XP:

C:\Program Files\Common Files\Symantec Shared\VirusDefs folder

C:\Program Files\Norton AntiVirus

NOTE: If NAV is installed to a different folder, then delete that folder instead. If NAV is installed as part of NSW, then delete the C:\Program Files\Norton SystemWorks folder.

For Windows NT:

C:\Program Files\Common Files\Symantec Shared\VirusDefs folder

C:\Program Files\NAVNT

NOTE: If NAV is installed to a different folder, then delete that folder instead. If NAV is installed as part of NSW, then delete the C:\Program Files\Norton SystemWorks folder.

4. Exit Windows Explorer.

5. Edit the registry to remove the SharedDefs key according to the following instructions:

CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Modify only the keys that are specified. See the document How to back up the Windows registry before you proceed.

6. Click Start, and then click Run. The Run dialog box appears.

7. Type regedit and then click OK. The Registry Editor opens.

8. Delete the following key:

HKEY_LOCAL_MACHINE\Software\Symantec\SharedDefs

9. Exit the Registry Editor, and then restart the computer.

To reinstall NAV:

1. To reinstall NAV, follow the instructions in the document that applies to your version of NAV:

If only NAV was installed:

How to install Norton AntiVirus 2002 from the CD

How to install a copy of Norton AntiVirus that was downloaded from Digital River

If NAV was installed as a part of NSW, then see the document How to install Norton SystemWorks 2002.

2. Follow the prompts during the installation.

3. Restart the computer when prompted.

If this process does not fix the problem, then you will need to edit the registry and remove a key that was left by the M****soft Windows Installer. Follow these steps to remove the registry key:

CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Modify only the keys that are specified. See the document How to back up the Windows registry before you proceed.

1. Click Start, and then click Run. The Run dialog box appears.

2. Type regedit and then click OK. The Registry Editor opens.

3. Click the Edit menu, and then click Find. The Find dialog box appears.

4. In the Find What box, type or copy and paste the following:

3C5C570370804294FAF8FF7250C221EA

NOTE: These are zeroes, not capital O's.

5. Click Find Next.

6. Click the 3C5C570370804294FAF8FF7250C221EA key.

7. Press Delete, and then click Yes to confirm the deletion.

8. Press the F3 key to search for the next instance of this key.

9. Repeat steps 7 and 8 for each key that is found until you see the message that the registry editor is finished searching.

10. Exit the Registry editor.

Please rate the quality of this document:

low high

1

2

3

4

5

Is this document well written and easy to use?

Submit specific suggestions to improve the quality of this document.

Product(s): Norton AntiVirus 2002

Date Created: 09/25/2001

BULLETINS | KNOWLEDGE BASE | SPAMWATCH | DOWNLOADS

TUTORIALS | REGISTER | SUPPORT POLICY | CONTACT

[Guest Clint]

Here is the post for the third link:

© 1995-2003 Symantec Corporation.

All rights reserved.

Legal Notices

Privacy Policy

start over

my product is Norton AntiVirus 2002 for Windows 2000/NT/Me/98/XP change product

Document ID:2001091907501606

Last Modified:11/26/2002

Error: "Cannot delete navshext.dll. The specified file is being used by Windows" when deleting the Norton AntiVirus 2002 program folder during a manual uninstallation of the program

Situation:

You are following the manual uninstallation procedure for Norton AntiVirus 2002 (NAV). When you highlight and delete the Norton AntiVirus folder in C:\Program Files, you see the error message "Cannot delete navshext.dll. The specified file is being used by Windows." This happens if the computer has been restarted in a clean boot or in Safe mode.

Solution:

If you cannot delete the NAV program folder, and if you could not uninstall NAV from the Add/Remove Programs applet in the Control Panel, then follow the steps in the document How to uninstall Norton AntiVirus using the Rnav2003.exe removal utility to download and run the Rnav.exe removal utility to remove NAV from your computer.

If running the Rnav2003.exe removal utility does not work, then follow these steps to unregister the navshext.dll file:

1. Click Start, and then click Run.

2. Type or copy and paste the text that applies to your version of NAV

If NAV is installed as a stand-alone product:

regsvr32 -u "c:\program files\norton antivirus\navshext.dll"

If NAV is installed as part of Norton SystemWorks:

regsvr32 -u "c:\program files\norton systemworks\norton antivirus\navshext.dll"

3. Click OK at the next prompt.

4.

Please rate the quality of this document:

low high

1

2

3

4

5

Is this document well written and easy to use?

Submit specific suggestions to improve the quality of this document.

Product(s): Norton AntiVirus 2002

Operating System(s): Windows 98, Windows 2000, Windows Me

Date Created: 09/19/2001

BULLETINS | KNOWLEDGE BASE | SPAMWATCH | DOWNLOADS

TUTORIALS | REGISTER | SUPPORT POLICY | CONTACT

[Guest ellas]

still no luck uninstalling nav ?

[Randy_Bell]

p2ccolo, hang in there, you'll have a clean system soon. ;)

[Guest ellas]

maybe that would have been the best way,but where are you getting the trojans from,is it possible the other machines are infected,what trojan have you found.

[mark2]

Okay you can delete that file containing toplistcity then find it in the reg and delelte ltlhe key in there THhat shopuld get shot of te Hijacker.

What Trojan has been found ?

[Guest ellas]

why not take randy bells advice with trojan hunter,we come this far format would be defeat.

[mark2]

Do we really want to give in to these Bas*****? :angry: :angry:

[mark2]

Give Randy's suggestion a try to get rid of the trojan, we will get you back to a clean well running system, If the worst comes to worst with Norton we can go with AVG and ZA or Sygate, Then uninstall what you don't need. When it comes to the backing up & formatting option you could find yourself backing up the problems too. :huh:

[Guest ellas]

like mark2 says how can you back,get a clean system then maybe run the repair console which will reinstall all the windows files and i/e.

[Guest ellas]

what do you mean crap mp3 etc

[mark2]

Most of the stuff in your startup list we can take care of thru msconfig and once the unnecessary stuff doesn't autostart will run quicker, then at some point we can disable unnecessary services too.

[mark2]

Make sure system restore is still turned off if not you could have to go thru this all again :( :(

dleting that reg file relating to the hijacker will get rid of that but we will need to remove it once more from the registry before it will be gone hopefully for good!! there are free progs to prevent a hijack like that again ;) ;)

[Guest ellas]

should be,even if it ends up as a format you will have learnt a hell of a lot about your computer :D ,have you got a full version of xp or upgrade or recovery discs.