So I was here trying to help a friend get her laptop fixed. I noticed that her subscription to Norton was already over. Accordingly, it expired nearly a year ago. :o I decided to remove it first using AppRemover. But it produced a BSOD every normal restart. I can only boot in safe mode. I used system restore and used their uninstaller instead. But it produced the same result. I don’t know what happened. It’s puzzling.
So here’s the thing. Has anybody else experienced this? I didn’t when I tried their product. So I really don’t understand why that happened. I’ll be posting at their site some time soon.
(after a year without updates…) things can happen:
“Some firewalls or antivirus software may also be disabled by the virus leaving the system even more vulnerable. Especially, it disables Norton AntiVirus and in turn uses it to spread the infection. Norton will show prompts to enable phishing filter, all by itself. Upon pressing OK, it will try to connect to (…: ) and try to download more malware.”
wikipedia about “vundo”, “virtumonde” virus.
just as an example which came in my mind, as i read the name.
was norton integrated in the bought laptop? or just installed as a program? maybe thats the difference to what you experienced before.
I heard that it came with her laptop. Maybe. But I don’t see why it would matter. It must have been installed in the same manner all other av’s do. ??? or is there a difference i’m obviously not aware of?
Luckily, although there were viruses, an infection wasn’t the cause of norton shutting down. The license expired long ago. But it just dawned on me. Is Norton that easy to exploit that it can be shut down by viruses it says it fends off? Or do all other av’s suffer the same problem?
Why you are asking whether Symatec (I prefer call it “Symatec” in order to not abusing the name - Norton) is “easy to exploit”?
As it was pointed above, which is just a common sense - any security (especially it’s AV component) that hasn’t been updated for a year!!! - simply does not exist… whether it’s (was) Symantec / Comodo / Emsisoft / and so on & so forth…
Symantec is never easy to remove (it is a pest & hijacker)
In addition to what was referred above , please keep in mind that you’d rather go to Symantec site and find the Removal Tool specifically and precisely for the version installed. Very important!
After running the said Utility you must thoroughly investigate the Registry anyway (hope you know how), otherwise you still may encounter big troubles when installing new security
Basically, in many cases … no matter what … “if Symantec was there” it’s better to reformat and reinstall the system prior to introducing new security
Doing a reformat is a bit drastic but there is another strategy; but it is for advanced users only.
This strategy helped me last year to bring a netbook running CIS back to speed which had had Norton installed in the past. It turned out there was a Norton driver still present under Non Plug and Play drivers.
First step is to start device manager to show hidden devices by running the following two commands from the command prompt (or make a small batch file):
set devmgr_show_nonpresent_devices=1
start devmgmt.msc
Next step is to set under View to Show Hidden Devices. Now browse through every driver under Non Plug and Play drivers. You now need to look up each one of these drivers on the web ,because there are numerous Windows drivers there, and see if the driver belongs to a program that is installed or was installed. It is tedious job but it can safe one from doing a reinstall of Windows.
Reinstalling Windows I tend to stay away from as much as possible as it is more than a day’s work to get everything back up and running…
Some firewalls or antivirus software may also be disabled by the virus leaving the system even more vulnerable. Especially, it disables Norton AntiVirus and in turn uses it to spread the infection. Norton will show prompts to enable phishing filter, all by itself. Upon pressing OK, it will try to connect to (....: ) and try to download more malware."
wikipedia about "vundo", "virtumonde" virus.
as posted by clockwork. Now as I understand it, a virus may disable the av regardless of whether it’s license is still active or not. I don’t think you can disable an av that’s not really running can you? I mean, the shields are already disabled due to an expired license. What will the virus disable then? Then again, though, I did make a mistake stating it’s “easy to exploit”. It must have been a complex virus to be able to do such. Easy would be a huge understatement. So I stand corrected.
In addition to what was referred above , please keep in mind that you'd rather go to Symantec site and find the Removal Tool specifically and precisely for the version installed. Very important!
and followed their instructions (except the saving your product key).
After running the said Utility you must thoroughly investigate the Registry anyway (hope you know how), otherwise you still may encounter big troubles when installing new security
Couldn’t do it after using the uninstaller they provided. Something wasn’t letting me use the registry even in safe mode. Each time I’d try to run regedit, Windows says it can’t find it. I tried to copy it from system 32 but it keeps saying the file is corrupt. Then I got frustrated and restored again. It can’t be uninstalled using windows Add/Remove. It still runs in start-up. Wouldn’t let me remove it from start-up either. It can’t be uninstalled using AppRemover. It would cause a BSOD. It can’t be uninstalled using the Norton Uninstaller. BSOD. What am I to use? ???
Wonder if this’ll work? I’ll give it a shot should she ask for my help again. She didn’t want to go back to the computer repair shop she’s been because aside from having to pay, she said the guy said he was going to reformat and reinstall windows instead. Not wanting to have to go through the trouble of putting things back where they were (the documents, pictures, and all), she decided to turn to me instead.
!ot! Quite a shock for me,too. I kept telling her I was no expert. She insisted though. At the end, I was able to remove the infection (or at least the most troublesome ones), it was running faster than before she claimed, and no more crashes after she tested it, but NIS is still installed and I couldn’t think of any other way of removing it. Oh and I was not able to post it in their forums. Had a lot going on in the university. Now I’ve forgotten where I put the dumps. !ot!
Next step is to disable the Norton programs and services from running you can disable them from starting with Windows using Autoruns. Download Autoruns and run it.
This program finds almost all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting push Escape and go to Options and choose to hide Windows and Microsoft entries, to include empty locations and then push F5 to refresh.
Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.
Wonder if this'll work? I'll give it a shot should she ask for my help again.
This is for advanced users and needs to be done with caution and constraint because there also Windows drivers in that list. First try the disabling of all autostarts of Norton. That will stop it from starting and will help the computer more up to speed.
Are registry cleaners working on your system? If they do then you can consider deleting all the Norton folders on the computer (only after you disabled the auto starts of Norton and reboot) and then let various registry cleaners clean the registry. I use Eusing Free Registry Cleaner and Auslogics Registry Cleaner. They both find a lot and are complementary.
If you can someone that has Symantec Endpoint installed, see if they will send you a copy of “CleanWipe.” It is Symantec’s nuke product for anything Symantec related. It will obilerate anything Symantec related on any WIN OS it is run on.
