Norton's at it again!

I recently restored my pc to factory settings since it was gettin bogged down full of crap...but the factoy settings reinstall Norton Anti-virus and Firewall 2005 (damn you HP). I used the NRT to remove it, but Security Center says it is still protecting my pc, which it is not, cause i have Avast! and Zonealarm. How do i get rid of this malware thats displaying false messages.

 

Thanks for the help, but the second link didnt do me any good since I have Windows and the first link just took me to the NRT tool, which I had already used.

 

There are specific removal tools for different versions of Norton. These can all be found on the Symantec website.

I have often found the only way to fully remove antivirus is to reinstall and then uninstall. You should start the uninstall at add remove programs first, then use NRT on what is left

hope this helps

Studio T

 

To make absolutely sure Blades if you are still unsuccessful,

In regedit (start>run>command>regedit), go to edit, find, and type NORTON, then find. It will find a registry entry and stop on it, click edit and delete and press f3 key to proceed to next one and keep repeating this until it tells you there are no more. Repeat this process with NAV and SYMANTEC typed in the find line until they are all gone too. This is a pain in the a**way to do it, but it will remove all registry entries in the O/S thus disabling and removing the ability for the program to run.

Please make sure that you do a full registry back-up BEFORE you attempt this procedure...

Good Luck!


Regards...

 

I totally sympathize with you as I have been round and round and round with Nortons.
The attached is what they sent me because I "insisted" that they provide me with the informtion to remove any and ALL traces of their programs. It's been nothing but a headach and I think my system is clean now (but I'm not 100% certain.)

Good luck! Bitzy

Read through "everything" before you take any steps (at your own risk) and maybe one of the gurus here will pick up on something that Symantic missed. The following is the info they sent me from the tech support chat log.
---------------------------------------------------------------------------------------------------------------------

NOTE: These steps and links are only for Windows Xp Operating System.
I recommend that you completely uninstall all Symantec products from your Windows XP system and reinstall them. This should clear off the problems that you have been experiencing and restore your software to a stable, functional state. Please follow the steps provided below.

First, uninstall all Symantec products:
1. Click Start and then Control Panel.
2. Click Add or Remove Programs and then click Change or Remove Programs.
3. Select a Symantec product, Norton AntiVirus for example, and then click Change/Remove.
4. Follow the prompts until the uninstall process indicates that it has successfully removed the product.
5. Repeat these steps until all Symantec products have been removed from the Add/Remove Programs list.

Next, configure Windows to show all files:
1. Double-click the My Computer icon on your Desktop.
2. Click the Tools menu in the top toolbar and then click Folder Options.
3. Click the View tab.
4. Uncheck "Hide file extensions for known file types."
5. Under the "Hidden files" folder, click "Show hidden files and folders."
6. Click Apply, and then click OK.

Now, search for and delete all Symantec folders.
1. Click Start, Search, and then select "Files or Folders".
2. "Look in" is set to "All drives" or to (C.
3. Make sure that "Search subfolders" is checked. (You may have to click the "Advanced Options" arrow to display this.)
4. Click All files and folders.
5. In the "All or part of the file name box" type--or copy and paste--the following text:
Symantec
6. Click Search.
7. Delete all files and folders that are found by the search.

Finish by cleaning up the Registry:
CAUTION: We strongly recommend that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the keys that are specified. Please see the document linked below for details on making a backup of your registry:
Title: 'Backing up the Windows registry'
See Document ID: 199762382617 on the Symantic Website

NOTE: These keys may not exist on all computers. If either or both exist, please delete them as instructed.

1. Click Start and then Run.
2. Type REGEDIT into the Run dialog box when it comes up and then click OK. The Registry Editor will open.
3. Navigate to and select the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec
4. Press the Delete key on your keyboard and click Yes to confirm.
5. Navigate to and select the following key:
HKEY_CURRENT_USER\Software\Symantec
6. Press the Delete key on your keyboard and click Yes to confirm.
7. Click on File in the top toolbar and then click Exit.

NOTE: If you are receiving "Access denied" message while deleting any particular registry entries, I would request that set the permission for that registry entry and then proceed deleting registry entries. For more information please refer the link below:
Title: 'Error: "Error Deleting Key: Cannot Delete "<Registry Key Name>": Error While Deleting Key"'' See Document ID: 2002112506314039 on the Symantic Website

At this point, your system should be completely clean of Symantec products.

 

Anybody interested in rootkits should check a system containing Norton with Rootkit Revealer. Winternals have always been very careful not to say what you will find just to do the experiment! Since Microsoft have taken over Winternals the Sysinternals stuff is now available from

http://www.microsoft.com/technet/sysinternals/securityutilities.mspx

 

Thanks everyone so far for your help. Bitzy, thanks for the info but turns out Secuirty Center still says Norton Worm Protection and Firewall are still protecting my pc

studiot, i got this off Rootkit revealer, but no references to norton.

nightcrawler, seems i found the remaining keys and values and i deleted them all. ill see how it went

 

Seems you have a rootkit associated with Trillian. Note the line says basically there but not visible in windows. This is the exact definition of a rootkit - sorry bout dat. I am not at the moment sure whether this is Ok as some programs, including Norton, and Zone Alarm add benign rootkits to your system. Getting rid of the Norton one causes much uninstall trouble which is why I sugggested looking for it, but it seems to have gone. Perhaps you should discuss with Chaslang about the others?
I will do some more investigation and return.

Meanwhile if you go in for mass anihilation in the registry remember that some keys are regular windows key with 'naughty' values like _orton. With these only the value not the key should be deleted. Other keys are added by malware and the whole key is to be deleted . You should use common sense and judgement on this. If in doubt reset the value and try the effect before completely removing the key.

Studio T