Symantec Antivirus activation

ninjagaiden · Jun 24, 2008

Hi,

I think I accidentally removed Symantec Antivirus from my Startup items. I see three executable files which could be the file needed for start up, but I'm not certain which one I should add to Startup:

VPTray.exe
VPDN_LU.exe
or VPC32.exe

Other question:
My Startup has an application called flags that runs from the Location HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
What is this? Do I need it?

DavidGP · Jun 24, 2008

Hi

VPTray.exe and VPC32.exe are tray icon and protect exes if adding these dont work, easy option is to reinstall Norton, which will fix the missing startups

ninjagaiden · Jun 24, 2008

Symantec Firewall and Startup Item questions

Thanks Halo.

I have a few other questions

Symantec Firewall Question:
I think my Symantec Firewall may have been disabled by the Malware removal procedure "Read and Run me First" at some point. Why might this be? Does windows have its own firewall? If so where do I see it? I found a FIO.exe file under my Symantec Firewall folder and I researched it because I thought that it was the Firewall. According to the site Prevx <http://www.prevx.com/filenames/2093893906508676669-0/FIO.EXE.html> it is considered Malware. Is this right, or are they referring to a different FIO.exe? Also, what is the name of the Symantec Firewall .exe file? I've included a screen shot of the .exe files in my Symantec Firewall folder for reference.

Other questions:
My Startup has an application called flags that runs from the Location HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
What is this? Do I need it?

If I removed programs while msconfig was not in normal mode, how do I check that they were properly removed and fix any errors?

DavidGP · Jun 24, 2008

Hi

The read me iirc should not disable your firewall, howver your accident in deleting startups or if you have malware could have caused the firewall to stop, FIO.exe is the Symantec client for the firewall, so is safe, sadly Previx dont seem to check their data much so are out of date or just plain wrong with many legitimate applications flagged as false positives.

The windows firewall can be accessed by the security center in control panel.

On flags.exe it could be a screensaver application, however if you dont recognise it then you really would need to run the read me malware guide and attach your logs in a new thread in the malware forum for the malware experts to review BUT it could be anything, no major application springs to mind with flags.exe

As for Synantec, I would as I suggested be thinking of a re-install of it.

As for removing programs while in safe mode or selective mode with msconfig, are they in Add/remove the ones that you removed still, if you enter msconfig in normal mode are they still listed as startups?

If they are still in msconfig startups and you haev removed them via add/remove so main files are all gone then you will need to remove the entries orphaned in msconfig and the below will help

Click start > run and type regedit to load regedit.

Navigate to these keys and if any of the two are listed right click and delete then if listed as the below two keys are where unticked items from msconfig are held

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

or if not 100% with deleting items from those locations post me a screenshot and will advise or just found this from KellyT's site Line 148 Clear Disabled Items from Msconfig Startup & Selective get that vb script to do this automatically.

ninjagaiden · Jun 26, 2008

Thanks for the advice, I just didn't understand this part:

Navigate to these keys and if any of the two are listed right click and delete then if listed as the below two keys are where unticked items from msconfig are held

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

or if not 100% with deleting items from those locations post me a screenshot and will advise or just found this from KellyT's site

Do you mean that I should delete the following folders in the registry?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Or that I should delete from the above two folders anything that appears in msconfig that I have deleted from my machine?

I have included two registry screenshots of the startupfolder and startupreg for your reference. Let me know if you wanted screenshots of other items.

Symantec Firewall question:
The Control Panel Security Center says my Symantec Firewall is On even though I no longer see the Firewall Icon in my taskbar. If I used to see it at Startup in my taskbar, is there any functionality I may have lost now that the Firewall icon doesn't appear in my taskbar even though my Security Center says it is on?

DavidGP · Jun 27, 2008

Hi

Are you still managing startups via msconfig? if so enable all, then reboot, re-install norton as still best option is to re-install Norton, it will fix your startup and any missing icons in the system tray.

as for the any items in msconfig, that is only for when you have been using msconfig to manage startups and unticked them from starting, then uninstalled the application from Add/Remove, this will leave in many cases an orphaned entry in msconfig startup to that application and the registry locations are where these items are located, the best route if not used to editing the registry is to just run the script file from Kelly Ts site as it will take the guess work out of editing the registry yourself.

BUT only use the registry script if the applications startups in msconfig startup are from applications you have removed from Add/Remove and they have left their startups in msconfig due to running msconfig in selective mode. ( however if you run it it should not delete any that are active, only ones orphaned with no application linked to them, so long as you enable all startups in msconfig )

If you need to disable any startups later on when norton is functioning correctly with all icons where they should be, then use http://www.majorgeeks.com/Startup_CPL_d619.html to manage them over msconfig.

Have you managed to work out what Flags.exe application is?

ninjagaiden · Jun 29, 2008

Startup Question:
I have not yet figured out the flags.exe startup problem. I am going to start running the Read & Run me procedure on my machine. I downloaded the Startup CPL program. I also have a Startup up management program called Startup.exe Start-Up Tool ver. 1.3 by ExtraMile-TheNewTeam. Comparing startup items in both tools, I see that the flags.exe item is the only item that appears in Startup.exe that does not appear in Starup CPL. Should I stick with Starup CPL? I downloaded Startup.exe from Majorgeeks about 8 months ago.

Antivirus Question:
In the "How to protect yourself from Malware" guide at http://forums.majorgeeks.com/showthread.php?t=44525 It says that most of the free Anitvirus software is better because it is not as resource hungry as Norton/Symantec or McAfee. Are these free software packages as effective as Norton or McAfee though?

Frequent virus removal question:
I currently have Symantec. I fequently get virus quarantined or deleted notices on my machine. By frequent I mean every 2 to 3 hours. I've included a screen shot of one such warning. I see that there are rarely such warnings on the 2 other computers my family has, and they are also running Symantec. Do you think running the Run & Read Me procedure will help this? Or should I do something else?

Log in or Sign up

Symantec Antivirus activation

ninjagaiden Private E-2

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

ninjagaiden Private E-2

Attached Files:

SYMantec Firewall exe files.JPG

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

ninjagaiden Private E-2

Attached Files:

startupfolder screenshot.JPG

startupreg screenshot.JPG

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

ninjagaiden Private E-2

Attached Files:

Quarantine sample.JPG