virus attacked my computer

I would suggest (not being a norton user) that you uninstall all of the norton AV software, and then install the old one, then remove using the instructions from norton, before re installing the new version.

Try to get the instructions and any scripts from norton before doing so, and do the rest off line from the net.

Chris has some good ideas for uninstalling. Here's a link to Symantec that might help. Uninstall info 

Hope that helps,

Texruss

Can you boot into Safe Mode (hit F8 on cold boot). Try Add Remove for both NAV versions (that was a bad thing you did to leave the old one there...*;-)

Or perhaps you can edit the registry and wipe out all the Symantec entries.

Let us know how it goes.

Texruss

Don't give up the ship. Here's a tool from Symantec that should help.

Texruss

I deleted Norton antivirus 2002 in safe mode and also tried to remove 2003.

This message showed up:

" The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance."

What Can I do next guys?

Thank you for y'all's help.

Perhaps now you can reinstall 2003 successfully.

Texruss

I tried to install the 2003 version but my com still has a "DLL Initialization Failed"

It says " The application failed to initailize because the window station is shutting down.

Help me, please

My MSN ID is "insunghwang@hotmail.com" If you can help me through this, please add mine on your list.

Message Edited by assamartin on 03-12-2004 08:48 PM

I downloaded some files from the website you recommended. I burnt a CD from my laptop and tried to install those files to my Desktop but I can't open my CD-Rom drive.

" The application failed to initialize because the window station si shutting down." error message showed up.

Can I do something with "Run" or "register" thing?

>but I can't open my CD-Rom drive.

" The application failed to initialize because the window station si shutting down." error message showed up.

>Can I do something with "Run" or "register" thing?

Sounds like something worse is going on than just a failed Norton installation. What version of Windows? You can try the manual uninstall directions on the weblink, but it does require registry skills.

You might also look into installing freeware spy apps like Adaware and Spybot Search and Destroy to see if something else insidious is preventing your efforts. I don't like the looks of the CD not working. If you have XP you might use an older restore point, but I am guessing you may have an older version of Windows. For older Windows you might also try the System File Checker (sfc.exe at Start/Run) to check for corrupt system files. SFC is not in Millennium as it uses System File Protection.

Basically if I were there working on it I would run spyware apps and boot in Safe Mode to run regedit and delete any spyware loading in the Run folder, scrub the registry to remove NAV failed remnants, download all patches for Windows, then fix any corrupt Windows files by either sfc, or by a refresher reinstall. It's definitely a tricky situation...most folks give up because of the complexity and reformat or use their restore CD. Tough situation. 

Texruss

Message Edited by Texruss on 03-13-2004 01:27 PM

Try posting a hijackthis log for me, and we can get that to disable all the norton stuff, but that might still not let the install work correctly.

You might like to try the the site for norton AV, they have a support forum I believe.

The OS of my com is Windows XP Pentium4 2.53GHz
The hard drive is 120 GB, memory is 512 MB(DDR SDRam)

I can't put a "Hijack this" file cause I can't get on the internet.
Did you mean I type it down and post it with my another computer?

I ran AD-aware, but it stopped in the middle of performance.

...

Can you boot into Safe Mode and run Regedit to look for boogies loading in the Registry? Get someone to help you if you can't. Basically look in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

You're looking for weird .exe named files that are not normal entries. I just cleaned 2 inoperable XP machines which had hundreds of .exe files in the Run section. Windows was barely running on one machine in normal mode and the other was was totally messed up for normal mode. Deleting those .exe files fixed it to where I could boot into Normal mode and fix other malware debris with Spybot and Adaware.

HTH,

Texruss

Hijackthis.exe will fit on a floppy, the ext file as output will fit on a floppy, use good machine to copy and paste to here.

But I repeat, that it might not help, you need to uninstall, not just disable, which is what hijackthis will do.

But is uninstall is not an option, post a log and I will give advice.

Thank y'all

Logfile of HijackThis v1.97.7
Scan saved at ?? 8:01:03, on 2004-03-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\PC-Doctor\Java\jre\bin\javaw.exe
C:\PROGRA~1\PC-DOC~1\Services\PCDREN~1.EXE
C:\PROGRA~1\PC-DOC~1\Services\EVENTS~1.EXE
C:\PROGRA~1\PC-DOC~1\DIAGNO~1\DEVICE~1.EXE
C:\Program Files\PC-Doctor\Diagnostics\PcDrHardDrive.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\ESTsoft\ALZip\ALZip.exe
C:\Documents and Settings\Owner\My Documents\virus\hijack this\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DownAcc] C:\Program Files\EasyWinCleaner2002\SpeedDown.exe
O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - HKLM\..\Run: [ADSpider] C:\Program Files\ADSPider\ADSpider.exe /start
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~2\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [nProtect] C:\Program Files\npserver\nprotect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKCU\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\Vcrmon.exe
O4 - HKLM\..\RunOnce: [Regsister WScript] wscript -regserver
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: ?? ?? ::: ??? - C:\PROGRA~1\
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {14B0C13D-497B-4E6A-8E39-596CD9434F30} (sayclub & Hangok music Control) - http://dl.sayclub.com/sayclub/noraeting/saywiz.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {2F0692E0-771E-41EE-8CC2-4A8D8CCA357F} (Checker Control) - http://connect2.skylove.com/connect/checker.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {42813B7B-A6CD-494C-AE13-2101F5C686EB} (XBugsUpload Control) - http://beatlebox.bugs.co.kr/multiroom/cab/XBugsUpload.cab
O16 - DPF: {516867FD-3E25-4FF5-B3B2-F0EA71874BAC} (Csay Control) - http://screenchat.skylove.com/screenclient/csaycert.cab
O16 - DPF: {575594D5-8974-4AFE-9919-8FE4AA687DEF} (NhnPlayer Control) - http://yohan.net/ie/js/nhnplayerx.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_10.CAB
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {97154128-DC4C-4D5B-AF7C-CA7356238EC9} (Hanmail FileUpload Control) - http://wwl53.daum.net/hanmail-ax/HM_fileupload.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38048.5349884259
O16 - DPF: {A6DED174-177E-4B45-8BE7-0FF3316143EE} (Hangok Audio Wizard) - http://norae.bugs.co.kr/lib/cab/XBugsHanwiz.cab
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (session Class) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {C3E92DA9-AC1F-11D5-A012-0050BF061639} (SkyCap Control) - http://dchat2.skylove.com/dchat/skycap.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab

The most astonishing thing about this log is not what is in it, but what is NOT in it.  I see two different types of utility software from PC-Doctor and Norton, but NO evidence of an active anti-virus or firewall.  I see that you were having problems with Norton and you aren't protected at the moment.  However, anti-virus protection is needed while you solve this problem.  If you don't protect your computer, then you should expect to be infected from a variety of sources.

It nice that we have wonderful folks here like ChrisRLG, Yellowhammer, YoKenny and the like, but the fact of the matter is that the primary responsibility for at least minimum protection for a computer investment is THE USER.

At some point you have to ask yourself...would you park your car, leave it unlocked with the keys in the ignition and walk into the shopping mall for an hour or two?  Of course you wouldn't.  But using a computer connected to the internet without virus protection and a firewall is really not that much different.

I hope the original poster takes no offense at this post.  It was not intended to be mean-spirited in any way.  Take the time to use google and search on the terms *free anti-virus* and *free firewall*, and you will find solutions.  And the price is certainly affordable for everyone.  Norton is a product recommended by many, but anything that works is better than having the best thing that doesn't work.

Message Edited by BBlackie on 03-13-2004 11:21 PM