jellyhead

Norton and Symantec are two very different antivirus even though they're owned by the same compny. I much prefer Symantec, it's too bad you couldn't get it to work for you. The only issue I have with Symantec Enpoint Protection is that the firewall doesn't function normally. SEP is intended more for a corporate environment were system administrators manage it. The firewall works great but you have to manually set the rules to block or allow sites or programs through. In this case, it didn't even alert me that winlogon.exe was connecting to an outside IP. Glad to hear you're beating this thing.

I just cleaned up this mess on another computer with somewhat different results. In this case the W32.VIRUT.CF virus was spread to virtually every exe file on the system. Symantec went a little crazy in cleaning it and actually deleted explorer.exe and the registry entry to start explorer. The system would start but the screen was black. I opened taskmanger and realized explorer wasn't running. I tried to start it manually and got an error saying explorer not found. I had to copy the explorer.exe and userinit.exe files from another system to the Windows folder and replace the reg keys. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="Explorer.exe" "Userinit"="C:\Windows\system32\userinit.exe," I also found that numerous Windows files were missing. Many of the Windows program start menu shortcuts were linked to files in the winsxs folder instead of the program folders. I noticed this with windows media player, windows mail, windows DVD maker, internet explore and several other shortcuts. Rather than spend hours trying to find all of the missing files, I just chose to run the Vista setup again in upgrade mode..

You normally only see that message if you have recently installed a program or updates that require a reboot. If you rebooted your PC and are still getting that error then there is a problem with your system. You could try running the setup as administrator and see if that works but you shouldn't need to do that. I have installed this program on many computers and never had a problem with it. This may help http://service1.symantec.com/SUPPORT/ent-s...pen&seg=ent

The W32.VIRUT.CF virus was found on all partitions only in exe files and it seemed rather random the files that were infected. I believe the original source of the infection was a downloaded game but I deleted it and the virus still reappeared. I think this was because the W32.VIRUT.CF virus was spread throughout my system at this point and when I accessed the exes on partitions not reformatted, I reinfected winlogon.exe. I think Symantec just added detection for this virus on the latest updates because it was never detected before. At the last format when I scanned the entire system, around 100 infected files were found on 4 partitions. I blocked all of the IPs mentioned 218.93.202.114 61.235.117.81 58.65.232.34 211.95.79.6 I had previously blocked 61.235.117.81 since I had detected winlogon.exe trying to connect to this IP. In my case, I had downloaded a warez copy of SimCity 4 Deluxe Edition using bittorrent. I already had a purchased copy with the expansion pack but wanted the updated version. When I ran the setup.exe I imediately knew there was some sort of malware present because the system hung for several seconds. I imediately checked the startup options and saw 5 or 6 new entries. I deleted these and the associated files but failed to catch the winlogon.exe infection since this was a normal Windows file and needed no startup option added. I deleted the downloaded game but still had my legit copy on my HDD. I began creating my own Deluxe version of this game by merging the original and expansion pack into one setup but these game setup files were now infected. I installed the game a few times to test it and make changes. Every time I did this the virus was spread yet again. during this process I had restored a backup image twice and been reinfected each time. After the last restore, Symantec began finding this virus and was able to clean it from all but 2 or 3 files. I then checked the game setup which was still on my HDD and every exe for the disc was infected.

I too have been fighting this problem for about a week now. I think I finally managed to eliminate it. I use restore images rather than reinstalling Windows. I first restored a known clean image and was infected soon after. I then extracted a clean copy of winlogon.exe from the image and create an sfv check file so I could determine if the system32\winlogon.exe was infected again. I blocked the IPs in my router, then restored a clean image again. I immediately scanned my system and found numerous occurrences of W32.Virut.CF virus throughout my partitions. Symantec Endpoint Protection was able to clean most infected files. I checked the winlogon.exe file to see if it had been modified again. It was clean and I haven't seen any signs for a few days now. I am pretty sure this started with a downloaded game (yes piracy is evil, I'm so ashamed).

I've tried creating the overide file and it doesn't seem to work. I'm guessing it only works with the silent install switches and I don't want to perform a silent install. I just want to have the serial pre-filled.

I haven't found where the serial is located in the msi or mst files. If the value is not already present, then I need to know the value name so I can add it.

I usually use WiseScript but this should be the same solution you need. Just rename the dlls so they each have a differnt name like so: example.001 example.002 example.003 On install have the dlls renamed to the correct names. This will allow all of the dlls with duplicate names to exist in the same setup. This should also work for pretty much any setup program. If this option isn't available in the Wise Studio, the just edit the MSI with ORCA after adding the misnamed dlls.

I'll second that. This is the best Editor IMO and after you install it, you can just copy the install folder to a USB drive.

I don't want to create a silent install, but I want to have the serial numer pre-filled. Is there any way to do this with a configuration file? I created the application.xml.override file but this doesn't seem to be used if not doing a silent install. Is it possible to add it to the msi file directly?

What is the Component ID for NeroCopygadget in version 7.10.1.0?