Jump to content

NAV corp issue

spapps
 Share

Recommended Posts

spapps

spapps

Posted
Posted (edited)

Hi I am new here.

Just spent about 10 minutes writing up this thread, then deleted the text and restarted lol.

To the main point:

my WS2003EE with SP1 got infected, for the first time ever, by a trojan/spyware. Anti spyware didnt pick it up unfortunatly, even though i ran an update earlier. My router firewall seemed to have not responded for some reason - whatever. I got hit bad.

I didnt wanna have to format and re-install as I have alot of stuff on there, programs, documents, projects, other backups - you name it.

Tried several ways of removing it, couldnt.

I then got Norton Corporate anti virus 10.0, installed perfect, picked up the devil and removed it. cool, was on the role!

However the virus still existed some place, even after removing it and following instructions from symantecs website on where it would place it self etc..

The virus infected explorer.exe - not a good thing of course.

so, ended up formatting and re-installing.

The 2nd thing I decided to do was to install NAV Corp 10.0 after installing anti spyware, and no drivers (the only drivers left were to update the gfx card and capture card).

NAV failed to install. I thought ok, perhaps I need to install the rest of the drivers, and software and the system will be updated etc... (after installing updates) and it would all be well.

nope.

I tried re-doing the installation of NAV Corp v10.0 - still failed. Was really getting annoyed.

Did everything I could think of, but it still failed to install and still is failing.

I googled the issue but there was no set cure. Been on symantec's website - any suggestions posted did not help.

I do not understand what the problem is! Norton Anti Virus Corp edition v10.0 installed fine when i had been infected but not after reformatting and re-installing the computer. I do not understand.

I looked at the event logs and found this:

The description for Event ID ( 7 ) in Source ( Symantec AntiVirus ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.

The description for Event ID ( 14 ) in Source ( Symantec AntiVirus ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.

The description for Event ID ( 13 ) in Source ( Symantec AntiVirus ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.

Also just found a new one:

Product: Symantec AntiVirus -- Installation operation failed.

well duh! lol.

I dont know what the problem is! Does anyone know? I am really stuck and would really want to install this.

if anyone has any suggestions or a solution, please post. Would greatly appreciate it!

I am usually pretty darn good at this stuff but cannot figure out what the problem is. The virus is completly removed as I had scanned it on another OS on a different computer.

Edited by spapps
Link to comment
Share on other sites

gamehead200

gamehead200

Posted
Posted

Not sure what the problem might be, but my guess is that the install just failed because of a corrupt file. But that wouldn't make much sense because as you said, it worked before you formatted. Did you do a quick format or a full format when reinstalling Windows? Also, did you install anything before installing NAV? :}

Link to comment
Share on other sites
spapps

spapps

Posted
  • Author
Posted (edited)

hey thanks for the speedy response! :)

I did reextract the file but that made no use so it is not corrupted

I did a full format, I always do.

The only thing I installed before NAV was Anti spyware software. Even if i disable that to make sure it wasnt blocking the installation did not help. Even if I disabled the firewall on the computer - that did not help.

When I was infected, I of course had the full works of software installed (Office, dev tools, SQL Server etc...) and it installed fine but now before installing all that, and after, it does not install. It just "failed" and has no errors to give me.

The interesting thing is - if I run the msi installer from a folder, which I think gets executed in the background if i install it the normal way - it almost completes installation then rolls back saying that the setup was interrupted before it could finish - but no idea what interrupted it. The errors in the event log are also the same from this.

Oh - I am sorry if i have posted in the wrong forum :)

Edited by spapps
Link to comment
Share on other sites
gamehead200

gamehead200

Posted
Posted

Don't worry about it...

Ummm... Let's see... You say the installation rolls back? What other processes are running when you're installing NAV? I suggest getting HijackThis! and posting what processes you're computer has running on startup. Save the log and post it here.

[ Moved. ]

Link to comment
Share on other sites
spapps

spapps

Posted
  • Author
Posted (edited)

no this is AFTER formatting - I cannot install NAV Corp after formatting - and how do you know/find out if i got that virus from the tool? :)

I have googled the W32/Deloder.worm and found out its characteristics but i can confirm that there is no virus on the system and that the W32/Deloder.worm is not on the system :)

Edited by spapps
Link to comment
Share on other sites
spapps

spapps

Posted
  • Author
Posted (edited)

that sucks! Already I have a worm? no way! I scanned the system using a different OS/HDD and had the firewall on (in Windows) and on the router as always!

the firewall is enabled by default when you install WS2003EE with SP1 - firewalls are always on. but please tell me for my reference, how do you know I have a worm? :)

*scanning from link as requested*

it says it will take 10 hours to scan :-/ I have a 10MB connection lol

Edited by spapps
Link to comment
Share on other sites
gamehead200

gamehead200

Posted
Posted
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm

A quick search on Google shows that res://shdoclc.dll/hardAdmin.htm refers to a worm.

If you open Internet explorer, you should be automatically brought to some kind of a search page, with or without pop-ups. If this is not the case, this is probably a leftover from something else, but I highly doubt it.

Link to comment
Share on other sites
spapps

spapps

Posted
  • Author
Posted (edited)

ah!

that is NOT a worm. that is the DEFAULT web page for WS2003 with SP1. Trust me, thats not a worm :) I have also asked my colleagues and they confirm this.

that page is the default page which tells you that IE is on the "high lock" security setting

we also deploy tons of computers and that is the default page for WS200, but the computer that NAV is installing on, that is my own personal computer at home.

Edited by spapps
Link to comment
Share on other sites
gamehead200

gamehead200

Posted
Posted
ah!

that is NOT a worm. that is the DEFAULT web page for WS2003 with SP1. Trust me, thats not a worm :) I have also asked my colleagues and they confirm this.

that page is the default page which tells you that IE is on the "high lock" security setting

Ah, OK. At least we're clear now. :)

Have you tried booting into safe mode and tried to install NAV?

Link to comment
Share on other sites
spapps

spapps

Posted
  • Author
Posted

hehe :) btw - hope you didnt feel offended when i screamed NOT - did not mean it in that sense ;) That was just to make sure... :)

yes I have tried to install NAV corp in safe mode without much success - same issue

stop scaring me when you came to the conclusion I have a worm! :P almost collapsed reading lol

Link to comment
Share on other sites
spapps

spapps

Posted
  • Author
Posted

:) I agree totally - if it installed in the first place, why not now? It's a "baffler"

apperently symantec ARE aware of the issue and working on it - but the point is - they should have tested properly first then releasing it, or at least providing a work around for someone in this situation.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...