dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1012
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

SP3 vs McAfee led to Norton disaster

A question in the Microsoft forum has led to an antivirus software problem perhaps better addressed in the Security forum. In brief, SP3 made McAfee 5.21 not fully operational. My attempt this morning to replace it with Norton 8.00.58 (Antivirus 2002) led to a series of BSOD's. If anyone can help with my tale of woe at

»Win2k SP3 CD install and McAfee problem

I would appreciate it. Thanks in advance.

kirby

System details follow

Win 2000 SP3 w/ ACPI enabled, booting to IDE3/IDE4 RAID 1
Abit KT-7 RAID; plastic CPU socket handle; blue RAID connectors; Bios UL102; Via 4.30
800 Mhz Athlon TB running at 800; CPUfx Core cooler in Addtronics 6890A with 300W PS
2 x 128 MB Xerox PC133 SDRAM (CAS2/100 MHz; CAS3/133MHz) @ 133 MHz
PS2 Mouse and Keyboard; Mitsumi Floppy;SB Live! Value
verizon.net > Westel ADSL > Nexland ISB SOHO router > D-Link DFE-530TX+ > Kerio PF 2.1.4
IDE1: Master Plextor Plexwriter 12/10/32A; Slave Onstream DI30 FAST tape drive
IDE2: Master Toshiba SD-M1612 DVD-ROM; Slave Iomega Zip 100
IDE3: Master Maxtor 51536H2; IDE4: Master Maxtor 51536H2
AGP: Ati AIW Radeon, 6094 driver, MMC 7.7, DVD 7.7

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

Randy Bell

Premium Member

not a good idea to cross-post, because people can't follow threads in two separate forums...I read your thread in the ms forum, and it sounds like you need the NAV removal tool from Symantec...let me search over at Symantec site and I'll post back here...or should I post there? Tell me what to do, as it is confusing when you start two threads in separate forums, LOL. :)
Randy Bell

Randy Bell to Kirby Smith

Premium Member

to Kirby Smith
"How to install Norton AntiVirus 2002 in Safe mode", »service1.symantec.com/SU ··· 06172206

"How to uninstall Norton AntiVirus by using the Rnav.exe removal utility", »makeashorterlink.com/?J19523D91

Vampirefo
Premium Member
join:2000-12-11
Huntington, WV

Vampirefo to Kirby Smith

Premium Member

to Kirby Smith
McAfee is leaving stuff behind, that conflicts with NAV, I had a similar problem when I upgraded a W98 to XP all went well but McAfee 5.21.

It would not work right with XP, So I uninstalled McAfee and installed NAV, nothing but trouble, I had to go in the registry and remove everything that's related to McAfee, then did a search on my hard drive for McAfee stuff and removed it, rebooted, then NAV worked.

scottkeen
join:2001-06-05
Reston, VA

scottkeen to Kirby Smith

Member

to Kirby Smith
I use to have lockups with McAfee.

Ever since I switched to AVG (free) over a year ago, I've been a happy camper.

McAfee and Norton = Big, fat, buggy

AVG = Lean, tight, and free

Why is there any debate?

Vampirefo
Premium Member
join:2000-12-11
Huntington, WV

Vampirefo

Premium Member

said by bigtuna:

AVG = Lean, tight, and free

You get what you pay for, AVG is a good free AVP, FREE being the keyword here, But it's not as good as McAfee nor
NAV.
said by bigtuna:

Why is there any debate?
No debating, the poster is trying to get McAfee or NAV to work on his pc.

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Kirby Smith

Premium Member

to Kirby Smith

Caution McAfee Removal.

Kirby Smith,

Go to this link..download these two tool and clean all that McAfee off your system ASAP.

Good Luck

John

Clean off that McAfee (free tools)

»Re: Delete McAfee Online?? - YES

scottkeen
join:2001-06-05
Reston, VA

scottkeen to Vampirefo

Member

to Vampirefo

Re: SP3 vs McAfee led to Norton disaster

said by Vampirefo:
You get what you pay for, AVG is a good free AVP, FREE being the keyword here, But it's not as good as McAfee nor
NAV.
I don't see this.

AVG Free version is the EXACT same thing as their Pro pay $$$ version except you don't have the Advanced menu which lets you choose which drives to scan (the Free version scans all drives).

There's no differece between protection ability, just because it's free. It uses the same DAT files as the pay version.

Are you saying that McAfee or NAV will protect against some virii whereas AVG (Free and Pay) won't?

Didn't mean to get off-topic, I was only chiming in my own experience that McAfee's crappy DLLs have locked up my computers and AVG never has. It was a suggestion to the OP to uninstall the big heavies and go with something leaner and not so buggy.

I just need to understand better what makes McAfee or NAV better. If it's application options -- OK. If it's protection against virii, then I need hard evidence.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

Thanks everyone for your help. I'm at work at the moment and can't test your suggestions. If I get time tonight I'll see if they work and let you know.

Sorry about the cross posting, but I started with a SP3 report that evolved into an AV disaster.

kirby

Vampirefo
Premium Member
join:2000-12-11
Huntington, WV

Vampirefo to Kirby Smith

Premium Member

to Kirby Smith
About 'avsynmgr.exe' this is McAfee and must be disabled, for NAV to work, do a search on your pc for McAfee delete them all, run the programs, Name Game posted, then go to your service, and disable 'avsynmgr.exe' Reboot then run NAV again, it should uninstall itself, reboot then install NAV, all should go just fine.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

Well, now that my home's power has returned, I'll try some of the suggestions. (One might expect, if one were not a cynic, that the power company would put enough switches in their circuits that half a town wouldn't need to be blacked out to repair one pole taken out by an errant automobile.)

Vampirefo: No McAfee or Norton services are shown in manage/services. I must have killed enough program components during my morning flail to keep them from running. I will, though, try to clean them out more fully per the instructions above.

kirby
Kirby Smith

Kirby Smith

Member

For those following this epic, my late report is due to Norton Anti(?)Virus damaging my computer's access to the internet.

Following the advice above, I cleaned out every vestige of McAfee and Norton in the registry, other than some personal information that clearly didn't initiate any action. I then reinstalled Norton Antivirus 2002. Again, the BSOD problem occurred. The blue screens would occur without my actually doing anything with any of Norton's menus. Further, as each BSOD caused a reboot (I hadn't fixed SP3's default in that respect), the BSODs occurred sooner and sooner after login. Worse, and very bad manners, I noticed that my BIOS would take longer and longer to detect my RAID setup! OUTRAGEOUS!

Again, I had to go into safe mode to stop it and remove Norton. This gets very old very quickly.

The real disaster, however, wasn't apparent until I had finally cleaned Norton out again. My connection to the internet wouldn't work. More specifically, my access to my router wouldn't work. ipconfig/all showed no DNS entry, IP address, etc. Ipconfig /renew complained that there was an internal error and that I should pull the connection and /or reboot. These actions, of course, did nothing to fix it. I suspect Norton blasted my TCP stack, or maybe my BIOS, because running chkdisk and system file checker had no effect. I will probably have to re-image my C: and D: drives with Sunday morning's backup to get back to functionality. And if that doesn't work, re-installing my BIOS firmware is an even more tedious process.

Anyway, this does not encourage me to use Norton, to understate the obvious.

kirby

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Kirby Smith

Premium Member

to Kirby Smith
Could be kirby..But I think you also have something else going on in that system..could be a trojan/worm..maybe hardware..but if it all goes away after you completely divorce yourself fron Norton..then You have you solution.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

My hardware configuration could well be a problem. I would doubt a trojan, though, as I run TDS-3 and Wormguard.

kirby
Kirby Smith

Kirby Smith

Member

Update: Attempting to restore a previous image from my tape drive within the existing Win2k program just led to a corrupted mess. I expect I will have to split my RAID 1, repair one hard-drive's C: partition, get the tape backup program (Onstream 1Safe) working on it, delete the "C:" partition contents on the other hard drive, restore to it, and then boot to the other disk. If that works, then remirror. Alternatively, if the previous doesn't work, I have yet another, non RAID drive formatted for operation on IDE1 running Win2k SP1 that I could re-install and use for this recovery process. I am hoping I can get to last Sunday morning's image and then try SP3 again after I've contacted McAfee.

What a pain in the keister.

Also, I have reviewed Norton's web site forum for like service issues. I was disappointed to find that few of the requests for help since SP3 came out have been answered, and no-one seems to have had a similar problem. I have not yet called McAfee's $$$ hot line to find out about fixing their glitch that started this, or maybe it was SP3 that should be blamed.

kirby

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Kirby Smith

Premium Member

to Kirby Smith
Did you install SP3 from a disk or the Internet?
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

MicroSoft CD that was delivered last week.

kas

Name Game
Premium Member
join:2002-07-07
Grand Rapids, MI

Name Game to Kirby Smith

Premium Member

to Kirby Smith
Thought so..was wondering Kirby if you had all your security stuff...you know McAfee and anything else running when you did the install....so many people do..and they have other things running in the startup when they do that SP3 install.

I think that is a risky thing to do.

mboy
Premium Member
join:2001-04-13
Little Falls, NJ

mboy to Kirby Smith

Premium Member

to Kirby Smith
I would highly doubt that anything relating to SP#, NAV or mcafee messed with your bios.
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

Name Game: I kill practically everything when installing major stuff. Both anti virus and anti trojan programs were killed. Ati MMC was killed. No applications were running other than Explorer. There could have been one or more unnecessary processes running. I didn't go through the process list looking for other things to kill, but will try to do so next time. Neither SP1 nor SP2 were seemingly bothered by running processes (not to be confused with applications, although I'm not sure why), nor did McAfee develop a defect after those installations.

mboy: your doubt is encouraging. I do wonder, though, why the time it took the Highpoint controller to report the RAID configuration to whatever part of the BIOS runs the monitor got longer and longer after each BSOD and reboot.

Let me take this opportunity to thank youall for the help so far, and to apologize in advance for likely future delays in my response to any further suggestions. For what I hope are obvious reasons, my access to the internet is very limited. I will be able to review this thread on Thursday, but l will not be able to try a serious attack on restoration until Friday. After Thursday PM internet access will not be available to me until I fix the problem, or Tuesday arrives.

kirby
Kirby Smith

Kirby Smith

Member

He's baaaack. Finally have a partial rebuild sufficient for communication. No thanks to Onstream, who's tape backup system proved to have a flaw I couldn't overcome. The registry, by default, is only backed up into a system state file, so one cannot restore it from a different drive. And trying to restore from within the active C: drive along with the other files was blocked by an obscure complaint. So I had to build from scratch, after quite a few experimental tries with attendant startup disk loadings.

Of course, I haven't forgotten Symantic Norton AV, which destroyed my system.

And then there is MicroSoft SP3 which broke McAfee Vshield. Someone, I think here at DSL Reports, was promoting a "iuctl.cab" download, I think from Microsoft, to fix some dll SP3 purportedly breaks. Anyone recognize this file and have a link to where MS touts it? TIA

kirby

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

Randy Bell

Premium Member

Welcome back, Kirby!! Geez, you've been havin' problems lately, huh??
said by Kirby Smith:
I had to build from scratch, after quite a few experimental tries with attendant startup disk loadings.
Anyway, the important thing is you finally made it back!!
said by Kirby Smith:
Of course, I haven't forgotten Symantic Norton AV, which destroyed my system.
Well, I don't blame you for being a bit leery of NAV right now; but I've been using NAV for a long time -- since version 5, soon followed by version 6 which was NAV 2000 -- and I've never had any problems with it.
said by Kirby Smith:
And then there is MicroSoft SP3 which broke McAfee Vshield.
Sorry about that one too, LOL...tough luck...
said by Kirby Smith:
Someone, I think here at DSL Reports, was promoting a "iuctl.cab" download, I think from Microsoft, to fix some dll SP3 purportedly breaks. Anyone recognize this file and have a link to where MS touts it? TIA
Try also in the Microsoft Help and Software forums. :)
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

The rumor of my computer's life was premature (with apologies to Mark Twain). Shutdown last night seemed a bit abrupt, and this morning startup led to a blue screen complaining about \winnt\system32\config\system missing. Unfortunately, I can only remember one key fix for the Abit KT7-RAID highpoint controller vs. windows not doing correct disk cache unloading, and I think I had done it.

I also had noticed during the various repeated builds a message at the top of the b/w window's startup screen that said: disk i/o error: status = 00008001. I had ignored it before, but now suspected it was related. Further testing showed that it was independent of from where I started the drive, IDE1 or highpoint IDE3. I eventually got rid of it by re-flashing my BIOS. This, I suspect, was due to Norton AV, and was related to the cause of the slow RAID discovery I mentioned in an earlier post.

But wait, there's more!

Now without the error message, I optimistically built yet another Win2k OS setup on the highpoint bus, and had it fail upon reboot from shutdown, which I tried reasonably early after installing SP3 and Ati software. However, the key was that the death reboots only occur after shutting down the computer, not during windows commanded reboots after software installs. I proved this by installing only Win2k, nothing else, and shutting down. Soon I will memorize my key. The reboot from shutdown led to a blue screen; the drive was somehow getting corrupted. Moving the drive from the highpoint IDE3 to IDE1 did not bring it back.

This message is coming to you via my emergency Win2k disk that is normally not connected to the motherboard. It seems to work OK, but I haven't had the guts to move it to the highpoint controller to see if I can break it.

My next step, besides heaping opprobrium onto Symantic, and most likely Microsoft, will be to try to do a build on the former highpoint IDE3 drive from IDE1. I am going to install McAfee on the emergency drive first and exercise it on the victim drive before trying though.

Is it possible that a virus (e.g., Norton AV?) could screw up the drive MBR in some manner that formatting the C: partition would not clean up? If so, how do I fix it?

kirby

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

Randy Bell

Premium Member

said by Kirby Smith:
Is it possible that a virus (e.g., Norton AV?) could screw up the drive MBR in some manner that formatting the C: partition would not clean up? If so, how do I fix it?
"FDISK /MBR" (without quotes) might work, although it's risky...I seriously doubt Norton would mess up your MBR, but I could be wrong. :)
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

I'm soon going to run McAfee thru the entire bad disk drive. I have the version (5.21) that wouldn't fully run under SP3 functioning under this SP1 build. I'm not ready to blame Norton for MBR hacking yet. It always could be a virus that sneaked in when VShield was down. Or, there may be nothing wrong with it. I just want to cover all bases before I do my nth rebuild. On the other hand, only reliable web sites were visited during that period, Netscape 4.73 doesn't auto-open attachments, and most mail I get comes from a forum server that strips attachments. In fact, before VShield went down, it never reported a virus on my email. I think Verizon strips them also along with its spam filtering.

I'll have to look into fdisk and any win2k equivalents. This functioning drive does have DOS on it, and I could conceptually blast the bad drive with it, then reformat with Win2k. There isn't much on that drive that I don't have on a backup tape.

Thanks for the help

kirby

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

Randy Bell

Premium Member

Hope you eventually get your entire system restored to health, Kirby. :)
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

Thanks Randy:

BTW, my fattest of Win2k tomes, "Win2k Resource Kit," describes the recovery console's capabilities. Included are the commands 'fixmbr' and 'fixboot' that I can use to wreak further havoc.

kirby
Kirby Smith

Kirby Smith

Member

OK, here is the bottom line:

x My MBR was corrupted, the Recovery console command 'fixmbr' did its job without blasting anything else. Due to the late discovery of this, I cannot be sure whether (a) Norton did it because of an incompatibility with the highpoint RAID controller and whatever Highpoint does to the MBR, or (b) to attempts at tape restore. I suspect Norton.

x fixboot was also run without claiming corruption or not.

x chkdsk fixed a few files.

The last Win2k build on that logical disk would then run on IDE1. Perhaps I could have saved the original or any of the many intermediates with Recovery Console, although I suspect running it before I had re-flashed the BIOS would not have worked and thereby misled me.

After adding a reasonable amount of software to the build, starting with SP3, the build showed it could handle repetitive shutdowns and restarts. I installed McAfee 5.21 with 4.1.60 engine. As was the case a week ago when I tried this, Avsynmgr failed to run on bootup. A message from the McAfee VS 5.x help forum at Symantic suggested extenting a time parameter in the registry. This didn't work in this case. I am awaiting other suggestions from them. There is plenty of evidence on that forum that the Avsynmgr problem has happened to several people.

For comparison, a Win2k Pro SP1 build on a separate hard drive and operated on IDE1 was also subjected to McAfee. Installing 5.21 with engine 4.1.30 showed the same behavior, but with 4.1.60 Avsynmgr worked. I did use the time parameter, but I don't think it was necessary.

I now have the SP3 hard drive on the Highpoint controller (IDE3). It started fine. I will restart a few times to determine stability next.

kirby

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

Randy Bell

Premium Member

said by Kirby Smith:
A message from the McAfee VS 5.x help forum at Symantic suggested extenting a time parameter in the registry.
a forum at Symantec??...you must mean at McAfee, or does Network Associates still own them?? Just curious...hope you get it all straightened out soon...and I hope Norton isn't the culprit in all this...have had no trouble with Norton products myself, LOL. :)
Kirby Smith
join:2001-01-26
Derry, NH

Kirby Smith

Member

There is a help forum at McAfee. (Sorry, Symantic only owns 75% of them, I think I read somewhere.) One gets there via a button on the virus scan console. I haven't been able to find the path yet from the main web site.

I presently have one drive functioning correctly on the Highpoint RAID controller IDE bus. I have installed a representative portion of the original software build. (As noted above, VShield 5.21 is not working under SP3.) I still have to connect up IDE2 DVD and Zip drive.

I guess there is one benefit from all of this besides education -- a definitely clean installation of Ati's software.

Before I mirror another drive and re-establish the RAID 1 configuration, I would like to find out if mirroring (on the Abit KT7-RAID) will replace a bad MBR on the disk mirrored to.

kirby