When Im trying to do a virus scan, it runs for about a minute, then I get a message saying something like: the scanner module has encountered a problem and will terminate.

The error log points to navw32.exe and ntdll.dll

I have version 8.00.58

I recently installed Office XP.

Being paranoid as always, I was thinking; could not a virus be written to cause the anti-virus program to crash?

I have looked at Symantecs support page, but found nothing relevant. Has anyone experienced anything similar?

/Skunks

is your Norton Anti Virus also for XP?
Try to close everything before using the Anti Virus prog...

See the W32/klez-G thread on this forum. That virus clobbered all my anti-virus stuff, including the up to date McAfee.:mad:

The latest version of Norton 2002 AntiVirus should be 8.07.17c. Make sure you have run LiveUpdate. They recommend you run it until you get all the updates. You need to run LiveUpdate once a week for the new virus definitions or put it on auto update. After you update the program and you still have the same problem see Symantec's web site and search their knowledge base with the exact error message.

http://www.symantec.com/techsupp/

Norton stops the W32.Klez.gen@mm virus.

Date: 5/4/02, Time: 17:08:28,
The email attachment SIZE.exe is infected with the W32.Klez.gen@mm virus.
The file was quarantined.

Now Im really getting worried!

I have tried to re-install NAV - same thing.

I then installed McAfee, figured I would run their AV-scan - the program will not even start up after it was installed.

I know its possible to run a scan after booting up with the Norton cd, but Im wondering how much help this would be - does it use the reference file from the harddrive? Otherwise it should be quite outdated!?

I REALLY dont feel like formating the whole drive again...

Anyone?

(I was able to run a special scanner for this Klez-thing, no trace of it)

If you are going to re-install Norton, Symantec will say to completely uninstall the program first. Make sure you run the updates and when it tells you reboot do it. Then run Liveupdate until you have all updates. If you still have problems check their web site.

http://www.symantec.com/techsupp/consumer.html

Situation:
You are preparing to install Norton AntiVirus (NAV). You want to know what to do to ensure a problem-free installation of the program.


Solution:
Before installing NAV, you should do the following to ensure a problem-free installation of the program:

1. Verify that the computer is virus-free.
2. Uninstall any other antivirus software program.
3. Uninstall any previous version of NAV. This includes any trial versions, or NAV itself if you are reinstalling the program.
4. Close all running programs before starting the installation



Situation:
While installing Norton AntiVirus (NAV) from the CD, either the installation screen appears and then disappears when you insert the CD or nothing happens.


Solution:
To correct this problem:

1. Disable or uninstall any other antivirus product besides NAV that might be installed.
2. Reinstall NAV in Safe mode. See the document for your version of NAV:

I got a tip about House Call! (internet based AV-scanning)

I ran it and found a backdoor virus - BKDR_SDBOT.A

It apparently installed when I ran a program that was supposed to be something else (no, not an e-mail attachment)

Since my AV-programs dont work I had to get rid of it manually. In order to do this I had to delete Rundll32.exe

Can I be without this file ot what?

I then scanned with housecall again - the virus seemed to be gone. Then I tried to re-install Norton AV again - same as before. It shuts down after about a minute of scanning. I have tried to shut down other programs normally running at the same time as NAV, no luck.

I can scan individual files with Norton, so I figured I would test it with the infected file that housecall found. Norton found nothing. I have all the current updates.

Doesnt this show that Norton isnt all that good? (I should say that prior to this I had never had any problems w Norton)

Norton Antivirus had a major paddy with Zone Alarm on my XP install. To date it's the only programme I've seen that's ever terminally screwed an installation of XP to the point of rebuild, so I tend not to mix the two any more.

SOLVED!!!

Well, the problem but not the mystery...

After many(!) hours of troubleshooting I finally found what was causing the NAV to shut down.

in the: "documents and settings\[my username]\local settings\temp"-folder (Im running a non-english version but I think those are the names of the folders) I found two files:

"00000622" and "00000646" each 894 kB. When I scanned them NAV shut down. They were marked as archive-files in the properties. No extensions and no info about them otherwise. I tried to open one in Word (maybe not the smartest thing to do...) - then Word shut down just like Norton did when it tried to scan them. I can scan the rest of the computer now, just fine as long as I dont touch these two.

I also found a suspicious looking file called wc_bundle.exe, the file passes the NAV-scan, but since I did have the backdoor-virus Im thinking that this might be related. The properties description is "Raven DR-Fetcher Executable", and the company is eAcceleration Corp.

On the first look, this appears as a setup program for Webcelerator - but can this be a modified version that was dropped by the virus? Raven DR-Fetcher Executable...hmmm?

Is there any way of inspecting these 2 strange files that caused the crash?

Im so happy to have solved this mess...I hope.

...NOT SOLVED!!!

Nooooo, I spoke too soon. These xxxx-ing files just keep coming back. This mess is just driving me (even more) crazy! Now I have used about 5 different AV /anti-trojan scanners just to find out if I still have something on the computer - but they dont find anything.

What are these files? (Now its only one - called 00000649)

I delete them before I start a full system scan, then during the scan they will appear again, and cause NAV to crash. Are they placed by the AV-program, and if so why cant the program scan its own files? If there is still a trojan in my system, why doesnt any program find it?

Ive tried to replace ntdll.dll and the navw32.exe files from a healthy system - same thing! I sent a message to symantec about it - no answer!

As for formatting the whole deal, I cant do that right now - unfortunately I only have a quick restore cd and I have too much stuff that would be lost (too much to backup on cds)

Anyone, plz!

I am having a problem on XP with Systemworks 2002 where it goes to liveupdate, downloads the latest definitions (?) but doesn't update the date for the definitions. I end up using intelligent update manually. I cannot find anything in their knowledge base that exactly covers my problem but am persevering with doing it manually.

I too have traced a number of Windows XP crashes and 'blue mist screens' to .sys and .exe files of Norton SystemWorks, and in particularly the AntiVirus software.

Have heard numerous other complaints about Norton Anti Virus messing up XP and making it crash.

I am using the built in XP firewall, I wonder if the Norton stuff is conflicting.

Anyone recommend a good simple Anti Virus package ?

I had a similar problem and despite hours on the phone to Norton techs I eventually downloaded a free trial of PCillin - not sure that's the right spelling - which found several viruses which Norton was unable to clean during installation.

After Norton was installed on a 'clean' disk the problems stopped. I am running XP too.

Have to say that I've had relatively few hassles with McAfee over the years. Some people swear by Norton, but it seems like more people swear AT it!

I use McA's Internet Security suite (FW* + AV + other bits) on the 98SE gateway and McAfee's VirusScan AV on the XP client and the only problems have been small ones. I don't worry too much about the Linux box apart from keeping open ports to a minimum.

DR-Fetcher may (?) be a component of Gator which was embedded in AudioGalaxy, see stuff about Gator at http://www.cexx.org/gator.htm

*getting the FW properly configured is a bit tedious

I've used nothing but VET on my computer for the last four years and in all that time it has behaved flawlessly. Viruses have arrived by e-mail and been promptly announced and dealt with, including the one mentioned by DX Wombat earlier. Although I have heard of people having problems with other anti-virus programmes, I have never heard of anyone having difficulty with VET.

Automatic updates arrive almost every day and VET checks itself to make sure all of these have been received. Once a week or so I scan the whole hard drive to make doubly sure but otherwise VET does everything itself ... and for a techno - retard like me that's great. Recommend VET very highly.

Just had to reformat and reload WinXP to totally eradicate Nortons Anti Virus (System Works), now have a totally stable machine at last.

Dilema is wether to bother with AniVirus software, seems to create more problems than it tries to solve. By its very nature it must sit in the registrys and at the root of the operating system always running in the background.

The XP firewall seems very good - to get 'infected' with any of the current worms/virus you must physically open and execute an email attachment - if you are 'street wise' you should be able to avoid this ?

Plus invariably Virus software is always lagging behind the latest hacker and its too late ....

Sites like www.antivirus.com will scan all system files for free for all known virus .... tempted to stick with this and the XP firewall for now rather than risk screwing up my system with another anti virus package ....... ??????

Dilema is wether to bother with AniVirus software, seems to create more problems than it tries to solve.
That depends very much on what AV software you use, and...
By its very nature it must sit in the registrys and at the root of the operating system always running in the background.

Not necessarily... on the Windoze 98SE system that I have at home, for use on those occasions when somebody insists on sending me a Word/Excel/PP document and won't provide it any other way :rolleyes:, I have a copy of Sophos, with Intercheck, (their on-access virus sweeping) turned off -- that's the important bit. I would hope that any decent AV software would allow you to do this. I save the file, and run the virus scanner, in on demand mode, across the file. Picks up every virus-infected document I've been sent, and doesn't interfere with the OS. I have no reason to suppose that this wouldn't work with XP. Requires discipline on the part of the user, of course... :(

Just found this very good independant Virus Software review site :-

http://www.software-antivirus.com/index.html

Confirms whats already been said here, ie. Norton is listed under 'Stay away' due poor stability and bad detection and uninstall problems.


Kaspersky Antivirus top of recommendations, but i've never heard off it ?
Plus McAfee Antivirus VirusScan Online ..........

I have used kaspersky anti virus lite (http://www.kaspersky.com) for 2 years now, it has intercepted and eradicated all but the jet homepage hijack, which it couldn't fully remove from the niggly windows ME restore folder. I had to manually turn off restore to purge the folder. I now use KAV in conjunction with spybot (http://security.kolla.de/) which removed jets registry entries. It is a superb program, but you really need to read the instructions before you let it eradicate stuff. It is free. I like free stuff. Mmmmm free stuff. The Zone Alarm freebie has been my firewall, and all three programs run smoothly under ME.

I also have ad-aware v6, which is good, but not quite as effective as spybot. Me, paranoid? While I'm plugging all the kewl free stuff I must mention http://www.virtualdub.org/index top video editor.

Speaking of free, NE 1 know where I can get a free m-jpeg codec? I have a trial Morgan Media codec, but they want $20 after 60 days. Mmmm free stuff. I'm still looking for a good auto cleaner, I have Internet Cleanup V2, which works ish, but it's a bit pedantic, and misses stuff. Wow, that sounds like a description of me working in the cabin......

Another useful site is http://www.f-prot.com/download/[/URL]

From here you can get a trial version of F-Prot for windows or, even better, a good prog to download and save to cd is F-Prot for dos. If windows becomes unusable due to a virus it can be cleaned up from the command (dos) prompt. Could be handy if using the internet without anti-virus software running. And its a freebee.

Concur with Blue Diamond re Vet. My employer, under licence, provided Vet FOC for employees' home use. I used it on my Win98, 98SE and XP Home systems and it was great.

Employer has moved to PCcillin - don't know why - and I now use that on my 98SE and XP Home systems. Again, no problems.

I'm pretty careful about what comes into my computers, so neither product has been really tested as a virus trappers on my machines, but both were (are) stable and caused no problems. Both lived happily with the two OSs and also with ZoneAlarm Plus, Webwasher and Mailwasher.

Can happily recommend both.

AA