Desktop

General discussion

Gravatar
Locked

Two Problems Sort of Linked

By k_graffx43085 ·
I have two problems. First, my 18 year old son was using a very poor pop-up blocker and acquired the trojan virus that changes your home page for IE and prohibits you from searching. I had him install Norton, which found 4 viruses on his computer and quarantined them. Upon deleting these quarantined files, his problems got worse.
He ran another virus software that found nothing but froze up his computer nicely. This lovely program told him to DISABLE his system restore - therefore making the NEW restore date today when I finally was able to turn it back on after deleting this wonderful piece of virus software. There is, though no restore to a previous date possible.
The alternate problem is that we are using a wireless network - Linksys Wireless B. It's been ok up until now, but for some reason, he uninstalled it and reinstalled it - but it didn't work. I tried to uninstall it, but it won't uninstall. The file "NICServ.exe" is throwing an "access is denied" line when I get into dos and try to delete it. HOW do I bypass this? When I try to install, it says it's already installed because it sees this file. I tried moving it - thinking maybe if the install program didn't see it in a Linksys folder, it would install (forgive me, I'm not a techie). Of course, that didn't work.
SO, my questions are: 1 how do I unlock this blasted file so I can delete it? & 2 if I were able to connect to the internet through his computer only to find out that the virus STILL remains, any other suggestions on how to get rid of it?
HELP PLEASE!!!!!!!!!!!!!!
KSE

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by LMon In reply to Two Problems Sort of Link ...

Under the administrator account. I would strart off by running MSCONFIG go to services tab. And Uncheck anything that belongs Norton\Symantec, the other anti-virus software, and then the Linksys software. Once you restart the computer go to ADD\REMOVE programs and remove the three one by one. Then I would install the Lynksys software and the Norton's AV program. Update Norton's and then remove the viruses instead of quarantining them. It sounds like Norton's has taken over your system and does like the fact that another software program is thereon the system.

gravatar
Collapse -

by LMon In reply to

If this is windows XP you dont need linksys's utiliy for the wireless card(per Linksys website) they recommend you use Wireless zero Configurator so if you unchecked you must go back into the msconfig and place the check mark on it. Have you tried uninstalling the Linksys software with the setup disc it that it brings.

gravatar
Collapse -

by LMon In reply to

If this is windows XP you dont need linksys's utiliy for the wireless card(per Linksys website) they recommend you use Wireless zero Configurator so if you unchecked you must go back into the msconfig and place the check mark on it. Have you tried uninstalling the Linksys software with the setup disc it that it brings.

gravatar
Collapse -

by k_graffx43085 In reply to Two Problems Sort of Link ...

OK, what I did was, upon the recommendation of a friend, I renamed the file NICServ.exe to NICServ.txt and then rebooted. This enabled me to delete that file and the associated folders, leaving no evidence of that file on the computer. I emptied it from the recycle bin. Yet, when I tried to reinstall the Wireless-B software, it still thinks it's installed, mentioning WLAN files also so I did a search for them and uninstalled them. Still no go. Meanwhile, I also followed the instructions above and was able to uninstall Norton's with no problem. I can't, however, reinstall it because there is no internet connection on this computer until we get the wireless working again. There was a file "Wireless Zero..." that I unchecked, along with a file WMP11 something that matches the file giving me fits. STILL Wireless B thinks it's already installed. I did a search in DOS and none of the files turn up. It appears that the virus is gone. We have rebooted numerous times - I checked the registry and those internet settings I changed are still as I left them. We won't know for sure until we have a workig internet connection on that computer.
The goal now is to be able to reinstall Wireless B without it thinking it's already installed!
Thanks for your help!!!!!
KSE

gravatar
Collapse -

by CG IT In reply to Two Problems Sort of Link ...

hummm if the O/S still sees a wireless card installed, try removing/uninstalling the device in device manager[ e.g.] for XP systems : start,control panel, performance & maintenance,system,hardware,device manager. right click on the network interface card and choose uninstall. power off, remove the device, power back on. check to make sure the device doesn't show up in device manager, Then power back down and reinstall

Note: Removing files via the dos command prompt on a W2K/XP system isn't the way to remove programs and files. the Access is Denied message means that the O/S won't allow you to access the file/folder cuz its in use. Always use the add remove programs. Norton requires some extra work as they have a script blocker which loads up at boot up and is really hard to remove in Windows Mode. Their site has the instructions on how to do this [though without an internet connection ha! right.]

I would recommend that after you've done you run a registry cleaner/checker and get rid of registry entries left behind by deleting programs outside of ADD/Remove programs.

gravatar
Collapse -

by k_graffx43085 In reply to

I am not an idiot, but thanks for playing. I KNOW that using DOS is not the ideal way to uninstall files. It would not uninstall via the "normal" process - the uninstall threw errors. When I tried to reinstall to correct whatever problem may be present, it said the software was installed and to uninstall it to start over...nice circular nothing. Norton's uninstalled with no problems, although it's not worth re-installing it until I have the internet connection reestablished on that computer since it can't update.

gravatar
Collapse -

by Digital_DNA In reply to Two Problems Sort of Link ...

This is an awful lot of work for your son?s computer. The easiest thing to do would have been to format. I live by the 30 minute rule, which is, if it can?t be fixed in 30 minutes, the drive gets wiped. It?s really the only way to know for sure that the drive is clean. You can spend days working on this problem only to find out that a 5 hour format/reinstall of os and appz would have certainly fixed the problem. Well, that?s what I would have done anyway..

There is a tool on Symantec?s wed-site that will remove NAV (RNAV2003). The file is 348kb so you will have no problem copying it to a floppy. RNAV2003 should remove enough of Norton Anti-Virus to allow you to re-install it. Hopefully that will solve your AntiVirus issue. As a recommendation I would suggest you download Spy-Bot Search and Destroy and CWShredder (Google). I can guarantee that the computer in question is infested with other malware, another reason to wipe the drive clean and start fresh.

As for the wireless, I concur with the suggestion above. Remove the device from device manager. I would also like to add that there are certainly entry's in the registry that need to be removed in order to re-install. It sounds like the software is looking to registry for instances of itself. If finds any the installation aborts. Locating this entry can be very difficult.

Well, that?s all I have. Good luck.

Digital_DNA

gravatar
Collapse -

by k_graffx43085 In reply to

I disagree - 30 minutes is an awfully short amount of time to spend troubleshooting in lieu of reformatting. Aside from which, if you type in "FORMAT" in DOS, it tells you that it can't do it for some reason I don't remember. This is not a "child", my son is 18. He is a senior in high school graduating in June. I'm not sure why you thought that because it was the computer of a "child" it was worth less efforts. This computer is less than one year old. Now, if it were a 5 year old computer, I might agree, but it's not and that was a silly, and useless thing to say. I do agree that the registry needs to be checked. I thought of this yesterday when I should have been studying for an exam and a friend in the IT business recommended the same thing last night.

gravatar
Collapse -

by RCOM In reply to Two Problems Sort of Link ...

First a few comments on if it can't be fixed in 30 minutes format and start over. A person that uses a rule like is not a computer technician. Depending on the situation it may be easier to reformat the hard drive. But in the many, many years that I've worked on computers this has rarely been an option.

I'm not sure why these (reformat) people even respond to questions. I'm sure you wouldn't be on this site wasting time to ask questions if you didn't want to save the system.

Anyway on to your problem.

The reason to disable System Restore is to prevent the virus from hiding in those folders that are not scanned by the virus removal tools. As you've found out, never add more than
one virus program on the same PC.

As mentioned remove the wireless device from the PC. Then uninstall the application. As long as it's connected the drivers are installed and it will be running in the services. After rebooting the system it should be gone. If the wireless router has a connection for a network cable use that to redo the setup.

There's a reset button that can be used to restore it to factory settings. After that you can connect to it and go through the setup again.

gravatar
Collapse -

by Digital_DNA In reply to Two Problems Sort of Link ...

Ewww.. Cyberspanking! 30min is a general rule "I" follow. At 35.00 per hour not many people can afford a lengthy solution to there problem. But, we?re not talking about money here, after all, its just time.

Based on the information you provided (4 viruses) I would recommend format. I agree, format isn't a solution in every case. As your finding out, one problem leads to another etc. I've seen viruses that delete system files and replace them with there own version. How do you know explorer.exe (the windows shell) isn't the virus writers own version? One way is to run sfc /scannow to replace system files that do not match the originals. In theory, it sounds good. However, what if there is an entry in the registry that auto-run?s a program that replaces these files with the virus writer?s files? Round and Round we go. I?m getting dizzy!

It was just a suggestion, nothing more. After all, were not talking about a mission critical server here. Were talking about an 18 year old, who is probably very annoyed, that just wants his computer fixed.

DCOM... It?s been my experience that people what the problem solved the first time at the least possible expense. It?s people like you that keep sending me customers. Thanks! If performing a format makes me less of a technician, I can live with that. At least my customers are satisfied and I can sleep at night knowing I fixed the problem and I didn't take them for a ride doing it.

Now if you will excuse, I have a computer to format. Customer will be back browsing the net in three hours, Guaranteed!

See you at the command prompt.

Peace

Back to Desktop Forum
10 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums