There was some ucb-security that this may be because of Gaobot.AFC or some
other variant that disables Symantec. It creates entries in your host file
that prevent you from visiting liveupdate.symantec.com and other antivirus
vendor web sites.
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.afc.html
@llen
~---------------------------------~
Allen Chang
Lead Network Security Coordinator
Office of Residential Computing
UC Berkeley
~---------------------------------~
On Wed, 5 May 2004, Michael Rimar wrote:
> Hello:
>
> I haven't seen any feedback on this yet...similar problem here on a
> machine that does not appear to show any sign of the recent worm,
> (though Intrusion detection has shutdown its IP address already!) but
> I'm not able to run Symantec, can't update and can't install. Is
> there a variant that is affecting this application ONLY? Other
> installers work as expected (only tried one). But the Symantec
> installer appears to start...progress bar moves across, maybe does
> this again once or twice and then disappears without a dialog!
>
> Help!
>
> Michael
>
> At 8:49 AM -0700 5/5/04, Charles E. James wrote:
> >Good Morning, Micronetters
> >
> >Here is the issue, I have one workstation that has been compromised
> >by Sasser. I went to Norton (Symantec) and downloaded both the
> >Sasser tool and the Norton Internet Security removal tool.
> >
> >When I tried to follow the directions to clean the virus from the
> >Norton print out I could not update the anti-virus program. It said
> >I need to check to ensure I have a network connection which I do.
> >Now, the shield disappears when I try to open the virus program. I
> >tried to uninstall the program so I could reinstall and it will not
> >uninstall.
> >
> >I ran the uninstall tool from Symantec and it says I uninstalled
> >successfully but the program is still there. I did the manual
> >uninstall which worked and I installed the Internet Security (A/V
> >and Firewall) but it will not update.
> >
> >I also checked the registry and processes to see if the avserver.exe
> >was there and running and it does not show up.
> >
> >Short of formatting and reinstalling, any idea's on correcting this problem?
> >
> >Thanks,
> >
> >Charles
> >
> >--
> >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >Charles E. James, P/A I
> >IST/Student Information Systems
> >U. C. Berkeley California
> >510-642-8440
> >
> >
> >------------------------------------------------------------------------
> >The following was automatically added to this message by the list server:
> >
> >For information about Micronet, including subscribing to
> >or unsubscribing from its mailing list and finding out
> >about upcoming meetings, please visit the Micronet Web site:
> ><http://micronet.berkeley.edu/>.
>
>
>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Wed May 5 10:16:54 2004
This archive was generated by hypermail 2.1.8 : Wed May 05 2004 - 10:16:54 PDT