Endpoint Protection

A relative of mine has a laptop running XP Pro, with Norton AV installed and running (and updated).
Apparently it was all OK when shutdown, but when next rebooted many desktop shortcuts were missing or "do nothing".  SImilarly the left-hand column of the "start" menu is blank.  Programs such as Word run but will not save changes.  Running the install from DVD to "repair" XP seems to have almost no effect and there are error messages about missing files whilst doing so.
A "CHKDSK /R" did not report any errors.

I'm guessing that this is a virus.  If so how did it get through NAV?  or is it NAV that has quarantined files and thus "removed" them and is preventing execution?
What is the way forward now?  Presumably she needs a virus removal tool on CD.  But which one?
Any help appreciated!

Not necessarily a virus. I've seen similar from file corruption, or hardware failure (drive, drive interface, etc)
Believe it or not, I had a motherboard go bad and act almost exactly the same way.
Electronics typically fail on POWER-UP.

So it could be hardware, could be virus/worm/Trojan/Rootkit, But you need to find out for sure........
Can you boot into safe mode ?
If so, boot into safe mode and scan - even going to safe mode with networking and go to an online scanning service (Symantec, Trend Micro and others offer such help)
Get a tool such as Trojan Remover or Malware Bytes antimalware app and run those while Windows is in safe mode.
SOME Rootkits can get past SOME AV - what version of AV are you running?

I also don't really like checkdisk - it's pretty lame, IMO - I feel you are better off with a diagnostics provided by the drive manufacturer.

 I would tend to agree with Shadow. Most times stuff like this is because of poor OS and reliability issues associated with it.

Apart from whats Shadow has mentioned, please make sure you are patched for the OS that you use. These are simple yet powerful techniques to take care of most issues

Have you tried running a full-scan? Can you check the user profiles? It could be that you are loggin in on a temporary profile.

Paul is right, do a full scan. better in safe mode.

Thank you all for the suggestions.  One problem I have is that this is not my PC, and I have to talk to the owner on the telephone and tell her which keys to press.  Last Friday I could not get IE to run (there was a permissions problem) nor could I get CMD to run from the start/run menu, because it was "missing".  I will try the scan in safe mode as suggested, but I am not very familiar with Norton AV (we have a firewall + McAfee at work), and may not be able to download anything else.

I do know that the problem PC is fully "up to date" with XP and NAV updates, so I am a bit surprised to see this problem.  I am beginning to think that a "Format" and re-install might be the best option.  I do not know if I will be able to run an external scanning service if I can't run IE.

I accept that CHKDSK is not perfect, but with the apparently widespread problems in the OS I would have expected some indication of a problem if it was hardware, but I will see if I can find a better diagnostic for a 40GB IBM travelstar (in an old Dell Latitude).

I will let you know if we make any progress!

Hi Jonathan,

You can recover all windows system files by doing a sfc /scannow on the run command.

regarding the HD, please download the diagnostic tool from the vendor support website, alternatively you can HDD life to monitor HD. try it http://hddlife.com/

I had not thought of sfc /scannow - a good tip.  But I did fail to get a cmd window to run.  I will go and fetch the PC, then I will be able to use safe mode.

CMD and COMMAND are actually 2 different files in Windows XP and both are located in %windir%\system32.
If one fails you can try the other.  Note that the difference is one is CMD.EXE and the other COMMAND.COM.  Also CMD has "doskey" encapsulated and a little more functionality than does COMMAND. Changing directories with more than 8 caracters can be, "annoying" to say the least.

As long as your paths are set, you should be fine though.

If your run command is disabled, you can use CTRL + SHIFT + ESC to go to Task Manager,  then click file File, then New Task (Run), type the command then click ok.

But in any case your registry edtiting tools are disabled because of the virus,
Open up a notepad paste the text below

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=-


Then save, save as, all files as "enableregedit.reg"
run this file to restore regedit.

Sorry for the delay (It's been one of those weeks)!
I tried numerous options via the 'phone, but eventually geva up and went to get the PC.. I found a diagnostic for that particular disk on the net and it still shows no errors.  I tried the CMD/COMMAND options but with little success and so was unable to try the registry patch.  I will admit that I eventually lost patience with it and reinstalled everything after formatting the disk.   So everything is back to normal apart from some lost (recent) data.

I cannot say that I know what the problem was, nor that any particular suggestion really solved the problem; but I really do appreciate all the help you have provided, and I fell better prepared for "the next one".

maybe better if you have an image of the PC so that you would not be tired by installing the whole software... You could use Altiris to deloy the image afterwards...

thanks.