Endpoint Protection

HI,

I need help on how to remove this kind of virus on my workstation, I have SEP 11 installed on my workstation It can be clean, but after cleaning the virus the services of my  SEP 11 stop, tried to restart but it wont help, I tried to re-install the SEP 11 but it prompt us an error ''installation interrupted''.

:-)
 

Hope you disabled the autorun and system restore , some times it might come from a network share, or a through USB, make sure that u followed all the steps mentioned here.

http://www.symantec.com/security_response/writeup.jsp?docid=2008-042106-1847-99&tabid=3

Rafeeq

We might want to check the installation log..

1. Go to Start > Run > Type %temp%
2. Deleted th existing "SEP_INST.LOG"
3. Install SEP

Check the log to verify what is interrupting the install...

You can find for "value 3" or "value 2" similar to how you find for all other installation failures. This shoudl let us know if we have some components, corrupt entires, files or folders causing this.


Thanks :-)

Hi,

As you mentioned earlier, seems like that virus is not letting smc.exe service to start, virus always keep an eye on installing software and know how to kill those, you have 2 options here,
1) follow all the steps i mentioned earlier
2) try replacing the image file execution key ( on your own risk, i hope u know how to back ur registy , if not please use google)

take a back up of entire registry
then take back up of this key               Image File Execution Options
from


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

now take a back up of Image File Execution Options
entire value from any machine which is running fine with SEP , (not infected with virus)

put this key to our infected machine.

Try installing the software. I'm sure that this should work

PS:  I bear no reponsible to editing registry

more info about this key can be found at and the reason whats keeping an eye

http://blogs.msdn.com/junfeng/archive/2004/04/28/121871.aspx

@rafeeq

How can I change the value on the regedit if I cannot access the regedit as well as my task manager?

@kedar,

I already tried that resolution I also deleted the symantec folder in common files but still it wont help

this is the exact error that I encountered when trying to resintall SEP 11 "The Wizard was Interrupted before Symantec Endpoint Protection could be completely installed"?

hope you could help me.

:-)

scan before installing. use NSS to scan the pc.

As mentioned at the beginning that 

1. The system is now clean
2. We still cannot install SEP

Looks like to AFTER EFFECTS of the threat sality are causing the same. It  might have corrupted the utilities like Registry, Task Manager, etc... which might be called/required during the install..

I believe we should fix the OS corruption and try to install SEP again...


Thanks :-)

Your copy of SEP installation files definitely has been infected too before you knew it....
How 'bout using NAV10, update the definition and then run a full system scan. It works for me though. :-)