Want to try AVG but just cannot get rid of Norton's persistent antivirus that itself behaves like a worm? Here are some instructions that have worked.
So you want to use Grisoft's AVG Free as your antivirus, but had Norton antivirus installed before, which is now proving more persistent than a flatulent release in a bath, with Symantec's whole convoluted shebang only compounding your woes? Well below is a simple sureshot way to get rid of Norton for good.
- First, from Start –> Cpanel –> Add/Remove programs, remove every trace of Norton and its associated programs, which means scan through the list of installed programs for any item that says "Norton" or "Symantec" or "LiveUpdate" — for example "Symantec LiveUpdate" or "Norton AntiVirus 2003".
- When you are absolutely sure that these vermins are gone, it is VITAL that you reboot the computer. When you are back into XP, delete the following folders manually — if they don't exist that's fine:
c:\Program Files\Symantec AntiVirus
c:\Program Files\Common Files\Symantec Shared
Do a SHIFT DELETE if possible, the folders don't go into your Recycle Bin in that case, so they are gone from your computer for sure.
- After the above, I usually clean the Windows Registry for any entries that are lying around stray. Get a Registry Cleaner like HoverDesk's RegSeeker (zipped download) and use the "Clean the Registry" option.
- Once that is done and you have SELECTED ALL and deleted the stray items, reboot again. To be sure.
- Norton should be gone when your machine is back up. If not, Symantec has a brute force utility called RNAV2003 — get it here, which ought to do the rest of the scavenging, but it shouldn't come to that.
Inadvertently hit by the Netsky family, and been having troubles getting rid of it? Check this step by step removal procedure out.
Suddenly getting *.pif attachments in your emails or a bunch of very personal and realistic sounding mails from people you don't even know? That's because the Netsky family has gone primetime and spawned a million and one variants: I-Worm.Netsky.A, I-Worm.Netsky.B, I-Worm.Netsky.C, I-Worm.Netsky.D, and now even I-Worm.Netsky.E. Many people have tried updating their anti virus definitions for their respective tools, but Netsky is clever (it stores info in the Windows registry, and deletes some vital keys as well!)
I use Grisoft's wonderful AVG tool, which is great if you had it BEFORE the Netsky virus (but then I also use a combination of Spam Assassin and Clamav)
Now that you know how to disable and enable System Restore, let's get cracking.
OPTION 1: THE MCAFEE WAY (STINGER)
McAfee has made a very nifty tool called Stinger available which automatically scans your computer for 39 viruses and deletes them. It's pretty simple to use, just download and execute.
- Download Stinger.
- Disable System Restore as described above. This will take your system into a reboot.
- When the computer is back again, wun Stinger from your desktop by double-clicking it. Wait, get some coffee, etc etc. This takes time.
- Optional but recommended if the first run above found some virii: Run Stinger again to make sure your PC is clean.
- Re-enable System Restore from the Control Panel > System > System Restore (checkbox).
On my machine with 120GB hard disk, 57% used, 1 GB RAM, this tool took about an hour to scan through all files. Which is probably a worthy price to pay
for the convenience of automation. Worth a shot for sure.
If and only if this doesn't work, try the next and somewhat more convoluted tool from Symantec.
OPTION 2: THE SYMANTEC WAY
Roll up your sleeves as this is can get a bit involving for people who don't know MS-DOS prompts or some Windows system functionality (although there are screenshots to boot below whenever possible)
- Download the FxNetsky.exe file. Save the file to a convenient location, e.g.,
- Download the file chktrust.exe. IMPORTANT: Save this file as the same location as above:
- Now close all programs, including the browser from which you downloaded the above applications. Then, START –> RUN, and type
This will start the MS DOS PROMPT. Here, type:
chktrust -i FxNetsky.exe
Press Enter after typing each command. If the digital signature is valid, you will see the following:
"Do you want to install and run "FxNetsky.exe"
signed on 3/1/2004 10:33 PM and distributed by:
- If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
- Disable System Restore.
- Double-click the
FxNetsky.exe in your
c:\netsky_remove folder to start the removal tool.
- Click Start to begin the process, and then allow the tool to run. Sit back and enjoy the ride. This takes time.
- When the tool has finished running, you will see a message indicating whether W32.Netsky@mm infected the computer. In the case of a removal of the worm, the program displays the following results:
Total number of scanned files
Number of deleted files
Number of repaired files
Number of terminated viral processes
Number of fixed registry entries
- Reboot the computer.
- If virii were found, then run the removal tool again to ensure that the system is clean.
- If you had disabled System Restore, then re-enable it.
Let me know if this doesn't work as desired!