Symantec Endpoint Protection has detected that there are pending system changes that require a reboot." when trying to install SEP 11.0 on Windows 7

"Symantec Endpoint Protection has detected that there are pending system changes that require a reboot." when trying to install SEP 11.0 on Windows 7

Problem

How can Symantec Endpoint Protection be installed when the installer presents this message?

Symptoms
If I try to reinstall Symantec Endpoint Protection Client (SEP 11) on Windows 7 a popup message appears "Symantec Endpoint Protection has detected that there are pending system changes that require a reboot. Please reboot the system and rerun the installation." 

 

 

Solution

---

To solve this issue, follow one of the options below:

Primary Solution:

1. In the registry, navigate to:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\

2. Back up the registry key.

3. Delete the PendingFileRenameOperations registry value from the right pane.

4. Install the software without restarting the computer first (Restarting the computer may result in the registry key being placed back in the registry before installation.)

5. Restore the registry key from the backup location.

Note: If you do not find the PendingFileRenameOperations registry value in the location above, this error message can be generated if the PendingFileRenameOperations registry value exists in the following location(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentSetXXX\Control\SessionManager\


Secondary Solution:

1. Look at the registry value to see what applications are pending.

2. In the registry, navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations

3. Locate all entries with a status of "Pending."

4. Rename the value of that entry, placing a "2" on the end of PendingFileRenameOperations.

5. Restart the computer.

Read More

Symantec AntiVirus Client Password Removal

Symantec AntiVirus Client Password Removal

Symptom/Sign of Problem

When trying to uninstall Symantec Clients, you receive a message saying only an administrator can uninstall

Fix Steps: Symantec Antivirus

Open Registry Editor (regedit).

Navigate to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\

Change the value useVPuninstallpassword data from 1 to 0.

Exit Registry Editor and now you can uninstall Symantec AntiVirus Client.

Note:    The trick should work on most version of Symantec AntiVirus client or Norton AntiVirus Client, including version 7, 8, 9 or 10.

Fix Steps: Symantec EndPoint

Start - Run

type smc -stop ( If it prompts for password; navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC, delete the smcexit key and then type smc -stop)

 Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

look for smcinstdata key; delete it

Exit Registry Editor and now you can uninstall Symantec AntiVirus Client.

Read More

Stuxnet Removal

Symptom/Sign of Problem
Gmer quick scan shows MRXCLS.SYS or MRXNET.SYS
Fix Steps:
Kill with Gmer
1. Expand the tabs in Gmer and click on the ‘Files’ tab
2. Navigate to %windir%\system32\drivers
3. Highlight and ‘Kill’ both MRXCLS.SYS and MRXNET.SYS
4. Reboot
5. Open an elevated command prompt and type the following and press enter:
a. SC delete MRXCLS
b. SC delete MRXNET
Note: This removes the service completely. System should be clean of Stuxnet now.

Read More

Rogue Antivirus Registered in Security Center

Rogue Antivirus Registered in Security Center


Symptom/Sign of Problem

A rogue antivirus shows in Security Center (XP/Vista), Action Center (Windows 7).


Fix Steps:
Step 1: Open Wbemtest
Click Start > Run (XP)
Click Start > Start Search (Vista)
Click Start > Search Programs and Files (Win7)

Type “wbemtest” and push enter.

Note:This utility must be run as administrator in Vista and Windows 7

Step 2: Connect to SecurityCenter using WBEMtest

Click Connect button
In the Namespace field type “root\securityCenter” and click Connect (XP & Vista Pre SP1).
In the Namespace field type “root\securityCenter2” and click Connect(Vista SP2 & Win7).


Step 3: Query SecuryCenter using WBEMtest

Click Query button
Enter query for the type of product it shows up under.(Antivirus, Antispyware, Firewall)

Select * From AntivirusProduct
Select * From AntispywareProduct
Select * From FirewallProduct

3.Click Apply

Note:A new “Query Result” window will open with 1 or more entries.

Step 4:Identify and Delete the Rogue Entry
1.Open each entry and exam the “displayName” property of each entry until you find the rogue entry. (Generally there’s less than 3 entries, so this won’t take long.)

2.Once you’ve identified the rogue highlight it in the “Query Result” window and press the delete button.

Note: When you open an entry a new window will open called “Object Editor for…”, you cannot delete the entry from this window.

Read More

AV not showing correct in Security Center

AV not showing correct in Security Center

Symptom/Sign of Problem

Windows Management Instrumentation Repository may need to be reset to refresh the current status of Security Center

You have installed and updated an antivirus and still if it is not showing in the security center

Fix Steps:

Step 1: (Fix for XP)

1. Close all unwanted programs by endtask in taskmanager

2. Open up a CMD prompt

3. Navigate to Wbem folder

CD %windir%\system32\wbem

4. Stop the WMI service along with Security Center
Net stop winmgmt

5. Type “y” to stop it

6. Delete the Repository folder

RD /q/s Repository

7. Refresh the repository

rundll32 wbemupgd, UpgradeRepository

8. Start the WMI service along with Security Center.
Net start winmgmt

Step 2: Fix for Vista/Win7

1. Close all unwanted programs by endtask in taskmanager

2. Open up a CMD prompt (Administrator)

3. Stop the WMI service along with Security Center

Net stop winmgmt

4. Type “y” to stop it

5. Reset the Repository

Winmgmt /resetrepository

6. Start the WMI service along with Security Center.
Net start winmgmt

Read More

Windows Explorer.exe File Sizes

Win7 SP0 32 bit 2,613,248

Update Exception (KB977074): 2,614,272

Update Exception (KB2515325): 2,614,784

Win7 SP0 64 bit 2,868,224

Update Exception (KB977074): 2,870,272

Update Exception (KB977074): 2,868,736

Win7 SP1 32 bit 2,616,320

Win7 SP1 64 bit 2,872,320

Update Exception (KB2515325) 2,871,808

Vista SP0 32 bit 2,923,520

Vista SP1 32 bit 2,927,104

Vista SP2 32 bit 2,926,592

Vista SP0 64 bit 2,926,592

Vista SP1 64 bit 3,080,704

Update Exception (KB958624): 3,087,360

Vista SP2 64 bit 3,079,168

XP SP0 IE6 996,352

XP SP0 IE7 1,000,960

XP SP1 1,004,032

XP SP2 IE6 1,032,192

XP SP2 MCE 1,032,192

XP SP2 IE7 1,033,216

XP SP2 64 bit 1,364,480

XP SP3 1,033,728

This table can be used to check virut infection in the pc for comparision.

Read More

Desktop.ini Opens on Startup

Desktop.ini Opens on Startup

Symptom/Sign of Problem

After doing a virus removal, particularly on un-hiding drives, the Desktop.ini folder opens on the desktop at boot-up

The Desktop.ini file is open in notepad when the system comes back from reboot

Fix Steps:
Step 1:

1. Go to Start -- All Programs -- Startup

2. If the desktop.ini file does not appear, right click and choose ‘Explore’ from the context menu, this will open the folder with the desktop.ini file

3. Right click the desktop.ini file and click ‘Properties’

4. Check the ‘Hidden’ attribute box.

5. Reboot. The file will no longer appear

Note: Do not delete this file if it is showing in the Startup folder as some important desktop settings may be present in this file

Desktop.ini. The content of the files looks like:

[.shellClassInfo]

LocalizedResourceName=@%systemRoot%\system32\shell32.dll, -21787

Read More

All Shortcuts Are Missing

All Shortcuts Are Missing

Symptom/Sign of Problem
All/most shortcuts are gone from the start menu and the desktop


Fix Steps:
Method 1:
Find and restore the Shortcuts
Note: The subfolders may have different names. Pay attention to the contents to help you identify where they belong.
Note: The \SMTMP folder name may change at any time!
Caution: The Start Menu and Desktop shortcuts belong in the %allusersprofile%, not the %userprofile%!
1. The ransomware backs up all the shortcuts to the user’s %temp% folder.
2. Navigate to %temp%\smtmp.
a. The subfolder named “1” should contain the Programs folder. This belongs in the “%allusersprofile%\Start Menu” folder (path in Vista/7 is %programdata%\Microsoft\Windows\Start Menu ). Copy the contents of “1” there. This will restore the start menu shortcuts.
b. The subfolder named “2” should contain “Show Desktop” shortcut. This is the Quickaunch toolbar shortcuts. Copy the contents of “2” to “%appdata%\Microsoft\Internet Explorer\Quick Launch”
c. The subfolder named “4” should contain the rest of the icons. These belong on the all users desktop. Copy the contents of “4” to “%allusersprofile%\Desktop” (XP) or "\Users\Public\Desktop" (Vista/7).

Method 2: Use Recuva when %temp% is cleared

1. Download Recuva to the customer machine and install it. Uncheck "Install Google Toolbar."
2. Click Cancel on the wizard.
3. Click on Options… >> Actions Tab. Check "Restore folder structure."
4. Run a regular scan on the system drive.
5. When complete, use the filter box in the upper right to filter "smtmp" (XP). For Vista/7 use “*.lnk”
6. Select all the files and recover them to a folder of your choosing.
7. Follow Method 1 using the folder you recovered to.
Warning: Do NOT perform a deep scan if you find nothing! This does not give different results and takes much longer!


Method 3: Restore Default Start Menu Shortcuts
1. Download Start Menus.zip to the customer machine and restore the appropriate folder.
a. XP: %allusersprofile%\Start Menu.
b. Vista/7: %programdata%\Microsoft\Windows\Start Menu

Read More

Desktop is missing

Desktop is missing

Symptom/Sign of Problem

Desktop is missing, meaning no icons
Unable to right-click on the desktop

Fix Steps:

Method 1:
1. Check and make sure that the "Hide desktop icons" is not checked when right clicking on desktop then View

Method 2:

1. Navigate to the following key:

a. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

2. Remove the following values from the key:

a. NoDesktop (modifying the value of the key from 1 to 0 also works.)

3. Reboot the system.

Read More

All System Files Hidden - Caused By HDD Cleaner Rogue

Symptom/Sign of Problem
» All of C:\ or Parts are Hidden
» Desktop and Start menu is completely missing
» Rogue.FakeHDD

Fix Steps:
Step 1: Repair Attributes
1. From the Root of OS drive, in an Elevated Command Prompt Run The Following Commands
a. Attrib %systemdrive%\*.* /s /d -h
b. Access denied errors are normal as well as "not resetting system file." It is ok to ignore.
Note: If you know that it is only the desktop affected etc, only run the above command on the affected folder.

Alternate Step:
1. From the Root of OS drive, in an Elevated Command Prompt Run The Following Commands

a. dir /ah /s /b %systemdrive%\*.* > list.txt
b. for /f "delims=" %a in (list.txt) do attrib -h "%a"

Note: That should resolve the issue. Please be aware that root directory command will take an arbitrarily large amount of time and so we've noticed that typically it doesn't not affect program files; mainly the user’s profile. So when appropriate, it will take a much shorter time to fix the profile than going through the whole drive.

Read More

IP address 0.0.0.0

IP address 0.0.0.0

First of all, disable and re-enable the connection. When you change the IP address from automatic to a fixed IP address while the adapter is not connected, you always get a 0.0.0.0 address at first when the adapter reconnects. If this doesn't solve the problem, read on.

Symptoms:

• You cannot obtain an IP address from the DHCP server. The IP address is 0.0.0.0.
• The DHCP service is not running, although it is set to Start Automatic.
• When you try to start the DHCP service, you get the error message: Could not start the DHCP Client Service on Local Computer. Error 1075: The dependency service does not exist or has been marked for deletion.

This problem can occur after uninstalling Norton AntiVirus, which sets the DHCP service as depending on itself. It can also occur when the computer name of the client computer is too long. Make sure that all computer names in your network are no longer than 15 characters.

First set a restore point, so you can undo your changes, should anything go wrong (Programs, Accessories, System programs, System restore).

After setting the restore point, to remove this dependency, do this:

• Click: Start

• Click: Run...

• Type: regedit

• Click: OK

• Navigate to the following keys in the registry:
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCP
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetBT

• For each of these, on the right side, double-click: DependOnService

• Delete any lines containing either SYMTDI or NISDRV.

• Click: OK

• Close the Registry Editor.

• Reboot.

Read More