Symantec Liveupdate broken...

[[DOT].L]

Last night, I unexpectedly caught some viruses while getting photos from a relative's USB device. I was able to get rid of them by deleting from the infected file folders and the registry. After manual deletion, I wanted to run a virus scan just to make sure I didn't miss any so I launched my Symantec Anti-virus Corporate Edition (8.1.0.821). I tried to update via Liveupdate, and got the an error basically telling me my Liveupdate broke and I should re-install it.

I went on to the Symantec site and downloaded the installation program, but during installation I got this error (I'm running a Chinese system at the moment, so the warning messages are all in Chinese. I can only translate to the best of my abilities) :

Quote:

LUCOMS~1,EXE - Application Error

Application File failed to initialize (oxc00000ba).

Followed by:

Quote:

Installer Error 10:

The Liveupdate installation failed because Liveupdate was not able to register one of its components. You need to have write access to the registry to install Liveupdate.

So this is telling me I need to be an administrator. But I am already one.

The above errors forced me to abort the installation.

After a couple of hours, I tried Liveupdate again, hoping I would get lucky. But I get the following error:

Quote:

LU1803: Liveupdate failed while getting your updates.

Liveupdate had an internal error while getting your updates. Your Symantec programs were not updated.

You should try getting updates at a later time. If Liveupdate fails again with this error, you should reinstall Liveupdate.

I looked around online for possible articles on this problem, but none of their solutions worked.

As always, any help is welcome.
Thanks.

[Zero Shinohara]

Hmm... I'm at a loss in here. The worse I've ever gotten was a pretty nasty problem with Autoprotect not wanting to initialize, but that was the Norton installation's fault.

Have you tried uninstalling NAV completely and doing a fresh install again? I don't think you need to go through the activation process again if you don't erase the registry entries, so you don't need to lose an activation for that. But I could be wrong, so please correct me if I am.

Also, before that you might want to try doing a virus scan in Safe Mode. While the PC is booting, press F8 a couple of times until it takes you to the boot options and choose Safe Mode. Run it and see if it gets fixed. If it doesn't, try running on Safe Mode with Network support, connect to the internet while you're at it and run LiveUpdate.

If none of these work, then do a fresh installation. I know that some viruses affect the way antiviruses work so they can't be detected or are rended useless, so reinstalling could be the only way.

Good luck and keep us posted.

[[DOT].L]

Quote:

Originally Posted by Zero Shinohara

Hmm... I'm at a loss in here. The worse I've ever gotten was a pretty nasty problem with Autoprotect not wanting to initialize, but that was the Norton installation's fault.

Have you tried uninstalling NAV completely and doing a fresh install again? I don't think you need to go through the activation process again if you don't erase the registry entries, so you don't need to lose an activation for that. But I could be wrong, so please correct me if I am.

Also, before that you might want to try doing a virus scan in Safe Mode. While the PC is booting, press F8 a couple of times until it takes you to the boot options and choose Safe Mode. Run it and see if it gets fixed. If it doesn't, try running on Safe Mode with Network support, connect to the internet while you're at it and run LiveUpdate.

If none of these work, then do a fresh installation. I know that some viruses affect the way antiviruses work so they can't be detected or are rended useless, so reinstalling could be the only way.

Good luck and keep us posted.

I really, really, really want to do a fresh installation, but I can't. I'm not the one who set up the system I'm currently using, and from what I can tell the system was installed via some strange method I'm not familiar with at all. According to my dad (who arranged for the installation), there is no disc for the anti-virus program on the computer.

I will try safe mode the next time I start up the system, but I doubt it'll do me any good. It's already past midnight where I'm at and the godamned mosquitoes are making a hell of a meal out of me, I'm gonna get my electric fly swatter and get me some sleep. Will check back 12 hours later.

[Zero Shinohara]

Haha, good luck. I used to live at a place where we had lots and lots of mosquitoes as well, so I know your pain.

Anyway, you don't actually need the original installation CD as long as you have the original Serial number. If everything else fails, you can probably uninstall it and download the installer off of some torrent website.

Although I do understand that you might get in trouble for doing that, I'll add that the norton installed in all three of my PCs was downloaded off BitTorrent and I just paid for the Serial #s. It sucks that you have to pay like 3 or 5 bucks to download it off of Symantec's website and after X days you'll have to pay in full for it.

But if everything else fails... well, that I don't know <<

[Ledgem]

I use Symantec Corporate Edition, but it should all be the same when it comes to LiveUpdate. I had an issue where live update wasn't updating anymore, and it'd give me an error about not being able to find the service or something like that. I don't believe it was virus-induced, but these days it seems like the best indicator of a viral infection is the fact that your virus scanner stops working.

If I remember right, the way I fixed it was just by reinstalling Symantec. I don't believe that I did an uninstall beforehand... uninstalling security software is a real pain. I think that fixed the problem. I may be remembering it wrong, though... either way, I found the solution (or something resembling it) on Symantec's site by Googling for the error message it'd give me. I guess it's a relatively common problem?

Good luck! Troubleshooting things on your own computer is one thing, but when you're working with a system that isn't yours and your hands are tied, it's a whole different game. While I love tinkering with my own systems, I can't stand administering someone else's computer (unless I administered it in the first place). Too many unknown's. Add in the fact that you have those mosquitoes, and... well, if you can make it out successfully, I think you'll have the respect of everyone here

[[DOT].L]

I think I made some progress since the error I got this morning was an Error 9 telling me I don't have the rights or permission to install Liveupdate.

[[DOT].L]

Woot! Progress! (well, sort of)

This shit just gets more and more bizarre.

Afters days of searching for a solution and coming up with nothing, I decided to try an old technique I favoured in the past: manual deletion. I deleted the Liveupdate folder along with all of the liveupdate components I could find (including registry files). Once again, I visited the symantec website to download the installation file, and BOOM!

My computer exploded....

Okay, no, it didn't. What happened was that the installation worked! I followed the instructions and ran through the setup process, all without a single hitch. As a last step, I restarted my computer as instructed.

And here I am all happy and relieved, thinking I've finally fixed the problem. But what the Devil in blue Hell, after the restart Liveupdate broke again when I tried to run it through Symantec Corporate. The same old LU1803 error.

Confused, I ran through the whole deletion and installation process again. This time though, after I finished installing, I didn't restart right away and ran Liveupdate through Symantec Corporate. And what do you know, the whole thing worked like a hot knife on butter, smooth as jelly, a dead body tied to a speeding car, whatever you wanna call it. So I restarted again, thinking this time there's no mistake that it'll work. And to my horror and utter disappointment, it failed me yet again.

It would seem that once I freshly installed Liveupdate, it'll work for just that session alone. After restart, it would somehow screw up again.

This whole shit is so weird it's like eating a pizza with tofu as its topping.

[Ledgem]

Are you sure that the system is clean? I'd suspect either malware, or perhaps a firewall kicks in. Have you tried running a scan after the definitions have been updated? Perhaps from safe mode?

[Zero Shinohara]

I agree with Ledgem on this and, from what you've told us, I can be pretty sure that there's something fux0ring your LiveUpdate whenever you turn the computer on.

Have you tried to look in your MSConfig/Startup options to see if there's anything that shouldn't be there? Try taking some stuff out and testing. But if you want my opinion, it might just be easier and way faster to backup everything and format the machine. I say this because you're looking into a long and tedious process of deleting/reinstalling/testing for each program you remove.

And to tell you the truth, I would have done that from the start, lol.

[Ledgem]

Problem is that he can't do a format, as he's said that he's not the owner of the system. It makes things really difficult, as that also limits some of his other options as well.

[[DOT].L]

Firewall: Not an issue. I've tried running Liveupdate with both Windows and router firewall disabled. No results.

Msconfig/setup: Nothing suspicious after careful inspection, although Liveupdate's status under the "Services" (i think that's what it is for English systems) tab is disabled/not in use.

Format: Out of the question. Besides, I'm not the one who uses that PC on a regular basis. To format just because Norton Liveupdate isn't working is kind of silly. Worst case scenario, I'll just reinstall the damn thing whenever I feel like updating.

Virus/malware scan: I will do that tonight. Doubt it'll turn up anything, though.

EDIT - I've finished the scans. Nothing from Symantec Corporate with the latest virus definition installed. Spybot: S&D found a few adware, and I've removed them via the program. Restarted system. Launched Liveupdate, and same error.

[[DOT].L]

Okay, you know what? Scratch everything I said about the system being clean.

All the godamned viruses are back, and this time I can't seem to get rid of them.

Also, Symantec is complete dead this time round.

Christ.

EDIT - I somehow managed to survive. Damn, these things are relentless. I have a feeling they're still hiding somewhere in my system.

[WanderingKnight]

Quote:

EDIT - I somehow managed to survive. Damn, these things are relentless. I have a feeling they're still hiding somewhere in my system.

They probably are. Cleaning up viruses that had some time to run loose is a tough chore... probably one of the most tedious there are, and probably the only thing I truly despise when it comes to fixing PC problems. The thing is, if the viruses know what AV you're using, they probably know how to override it (as you already found out). I've always had a lot of trouble trusting AVs as virus removal tools.

[Ledgem]

Antivirus programs are only good if they can catch the infection before it happens. Even then, half the time they seem unable to do something as simple as deleting a file - but at least they tell you where it is so that you can do it yourself. As I've said before, their only true use is in knowing for sure that you're infected. Once they start acting up, you know something's there!

I use the Corporate Edition of Symantec, what version are you using? I don't know if there's this option in the Home edition, but there is an option for "tamper protection" which would basically protect the program from being modified by viruses (ideally... remains to be seen if it'd really work). If I remember right, I think it was disabled by default (wtf? Maybe I was infected, haha). I guess it's too late now, but it may be worth it to see if you have a similar option, and switch it on whenever you can.

Best of luck. If you have access to a CD burner, certain LiveCD versions of Linux come with ClamWin. If you can mount the NTFS partition properly, you can scan it and "nuke the viruses from orbit" as it were. The only potential problem with this approach is that, since you'll be viewing a cold XP partition, it's possible that you'd delete/modify a critical file, which would cause problems for Windows to start up. But you'd be doing the rest of us a favor by taking a compromised system off the net, if nothing else.

If you have an XP CD with you, then you wouldn't need to worry. Clean the system, and if XP doesn't boot, just repair the partition - a painless process that won't cause data loss and won't change the registry or anything. I can give you instructions on it if you need.

[WanderingKnight]

Quote:

Best of luck. If you have access to a CD burner, certain LiveCD versions of Linux come with ClamWin.

I haven't tested it myself, but Knoppix is supposed to help in these situations.

[[DOT].L]

I am totally awesome.

Rigorous searching finally pays off. First, I came across an article that detailed every action the virus took after infecting systems, such as which files it created and where. Apparently, it created files that hid as system .dll files in my internet explore folder and replicated itself in my registry. I manually deleted all of the listed viral files in the registry and harddrive. Seeing how the viral files were of .dll format, I used Process Explorer to check out everything that was running. In explore, I found a little something that looked very suspicious. It ran under the file name of Relive.dll. If one does a google search right now for the file, one would get tons of results for it claiming it is a virus (a trojan downloader to be exact), but two weeks ago when I did the search there were but three results that linked to a Chinese message board that tells absolutely nothing about the file. The results more or less confirmed my suspicious about this being part of the virus. It was located in the Common Files folder, and manually deleting it did no good. Suspecting that it is using .dll injection technology (I've had past experiences with viruses that used this technology), I launched Shell Extension View and disabled it via that program. After restart, I was able to successfully remove it. (all this was done in offline mode, I also used safe mode to disable some things in misconfig prior to this, but that's not really important)

Now that wasn't the end of the story. Not knowing whether it would come back, I gave it about a week to see if I had completely wiped it out this time around. After about a week and a half it still didn't come back, so I decided to try Liveupdate again. While Liveupdate would install, it still had the same problem as before. Luckily, I managed to get my hands on a older version of Liveupdate (the version that ran on the system before the infection) and that somehow fixed the problem. I don't really know why the newer version keeps dying on me, but the older version works so I'm not gonna complain.

That's it. Problem fixed. Yay