Endpoint Protection

 View Only

  • 1.  Can't re-install SEP

    Posted Nov 02, 2011 10:28 PM

    Hi all,

     

    SEP became disabled on my PC by a particularly nasty virus attack.  Once I had dealt to the virus(es) I now nee to re-install SEP as the malware disabled the RT protection.

     

    It always rolls back the install at the last hurdle.

     

    I have tried

    • using cleanwipe to uninstall, several times
    • unistalling and re-installing Live Update manually, several times
    • ensuring that the msxml files are registered and updated

     

    here is the extract from the SEP_INST.LOG just above andf below the RETURN VALUE 3 line.

     

    Would be great if someone can help.

    restoreSPState: called
    restoreSPState: calling loadEventManagerDLLs
    loadEventManagerDLLs: called
    serviceIsRunning: OpenService FAILED with error 1060
    LoadEvtMgrDll: ccEvtMgr is not running
    serviceIsRunning: OpenService FAILED with error 1060
    SendReload: ccEvtMgr is not running
    loadEventManagerDLLs: FAILED to send reload event
    loadEventManagerDLLs: exiting
    restoreSPState: Changing service configuration to SERVICE_DEMAND START for SPBBCSvc
    modifyServiceConfiguration: OpenService() FAILED with error 1060
    restoreSPState: Unable to modify configuration for SPBBCSvc
    restoreSPState: Value of szSPState "0"
    restoreSPState: SPState is NOT set to 1. NOT Calling startSP
    restoreSPState: exiting
    MSI (s) (D0:CC) [14:18:47:346]: Executing op: ActionStart(Name=checkMSXMLVersion.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
    MSI (s) (D0:CC) [14:18:47:346]: Executing op: ActionStart(Name=RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
    MSI (s) (D0:CC) [14:18:47:346]: Executing op: CustomActionRollback(Action=RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,ActionType=1345,Source=BinaryData,Target=cleanupFolder,)
    MSI (s) (D0:34) [14:18:47:424]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSIB5.tmp, Entrypoint: cleanupFolder
    InstSymProtect::cleanupFolder() -> called
    DeleteFolderIfNoFileExists: Driver file is not present.
    DeleteFolder: FAILED to delete directory C:\Program Files\Common Files\Symantec Shared\SPBBC
    DeleteFolderIfNoFileExists: SHDeleteFolder FAILED
    InstSymProtect::cleanupFolder() -> DeleteFolderIfNoFileExists FAILED
    MSI (s) (D0:CC) [14:18:48:414]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
    MSI (s) (D0:CC) [14:18:48:414]: Error in rollback skipped.    Return: 5
    cleanupFolder:  exiting
    MSI (s) (D0:CC) [14:18:48:477]: Calling SRSetRestorePoint API. dwRestorePtType: 13, dwEventType: 103, llSequenceNumber: 16, szDescription: "".
    MSI (s) (D0:CC) [14:18:48:853]: The call to SRSetRestorePoint API succeeded. Returned status: 0.
    MSI (s) (D0:CC) [14:18:48:853]: Unlocking Server
    MSI (s) (D0:CC) [14:18:48:853]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
    Action ended 14:18:48: INSTALL. Return value 3.

     

     

    thanks.



  • 2.  RE: Can't re-install SEP
    Best Answer

    Broadcom Employee
    Posted Nov 03, 2011 05:59 AM

    Hi,

    You can follow the steps suggested in this thread

    https://www-secure.symantec.com/connect/forums/trojanzeroaccess-problem

    If you could give few more information it would be great.

    On which OS you are trying to deploy SEP client ? SEP client version ? 



  • 3.  RE: Can't re-install SEP

    Trusted Advisor
    Posted Nov 03, 2011 01:20 PM

    Hello,

    What Operating System are you trying to install the SEP 11 on??

    As per the Logs provided we see as below:

    restoreSPState: Changing service configuration to SERVICE_DEMAND START for SPBBCSvc
    modifyServiceConfiguration: OpenService() FAILED with error 1060
    restoreSPState: Unable to modify configuration for SPBBCSvc

    Solution:

    Try to install SEP on the machine with Local Administrator account. 

     

    Hope that helps!!



  • 4.  RE: Can't re-install SEP

    Posted Nov 03, 2011 01:37 PM

    Go to device manager do scan for changes

    under driver look for SPBBCSvc delete it

    remove all files and folders for sep from

    c:\program files

    c:\program files \common files

    c:\doc and settings\all users\appdata

     

    go to reg back up :-

    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager in the right pane look for pending file delete it

    and then reinstall sep



  • 5.  RE: Can't re-install SEP

    Posted Nov 03, 2011 08:22 PM

    Try this also

    Open device manager

    Go to view and select show hidden devices.

    Go to Non-plug and play drivers and under that check any drivers related to Symantec like SPBBC is present or not

    If present delete it, then restart your computer and try to install SEP.



  • 6.  RE: Can't re-install SEP

    Posted Nov 06, 2011 10:02 PM

    Thanks Chetan.

     

    Used NPE and SPE to ensure teh system was clean.  Deleted the following files and folders;

     

    • C:\Program Files\Symantec
    • C:\Program Files\Common Files\Symantec Shared
    • C:\Documents and Settings\All Users\Application Data\Symantec

    and have now successfully re-installed SEP.

     

    thanks everyone for your help. smiley