how to install sep now

Bijay.Swain's picture
Bijay.Swain
October 15th, 2009

I have a problem on a windows xp sp2 machine.on which sep was installed and was updated daily from sepm . but today suddenly sep stoped working. I was even unable to  open the sep gui . it gave some error as unable to start the smcgui service. so I removed sep and tried to install install it again but to my bad luck it gave error as  unable to find the msi file of the installer and location of the file is temp directory. I browsed the directory and was surprised to see no msi installer of sep there . it is deleted auto matically. one thing I noticed that everytime i try to install sep drwatson starts automatically.

i checked the drwatson.exe file in virustotal but no one detected it.

how to install sep now.

Filed under: , , , ,
0 votes
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP
5 weeks 5 days ago

Run NSS and see it something

Run NSS and see it something gets detected. 

Celebrating 2 years as a community member....

0 votes
Prachand's picture
Prachand
5 weeks 5 days ago

drwatson.exe  is the exe for

drwatson.exe  is the exe for Dr Watson that is a diagnostic tool that gathers information about your computer when a problem occurs with a program. It is not a THREAT.

http://support.microsoft.com/kb/185837

Paste the SEP _Inst.log

Also it is not recommeded to uinstall the Antivirus program if there is a  an infection or you suspect infection on the machine

Prachand Kumar
MCSE-2003 Symantec Technical Specialist (SCTS)

0 votes
Prachand's picture
Prachand
5 weeks 5 days ago

If you are suspecting an

If you are suspecting an Infection run NSS

ftp://ftp.symantec.com/misc/tools/nss/NortonSecuri...

Prachand Kumar
MCSE-2003 Symantec Technical Specialist (SCTS)

0 votes
Bijay.Swain's picture
Bijay.Swain
5 weeks 5 days ago

I don't think it is an

I don't think it is an infection. and if it is then symantec is unable to detect it  as Sep was fully updated before it stoped working.

0 votes
Happytohelp's picture
Happytohelp
5 weeks 5 days ago

 IF you think this is virus

 IF you think this is virus infection then plz submit the file to https://submit.symantec.com/gold

0 votes
snekul's picture
snekul
5 weeks 5 days ago

Assuming there is not an

Assuming there is not an infection, the MSI installer service could be having problems.  Can you install any MSI files successfully?  Can you run cleanwipe and then install SEP again?

Eric C. Lukens
IT Security Policy and Risk Assessment Analyst
University of Northern Iowa

0 votes
Bijay.Swain's picture
Bijay.Swain
5 weeks 5 days ago

HI Happy                I am

HI Happy
               I am unable to find the infected file as in task manager nothing extra runs except drwatson.exe .
how to know which file is infected.

in another machine I found some files not detected by syamantec. submited to security  response and Tracking #13257944

0 votes
Happytohelp's picture
Happytohelp
5 weeks 5 days ago

 Hi the file you submitted

 Hi the file you submitted are still undetermined.. Based on the file submitted is suspect this a new variant of trojan.clampi.gen..
you will still need to find the source file because the file you submitted are i presume from temp folder.. You can run loadpoint & send the logs me & i will tell what all file you need to submit..

0 votes
Prachand's picture
Prachand
5 weeks 5 days ago

The files  were submitted 25

The files  were submitted 25 mins ago you need to wait while the files analyzed.

Out 0f 6 files that were submitted 3 are corrupt they are 30.exe , 83.exe and 15.exe  is corrupted. Please delete this file, and re-copy the file from a known clean backup.

Prachand Kumar
MCSE-2003 Symantec Technical Specialist (SCTS)

0 votes
Bijay.Swain's picture
Bijay.Swain
5 weeks 5 days ago

Hi happy            I will

Hi happy
           I will run the esuglpdu2.8    and let you know but while running nss.exe it gives an error as it is expired i tried to doenload it from ftp site but after downloading it says it is currupt.i tried 3 times but same error.

where to download a good one and why it is expired after some days.

and prachand
the files i submited are from system32 directory. not from temp.
other av s are detecting these.

0 votes
Bijay.Swain's picture
Bijay.Swain
5 weeks 5 days ago

fINALLY NSS IS WORKING

fINALLY NSS IS WORKING NOW.
BUT WHY IT SHOWS EXPIERED AFTER SOME DAYS.

0 votes
Prachand's picture
Prachand
5 weeks 5 days ago

There could be  a possiblity

There could be  a possiblity that you may be running an OLD setup for NSS that's the reason it was showing as expired

Prachand Kumar
MCSE-2003 Symantec Technical Specialist (SCTS)

0 votes
Bijay.Swain's picture
Bijay.Swain
5 weeks 4 days ago

Finally I installed sep on

Finally I installed sep on that client .

First I installed sep as unmanaged from the cd then updated it through lates intelligent updater which detected some threats as infostealer. after this I used sylink droper to make it managed.

Now client is running.
But confused why sep failed to detect that virus while it was running with full update. how the threat got entered to the machine.

0 votes