1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Fake App Attack: ErrorDoctor Executable Download

Fake App Attack: ErrorDoctor Executable Download

Severity: Medium

This attack could pose a moderate security threat. It does not require immediate action.

Description

This signature detects activities of misleading application ErrorDoctor.

Additional Information

When the program is executed, it creates the following files:

* %SystemDrive%\Documents and Settings\All Users\Desktop\ErrorDoctor.lnk
* %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SoftwareDoctor\ErrorDoctor\ErrorDoctor.lnk
* %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\SoftwareDoctor\ErrorDoctor\Uninstall.lnk
* %ProgramFiles%\SoftwareDoctor\ErrorDoctor\ErrorDoctor.exe
* %ProgramFiles%\SoftwareDoctor\ErrorDoctor\icon.ico
* %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
* %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
* %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
* %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
* %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
* %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
* %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
* %CommonProgramFiles%\InstallShield\Professional\RunTime\iKernel.rgs
* %CommonProgramFiles%\InstallShield\Professional\RunTime\IsProBE.tlb
* %CommonProgramFiles%\InstallShield\Professional\RunTime\Objectps.dll



Next, the program creates registry entries under the following subkeys:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B74DE36A-B95C-49A1-8F41-A09F3D187747}
* HKEY_LOCAL_MACHINE\SOFTWARE\ErrorDoctor
* HKEY_LOCAL_MACHINE\SOFTWARE\SoftwareDoctor
* HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\SoftwareDoctor
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00345390-4F77-11D3-A908-00105A088FAC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00A0DBE3-B12E-4DC3-8C27-4197CA4DF76B}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{084A0737-26B9-4433-8007-A9161333B5FC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0E67BBC9-18CB-4B22-BACD-687CDF6387B6}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1169A235-14D9-4488-8B56-58ECE9C57002}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{16344B6E-52E1-4BBC-AA79-E08B10B7BAB9}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{17773851-7FF4-44C1-B084-1E1EDB2BFD4D}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AE441C6-2C13-49CE-909A-57A81F74F38E}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1ED19966-1493-4539-B9F5-97A6556CE8F8}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F1ABEE7-FEDB-45AF-A01B-0B4DE6887573}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21D98482-146C-4EBF-AF1E-B04395110005}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{229A85A7-2F77-42A2-8CBD-01DD1C09BC88}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A652F47-A8CE-414C-BBB4-203A59031056}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C43BBA2-9E93-4758-8669-ADCE56687E0C}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DFE4F8F-A5A1-4ECA-9A50-E5CF9BA836E9}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4898D118-1D1E-4A2D-A8A3-4A75BF333CD5}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4C5C8B37-CCB7-11D5-ABEC-00B0D0238DF5}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D08A70C-42E4-4238-AF79-7A7485C66EE2}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E26CAD5-1B59-4D1D-9063-2D91314C9E45}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{517F778C-078D-4D33-953B-AFBF1720C947}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5331F72D-17F1-4D16-A17A-F190461343BF}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5469EE67-1493-402F-8E2C-99936C9E4983}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6D0A2C7B-875F-40E7-B7BE-2E909A3A9026}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6FFDEFD7-3EC4-4E5A-9EFC-AD04E14A9934}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76D230AA-FC0C-4DD4-BF9E-4032D60369F1}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B288F47-79AB-43A8-8494-D9F4D5985B29}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7FA3F3D3-7B9E-4F51-9448-3642B544CEBD}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{87B24642-366E-4393-851A-B6CEC5D7E641}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C22668A-D7D8-42F5-99E8-4F30ED0D18B0}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E156322-57D4-448B-BAB4-35DC0C7ADF53}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{91CD1F51-7199-46FA-9629-9C89D2F1AE22}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{963DFD8C-2E6A-4DB4-BCB3-9D5C78142E41}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9AEE3F7A-A79F-4B41-BC48-E7946FFEAB35}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BD0749C-12DC-4D2B-A4F6-9E52F0F38A6C}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9D1BC05A-7056-458F-B605-A6298C8BD4B1}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E274DCA-9B35-4B99-904F-76F2C5B59F76}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A06D036F-984F-4482-AD5C-EBD11A638B4C}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A36ECFBE-FAAA-417D-9D41-7FEF98FDE554}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A434AC6F-7286-42C3-982B-20F00263501B}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A74C06E4-12DF-4060-9AA7-83CFAA66D604}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABF74802-8E5B-44EA-880E-8E128A06A113}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B0D1DB92-DE05-4926-A5DC-01F3F9857587}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B12A5014-0AA8-451A-B621-F717998B0B53}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B310295D-E006-4E5A-9CBE-FA7C092F2FC3}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4D3EAE5-8A3A-4376-8B65-6A81293EDB1D}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA24E1DA-9E87-4502-9AF0-B5DDFA6D6B23}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD307C4E-6FC9-40FB-B15E-BEC6851EF52C}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE0B3F76-166A-4DA5-A97C-318595E3D15C}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4143914-2238-40F8-A74C-67C4B8ACB27A}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5A786B9-3BD6-4A4E-B4D7-9B752138DC4B}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C8D5B971-D521-4113-82D6-869817B452DE}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D044D89C-01E4-4722-8812-8DF543680606}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2A3A842-FBA3-49D4-8806-7734716364A2}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D3E78B93-4B65-405D-9095-E82B78555173}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBBBE57D-A05D-43EC-8408-ED3EAA713963}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3CD7A86-04E4-4B47-88E8-3EE03A3DEE56}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E6857874-B535-46D7-A3EB-4103614E91FC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ECBE1E54-3649-4287-9888-D9FB133CAE0D}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F8CB9A40-3665-4D33-B239-32CA4C7B8DEA}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FBD42940-B837-40EB-BDB4-86AE00E1D0D1}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{94636247-BC39-4B8B-A728-2D1FBEBFA76A}



It also modifies the following registry entries:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\"iKernel.dll" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\"Setup.dll" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\"DotNetInstaller.exe" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\"iscript.dll" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\"ctor.dll" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\"iuser.dll" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\"IGDI.dll" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\"IsProBE.tlb" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\"objectps.dll" = "1"
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\InstallShield\Professional\RunTime\"IKernel.rgs" = "1"

Affected

  • Windows 98
  • Windows 95
  • Windows XP
  • Windows Me
  • Windows Vista
  • Windows NT
  • Windows Server 2003
  • Windows 2000

Response

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube