Symantec's Rootkit

[Guest]

Symantec has admitted using a Rootkit syle procedure to hide thier NProtect
folder in Systemworks after it was discovered by F-Secure and Mark
Russinovich from Sysinternals. I'd always wondered why its so difficult to
fully remove Norton from the system, I should point out they have addressed
the problem and issued a fix but I thought it may interest some regulars
here.

The funny part is they claimed it was to protect the user from deleting
Norton by mistake but they are there to detect and remove these not install
their own )

Full Story Here :

http://www.eweek.com/article2/0,1895,1910077,00.asp

Andy

 

[plun]

Hi Andy

With this super special secret tool from Symantec
it´s easy to remove "Njortons" junk.

http://service1.symantec.com/SUPPOR...f&view=docid&dtype=∏=&ver=&osv=&osv_lvl=&seg=

About bloatware:

http://en.wikipedia.org/wiki/Software_bloat

Over and out........

Nevertheless Njorton 2006 seems to better..........

And about Nortons protected dustbin.......... huh ! ;(


regards
plun

AndyManchesta has brought this to us :

 

[Guest]

Hi Plun

I had to use the 'SymNRT' remover and their batch file and reg fix on 2
machines to try get rid of Norton (SystemWorks and Internet Security) as the
Add/Remove screen entries did nothing if I tried to remove them and I still
had Norton files and folders left on the system in the application data area
and also still had Symantec running services on the system,

One of the machines had problems after removing Norton such as constant
error messages about Windows Installer when trying to open other programs, I
downloaded the Windows Installer again and made sure it was running as a
Automatic service but it kept stopping and going disabled which I ended up
doing a fresh install of Windows as it was quicker than trying to find the
cause of the problems,

on the other machine the Recycle bin still says Norton Protected Recycle Bin
even after all their files and folders have been removed which I could maybe
fix my deleting the bin but Im glad I removed them as the machines are
running alot faster now and their programs are more difficult to fully remove
than most malware, The only thing I missed was the password manager but
replaced that with Roboform so I have super fast machines now running CA's EZ
Antivirus (12 month free trial) & ZoneAlarm's Free protection )

Sysinternals findings are probably the reason I had so many problems
removing their programs and the 'SymNRT' remover doesnt fully remove Nortons
files and Services from the system and caused instability problems on one of
my pc's which led to a fresh install on Windows.

Regards

Andy