Jump to content
Krusty

Remove Norton 360 from Windows Security Center

Recommended Posts

Posted (edited)

Hi Guys and Gals,

I must have installed and uninstalled Norton a hundred times over the years but I've never ran into this.  For those who don't know, I help out on their forums.

After uninstalling Norton, then using their Norton Remove & Reinstall Tool in Advanced, Remove Only mode I tried installing Malwarebytes Windows Firewall Control.  Please note, I am not asking for support for WFC, just that WFC brought this issue to my attention.

I get this as per screenshot.

1812960897_N360inWindowsSecurityCenter.PNG.404281a5629c06ec8e03b4e4dd1c0ae6.PNG

I've been through the registry and deleted all found keys for NS and N360.  I have searched 'C' drive and deleted every found file and folder for both, yet I still get the same message from WFC installer.

Contacting their Customer Support was a waste of time.

I've ran Tweaking.com Windows Repair.  Didn't help this issue.

I've tried reinstalling Norton 360 and uninstalling with Revo Uninstaller.  No good.

I'm at a loss what to do next.  I ignored the warning once but was getting connection errors just about every time I opened a browser.

Not knowing what potential damage I may have caused by deleting reg keys and files / folders I have restored to a known working condition with Macrium Reflect.  Norton Security is currently back on the machine and I don't appear to be having connection errors.

So I'm wondering (and hoping) if one of the forum experts familiar with FRST could create a script in FRST to remove Norton 360 from registering in Windows Security Center?  I'm not at all familiar with FRST so I'm not sure if that is even possible.

Much appreciation from anyone who can assist.

Thanks,
Krusty

Edited by Krusty

Share this post


Link to post
Share on other sites

Hello @Krusty

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Share this post


Link to post
Share on other sites
Posted (edited)

Greetings,

I believe that the Security Center status is determined by data accessible and controllable through WMI and that it can be reset by following the instructions in this tutorial however I would recommend first uninstalling your Norton product normally (without using the Norton Removal Tool), restarting the system, then checking to see if any entries for Norton still exist in the Windows Security Center and if they do, then follow the instructions in the tutorial I linked to in order to try and reset it back to defaults.

edit: Apologies, I did not realize someone else was responding.  Please follow AdvancedSetup's advice above and I'm sure that he can assist you in resolving the issues you are experiencing.

Thanks

Edited by exile360

Share this post


Link to post
Share on other sites
11 minutes ago, AdvancedSetup said:

Hello @Krusty

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Hi Ron,

Should I uninstall Norton Security first?

Thanks,
Krusty

Thanks @exile360

Share this post


Link to post
Share on other sites

What is the ultimate goal?

Trying to use the Malwarebytes Windows Firewall Control over the Norton?

Personally from my experience (quick and limited) the firewall control from Norton is probably as good or better but don't hold me to that.

I would go ahead and uninstall Norton and use their removal tool as well. Then reboot and run FRST and post back both logs so that I can review the logs

 

 

 

 

 

Share this post


Link to post
Share on other sites
2 minutes ago, AdvancedSetup said:

What is the ultimate goal?

I'd like to run with Windows Defender + Malwarebytes and would like WFC to block CCleaner and a few others from accessing the internet.

 

3 minutes ago, AdvancedSetup said:

Personally from my experience (quick and limited) the firewall control from Norton is probably as good or better but don't hold me to that.

That is probably true, but it is becoming quite expensive now that they've included the VPN, which leaks like a sieve by the way.

 

4 minutes ago, AdvancedSetup said:

I would go ahead and uninstall Norton and use their removal tool as well. Then reboot and run FRST and post back both logs so that I can review the logs

OK, be back soon.

Share this post


Link to post
Share on other sites

I'm having connection issues on that machine again so I copied the files on to another.

Please find attached FRST.txt and Addition.txt

FRST.txt Addition.txt

Share this post


Link to post
Share on other sites

The Event Logs shown in the FRST logs indicates some issues that may or may not be all that critical but should be reviewed and if possible to fix should be fixed.

 

Quote

==================== Event log errors: ========================

Application errors:
==================
Error: (03/02/2020 05:52:26 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/02/2020 05:52:26 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/02/2020 05:31:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (03/02/2020 05:31:35 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (03/02/2020 04:24:12 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialised.

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2020 04:24:12 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialised.

Context: Windows Application

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2020 04:24:12 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialised.

Context: Windows Application, SystemIndex Catalogue

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (03/02/2020 04:24:12 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialised.

Context: Windows Application, SystemIndex Catalogue

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)


System errors:
=============
Error: (03/02/2020 06:19:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/02/2020 06:19:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDFsFilter service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (03/02/2020 06:16:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/02/2020 06:16:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDFsFilter service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (03/02/2020 06:16:09 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service BITS with arguments "Unavailable" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (03/02/2020 06:16:05 PM) (Source: DCOM) (EventID: 10010) (User: DAVID-HP)
Description: The server Microsoft.Windows.Cortana_1.13.0.18362_neutral_neutral_cw5n1h2txyewy!CortanaUI#{3F907E72-9FF8-497A-8837-356CFF4E43D7} did not register with DCOM within the required timeout.

Error: (03/02/2020 05:52:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/02/2020 05:52:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDFsFilter service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

0patch looks to possibly be having an intermittent issue. I've seen this even with Malwarebytes and it does not appear to be a huge issue but again, should be looked at to ensure it's working properly.

 

Quote

CodeIntegrity:
===================================

Date: 2020-03-02 18:23:48.221
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll that did not meet the Windows signing level requirements.

Date: 2020-03-02 18:21:55.525
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll that did not meet the Windows signing level requirements.

Date: 2020-03-02 18:21:54.850
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-03-02 18:21:54.264
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-03-02 18:21:47.660
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll that did not meet the Windows signing level requirements.

Date: 2020-03-02 18:20:15.949
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll that did not meet the Windows signing level requirements.

Date: 2020-03-02 18:19:54.320
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-02 18:19:47.756
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\0patch\Agent\0patchLoaderX64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

Do you really need CCleaner anymore?
https://helpdeskgeek.com/free-tools-review/why-you-shouldnt-download-ccleaner-for-windows-anymore/

Here’s What You Should Use Instead of CCleaner
https://www.howtogeek.com/361112/heres-what-you-should-use-instead-of-ccleaner/

 

Compared to a program like uBlock Origin the SuperAdBlocker from 2011 is wasting resources on your system.

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)

 

 

Please run the following FIX

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Thanks

 

Share this post


Link to post
Share on other sites

It says the Fixlist.txt is unavailable, Ron.

Share this post


Link to post
Share on other sites
Just now, Krusty said:

It says the Fixlist.txt is unavailable, Ron.

@AdvancedSetup will need to move the topic to the malware removal forum so you can download the fix list.

Share this post


Link to post
Share on other sites

Sorry about that. We've locked down the forums to stop another forum of abuse we were having. Try to download now please.

 

Share this post


Link to post
Share on other sites
1 minute ago, AdvancedSetup said:

Sorry about that. We've locked down the forums to stop another forum of abuse we were having. Try to download now please.

 

Done, thanks.  Back soon.

Share this post


Link to post
Share on other sites

Yeah, 19:13 here currently.

Fixlog.txt attached.  I can already tell the connection error seems fixed.  :)

Thanks guys.  Anything else required?

Fixlog.txt

Share this post


Link to post
Share on other sites

We're all done here unless there is something else you need or want.


Windows Resource Protection found corrupt files and successfully repaired them.

 

Share this post


Link to post
Share on other sites

You're AWESOME, Ron!  I can't thank you enough.  I'll just have a quick try at installing WFC and see what it says this time.

Yay!  no error.

Thanks again @AdvancedSetup, you do great work.

Cheers,
Dave

Share this post


Link to post
Share on other sites

You're quite welcome Dave.

When you have time you should check your Event Viewer logs and if any ongoing errors (normally in RED) you should see if you can research them and fix them.

I normally give the speech to people that have been cleaned up of malware but it's pretty good advice for everyone.

 

 

If you're not backing up your data and you're still using Google Chrome then you're just not serious about Privacy, Safety, and protecting your data. Malwarebytes is a fantastic program but you still need to back up your data and you still need to block scripts and Ads in your browser. 
If you're still using Google Chrome I would highly suggest you consider using Firefox instead. For more advanced users you might consider installing NoScript as well (it does have a higher learning curve though)

PrivacyTools - Encryption, and tools to protect against global mass surveillance - https://www.privacytools.io

Help Secure your browsers
 
You may be interested in using our new Malwarebytes Browser Guard to help protect your browser from items that uBlock or others don't target.

Please install uBlock Origin for your browsers to better protect your system.

FireFox, ChromeOpera , SafariMicrosoft Edge
AdBlock Plus for Internet Explorer

How to use uBlock Origin to protect your online privacy and security | uBlock Origin tutorial 2018
This video tutorial above explains how to use uBlock Origin in advanced user mode and all the advanced settings to protect your online privacy and help prevent unwanted sites from changing your browser settings

Delete Cookies Automatically

Cookie AutoDelete plugin
Chrome  | Firefox 

Browser push notifications: a feature asking to be abused
HTTPS Everywhere
NOTHING TO HIDE documentary

Review your email and Office choices

Quit Gmail for free encrypted email - Tutanota
Why ProtonMail Is More Secure Than Gmail
LibreOffice - Free and open source office suite

Use Password Management software

Bitwarden
KeePass Password Safe

Make sure you use a strong master password
Then set the key transformation settings (the link below helps provide information on how to choose good settings)
https://pthree.org/2016/06/29/further-investigation-into-scrypt-and-argon2-password-hashing
KeePass Password Manager: Full Detailed Setup (good YouTube video on setup and using Keepass but choose the Argon2 method for Key transformation)

Encrypted Instant Messenger and Voice Calls

Please review the following site for a breakdown of features of different Messenger applications.

SafeSwiss
Riot
Signal
Wire     
NOTE: Recent news of Wire having new investors and moving to the United States.
Wickr Me

Follow-up Reading

Everything you need to know about cybercrime
10 easy ways to prevent malware infection 
Keep your data backed up

Thank you for choosing Malwarebytes as your preferred security protection software and tell your friends and family too. We're here to help.


 

 

Share this post


Link to post
Share on other sites
2 minutes ago, AdvancedSetup said:

You're quite welcome Dave.

When you have time you should check your Event Viewer logs and if any ongoing errors (normally in RED) you should see if you can research them and fix them.

I normally give the speech to people that have been cleaned up of malware but it's pretty good advice for everyone.

Understood.  Will do.  I got turned off looking at Event Viewer because so many events aren't worth worrying about.  It's just Windows.

All very good advice.

Cheers,
Dave

Share this post


Link to post
Share on other sites

@Krusty is there any place you can make exclusions in BlackFog Privacy?

Share this post


Link to post
Share on other sites

If you mean about the connection issue, I was having a problem on Linux too.  I've just swapped my router over and will see how that goes.

Share this post


Link to post
Share on other sites
7 minutes ago, Krusty said:

I was having a problem on Linux too. 

That is a good test. Not everyone knows how to do that though.

8 minutes ago, Krusty said:

I've just swapped my router over and will see how that goes.

They do not last forever.

Share this post


Link to post
Share on other sites
2 minutes ago, Porthos said:

They do not last forever.

The one I was using I purchased from my ISP.  it has IPv6 enabled.  The Netgear I'm using now has IPv6 disabled.  I'm not sure if that is at all relevant.

Share this post


Link to post
Share on other sites
5 minutes ago, Porthos said:

That is a good test. Not everyone knows how to do that though.

I should of mentioned it before but this machine is dual-boot with Kubuntu.

Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.