Troubleshooting Scenarios


English: Windows XP Editions
English: Windows XP Editions (Photo credit: Wikipedia)

Troubleshooting Scenarios

Scenario 1: You might get an error message related to Windows Installer. This means the Windows Installer is corrupt.

Resolution: Follow the below methods to surpass the above issue:

Method 1: Reregister the Windows Installer

  1. Quit all Windows programs.
  2. Click Start, click Run, type msiexec /unregister in the Open box, and then click OK.
  3. Click Start, click Run, type msiexec /regserver in the Open box, and then click OK.
  4. Restart your computer.

Method 2: Remove the Windows Installer files

  1. Quit all Windows programs.
  2. Click Start, click Run, type msiexec /unregister in the Open box, and then click OK.
  3. In Windows Explorer, rename the following files in the %systemroot%\System32 folder:
  • Msi.dll
  • Msihnd.dll
  • Msiexec.exe

Note: If you cannot rename these files, try to rename the files at a command prompt. To start a command prompt, click Start, click Run, type cmd in the Open box, and then click OK.

  1. Restart Windows XP.

Method 3: Restart Windows XP in Safe Mode

Restart Windows XP in Safe Mode, and then retry Method 1 and Method 2

Method 4: Download latest version of Windows Installer

Download and install the latest version of Windows Installer from Microsoft website. This will upgrade the installed version.

Scenario 2

Already installed security software is not allowing to install the product thus causing a conflict or error during installation process

Ans- Do the following steps:

  1. Create a System Restore Point
  2. Check Add/ Remove Program and remove the already installed security software.
  3. If fail to do so then download the removal tool from the product manufacturer’s website and run the tool to remove the program
  4. Reboot the computer
  5. Install the security software

Scenario 3

There might be a possibility that the computer is already infected by any virus or spyware which is not allowing to install the security software

Ans- Do the following steps:

  1. Create a system restore point
  2. Update the virus definitions if there is an Antivirus/ Antispyware is already installed
  3. Run the Scan
  4. If there is no Antivirus/ Antispyware installed then you can run the online scan. Following links can be used for online scan:

Scenario 4

It might be a possibility that you have removed the already install Antivirus/ Antispyware application but it is not completely removed thus causing a conflict or error while installing another security application.

Ans- In such circumstances do the following:

  1. Download the removal tool, from the product manufacturer’s website
  2. Run the tool
  3. Reboot the computer
  4. Install another security software

Scenario 5

It might be a possibility that user is unable to use the internet after installing the security software.

Ans- This generally happens when the newly installed security software blocks the ports used to browse the web pages due to security reasons. In such scenarios do the following:

  1. Open the Security Software
  2. Go to Settings/ Advance Settings, where you can allow the ports
  3. Open or allow port number 80 and 443 to browse the website
  4. If you are using MS Outlook or any email client to check your mails then allow port numbers 110, 25.
  5. You can also contact your ISP for the port number used for SSL Accounts and the allow the given port numbers

Scenario 6

It might be a case when you are not able to boot the computer after installing the security software

Ans- In such scenarios do the following:

  1. Try to boot the computer by using LKGC
  1. Boot the computer by using Advance boot options (Safe Mode)
  2. Select the option Last known good configuration and then press Enter
  1. Perform Clean Boot
  1. Boot the computer by using Advance boot options (Safe Mode)
  2. Select Safe Mode option and then press Enter
  3. Perform clean boot by using Msconfig
  1. Use System Restore via Command Prompt
  1. Boot the computer by using Advance boot options (Safe Mode)
  2. Select Command Prompt option and then press Enter
  3. On the command prompt type the following commands:
  4. CD WINDOWS and then press Enter
  5. CD SYSTEM32 and then press Enter
  6. CD RESTORE and then press Enter
  7. RSTRUI and then press Enter
  1. Unable to boot XP based computer in Normal and Safe Mode

Computer Restarts after the XP logo. Computer is unable to boot to safe mode or any other options listed. Computer will show the ARC paths and hang at agp440 on the last line of the screen

This error is found to be caused by an incompatible/corrupted video driver.

Follow these steps to resolve the issue

  1. Boot computer in Recover Console
  2. At the Command Prompt type ListSvc Check out if you have the AGP440 listed there.
  3. Check for Agp440 service and that the startup type is set to ‘Boot’
  4. At the command prompt now type Disable Agp440 and press enter.
  5. You will receive a message that the registry setting for this service was found, and that its current startup state is ‘service_disabled’.
  6. Type exit, and then press ENTER.
  7. If you are prompted to start in Safe mode or Normal mode, start in Normal Mode.
  8. Windows XP includes default video drivers that make it possible for the system to work.

Troubleshooting

How to Manually Remove Virus

If you need to remove the virus manually then you need to perform the following steps:

Step1

  1. Create the backup by creating a System Restore Point.
  2. Check for unknown processes running in the Task Manager.
  3. If so, then highlight it and then click End Task.
  4. Check Add/Remove Programs list and uninstall any suspicious program.
  5. Check the Startup folder in your profile directory \Start Menu\Programs\Startup.
  6. Launch Windows Command Prompt
  7. Look for the directory or folder where the virus resides, generally virus resides in Temp folder and System folder: CD C:\System
  8. To show the hidden virus remove its attributes by using Attrib command: For Example Attrib -r -a -s -h ABC. Virus
  9. Delete the virus: For Example Del ABC. Virus

Step2

  1. Click Start and then click Run.
  2. Type Regedit and then press Enter, it will open Registry Editor Window.
  3. Highlight My Computer on the left Pane
  4. Press F3, to open Find Dialog box, type the virus name and then press Enter
  5. It will scan the registry hives and will highlight the searched entry.
  6. Delete the highlighted registry entry.
  7. Repeat the steps from No. 4 to 6, till it displays the message, no entry found.
  8. You can also check the following Registry Entries, if Virus entries are added to it then Delete the infected keys:
    1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    2. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    3. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    4. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    5. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    6. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

How to Manually Remove Spyware

You can remove a spyware using three methods, discussed underneath:

Remove Spyware Manually using Add or Remove Programs

  1. Clicking the “Start” button that is located on the bottom left hand corner of the desktop.
  2. From there, scroll the mouse up to the “Control Panel” button and double click this button.
  3. The Control Panel window will open, and provide you with a variety of tasks you can perform.
  4. Double click on “Add or Remove Programs”
  5. The “Add or Remove Programs” window opens and provides you with a list of programs installed on your computer.
  6. From here it is important to search for the spyware software that was installed onto your computer. Usually they will have names that are obviously associated with advertising such as Dealhelper or Bonzibuddy. You can highlight it by clicking it once.
  7. Then click the “Change or Remove” button, and follow the instructions to remove the spyware from your computer.
  8. Afterwards, it is recommended that the computer be rebooted again in normal mode.

Remove Spyware Manually Deleting Spyware Files

Another way to remove spyware manually from the computer is to research on the Internet the files that are specifically installed with a known spyware program.

From here it is just a matter of searching for these files, usually in your Windows “System” folder, and deleting them from there.

This method may cause error messages to appear when Microsoft Windows starts up, as Windows may attempt to run programs that no longer exist.

Remove Spyware Manually using HijackThis

It is also popular for many advanced users to download HijackThis and install it onto their computer.

HijackThis will return a list of all programs installed. You can also use it to manually remove registry entries installed by the spyware software.

Anti-virus reports a false positive

A false positive, also known as a false detection or false alarm, occurs when an antivirus program detects a known virus string in an uninfected file. The file, while not infected with an actual virus, does contain a string of characters that matches a string from an actual virus.

A false positive can also occur when a program performs an action, which appears to the antivirus program to be a virus-like activity.

Examples of such activity can include, but are not limited to, writing to the master boot record of the hard disk, making changes to a system file, or running a custom macro in a program such as Microsoft Word.

False detections, once confirmed, are usually corrected as soon as possible.

Troubleshooting Anti-virus false positive issues:

Situation 1: You encounter a Blue screen or DCOM error, followed by shutdown messages after you update your McAfee’s anti-virus to DAT file version 5958.

‘The file C:WINDOWS\system32\svchost.exe contains the W32/Wecorl.a Virus.

Undetermined clean error, OAS denied access and continued.

Detected using Scan engine version 5400.1158 DAT version 5958.0000.’

Resolution: McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.

What does the SuperDAT Remediation Tool do?

The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by first looking in%SYSTEM_DIR%\dllcache\svchost.exe. If not present, it attempts a restore from the following:

  • %WINDOWS%\servicepackfiles\i386\svchost.exe
  • Quarantine.

After the tool has been run, restart your computer.

Anti-virus is unable to update itself

The auto update feature of an anti-virus can stop due to below reasons:

  • Installing a firewall
  • Poor Speed of Internet Connection
  • Elevated administrative privileges

Troubleshooting Anti-virus Auto update scenarios

Problem 1: Norton Antivirus Live Update Fails to Update with the following error:

‘Error: “LU1814: LiveUpdate could not retrieve the update list

Resolution:

Step 1: Temporarily disable your firewall (for a brief test)

  1. Start the firewall program.

Most firewall programs display a small icon in the area near the clock. Try right-clicking or double-clicking the program icon.

  1. Temporarily disable the firewall.

Read the program’s help or contact the program publisher’s support for instructions

  1. Start your Norton program and run LiveUpdate
  1. Re-enable the firewall. Do this now whether or not LiveUpdate ran successfully.
  1. Do one of the following:
  • If LiveUpdate ran successfully when your firewall was disabled, go on to line 6.
  • If LiveUpdate did not run successfully when your firewall was disabled, go to Step 3.
  1. Change the settings in the firewall program so that the program allows the following file to connect to the Internet:

C:\Program Files\Symantec\LiveUpdate\LuComServer*.exe

If you are not sure how to do this, contact the firewall program publisher. When you have changed the rule, run LiveUpdate again.

Step 2: Check settings in a Windows file

Windows Vista

  1. Click the Start button, and then click Control Panel.
  1. In the Control Panel window, click Additional Options.
  1. Click Symantec LiveUpdate
  1. In the User Account Control window, click Continue.
  1. On the FTP tab, click I want to use my Internet Options FTP settings
  1. On the HTTP tab, click I want to use my Internet Options HTTP settings.
  1. On the ISP tab, click Internet Options in the Control Panel.
  1. Click Apply > OK.

Windows XP

  1. Click Start > Control Panel.
  1. In the Control Panel window, double-click Symantec LiveUpdate.

 If you do not see Symantec LiveUpdate, on the left side, first click Switch to Classic View.

  1. On the FTP tab, click I want to use my Internet FTP setting
  1. On the HTTP tab, click I want to use my Internet HTTP settings.
  1. On the ISP tab, click Internet Options in the Control Panel.
  1. Click Apply > OK.

Step 3: Download and install the latest version of LiveUpdate

Problem 2: McAfee antivirus won’t auto update and returns the below error message:

‘McAfee Common Framework returned error 80040154@1’

Resolution:

  1. Uninstall the McAfee Virus scan from your PC.
  1. Go to: Start –> Run, and type: regedit
  1. Go to: HKEY_LOCAL_MACHINE\SOFTWARE and delete the registry folder named: “Network Associates”.
  1. Close the regedit and restart the PC.
  1. Install the McAfee, restart the PC again.

Problem 3: PC Security Shield Virus Update Fails with the error:

‘Update Failed!’

Resolution: Be sure that you are connected to the internet while starting your updates. If you are connected then it is likely that the system is simply busy from many people running updates at that moment.

Try a different server. Open The Shield Antivirus, go to Updates and then Configure and select one of the other 3 (B,C, or D) servers for updates.

Troubleshooting scenarios while Manual Update of Anti-virus software:

Situation 1: You encounter the below error message while trying to manually update AVG Antivirus 9.0:

‘The update has failed due to a binary code’

Resolution: Uninstall and then re-install AVG Antivirus 9.0.

Situation 2: You get the below error message when you try to manually update your ZoneAlarm Security Suite:

‘anti-virus update error’

Resolution: Uninstall and then re-install ZoneAlarm Security Suite.

Situation 3: After hitting the ‘Update’ button of my anti-virus, I encounter the below error message:

‘Anti-virus/Anti-spyware:

Error: Unable to install’

Cause: Few reasons responsible for the above error message can be a result of:

  • Corrupted anti-virus settings
  • Running multiple security tools
  • Operating system damaged
  • Malware malfunction

Resolution: Try a Database Reset using below steps:

  1. Hold down the Ctrl and Shift keys together
  2. Right click on the anti-virus icon near your clock in the system tray lower right corner
  3. Choose ‘Reset’ from the box that comes up
  4. Choose Yes on the Reset Settings dialog box
  5. When prompted, choose OK to restart your system
  6. Follow the on screen configuration prompts after reboot

Situation 4: The below error message pops up when you try to manually update your AVG software:

‘The connection with update server has failed’

Cause: Your Internet connection is not fully functional.

Resolution: Follow the below steps to rectify the above issue:

  1. Open menu Start -> (Settings) -> Control Panel.
  2. Double-click on Network connections.
  3. Right-click on Local area connection and select Repair.
  4. Try to update AVG.

Situation 5: While trying to update my AVG anti-virus, you might encounter the below error message:

‘Invalid Update Control CTF File’

Cause: The above error message occurs due to temporary update files.

Resolution: Follow the below steps to delete the temporary update files:

  1. Double-click the AVG icon in the Notification area.
  2. Click the Tools menu and click Advanced Settings
  3. Navigate to the Manage option in the Update branch.

(The Manage option is included in AVG version 8.0.233 and higher.)

  1. Click the Delete temporary update files button.
  2. Click Yes to confirm removal

Situation 6: When trying to update your McAfee VirusScan Enterprise 8.5i edition, you encounter an error message similar to following:

‘Error occurred while loading COM componet:{9BE8D8A1-2DB5-4A29-A95F-50C8B27820DA}.

2006-12-6 19:26:21 HEWEI\Administrator Error occurred while getting point product callback component interface………….’

Cause: Registry entry corruption.

Resolution: Delete the below registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8000

Troubleshooting Antivirus Post Installation issues

Three common troubleshooting steps that resolve almost all antivirus issues are discussed below:

  • Update your antivirus software

Missing antivirus software updates could be the cause of your computer’s problem. To make sure your antivirus is up to date, follow these steps:

  1. Click to open Microsoft Security Center.
  2. Click Malware protection.
  3. If your software needs to be updated, click Update now.

If Windows can detect your antivirus software, it will be listed under Virus protection.

If your antivirus software is not displayed in Windows Security Center, go to the downloads section of your antivirus software provider’s website. Find the update for your version of the software and your operating system, and then install it. For more information, check the Help for your antivirus software.

Most antivirus software updates are free, but some providers charge a small fee for the updates. If you’re using an older version of the software, you might also have to pay to upgrade to a more recent version to continue to receive the updates.

  • Check for multiple antivirus programs running on your computer

Running two antivirus software programs on your computer at the same time is not recommended because the two programs can interfere with each other. Even if you don’t think your computer could be running two antivirus programs, antivirus software can sometimes come bundled with your computer and it might be running without your knowledge. To check if two antivirus programs are running, follow these steps:

  1. Click the Start button, click Control Panel, click System and Maintenance, and then click Administrative Tools.
  2. Double-click Services. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  3. Look at the list of services under the Name column. If you find two antivirus programs, right-click each service associated with one of the programs, and then click Stop. Note that there may be multiple services running for one antivirus program.
  • Contact the antivirus manufacturer

If you’ve completed the previous steps, it is recommended to contact the antivirus manufacturer directly for additional support.

Troubleshooting Real-Time Problems:

Situation 1: After you install CA anti-virus, the system starts running very slow.

Cause:

  • The CA Anti-Virus real time monitor scans an MSP file
  • Windows is trying to update / access the MSP file at the same time
  • An activity with the MSP file causes step (a) to repeat
  • An activity with the MSP file at step (a) causes step (b) to repeat.
  • Steps (a) and (b) go in a loop.
  • As computer’s memory is consumed for this process; it blocks you from other activities.

Resolution: Run the CA Anti-Virus hot fix that was released for this problem.

Situation 2: After installing McAfee antivirus 14, your MS Outlook 2007 does not open. Furthermore, you encounter the below error message each time you try to open your Outlook:

‘The add-in “McAfee Anti-Spam”  (c:\program~2\mcafee\msk\mskolplg.dll) cannot be loaded and has been  disabled by Outlook. Please contact the Add-in manufacturer for an  update. If not available, please uninstall the Add-in.’

Resolution: Follow the below steps to resolve the above error:

  1. Click trust center
  2. from the left pane click Add-ins
  3. Under manage (at the bottom) uncheck any addon for mcafee / do the same for Disabled item
  4. Close outlook and open it back to apply the effect

Situation 3: While trying to fix issues using Symantic, you encounter the above error message:

‘Error 1304: Error writing to file c:\programfiles\symantec antivirus\visurs defs/naveng.sys’

Resolution: Follow the below steps to resolve the issue:

  1. Open the system in safe mode and logon as the administrator.
  2. Uninstall Symantic anti-virus using ‘Add and Remove’ option.
  3. Now reinstall the latest version of the software.

Situation 4: When trying to open the AVG to scan the system, you encounter the below error message:

‘C:\Program Files(x86)\AVG\AVG9\avgui.exe

The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.’

Resolution: Uninstall AVG completely and reinstall it.

Situation 5: Your system shuts down several times in a day and generates the below error message:

‘Problem caused by antivirus or firewall program. Firewall or antivirus program caused blue screen error.’

The problem has been occurring since you updated your CA anti-virus software.

Cause: The updates are incompatible with your system or not downloaded correctly.

Resolution: Uninstall and then reinstall CA anti-virus software.

 

Advertisements