THE WELCH COMPANY
440 Davis Court #1602
San Francisco, CA 94111-2496
415 781 5700
rodwelch@pacbell.net
S U M M A R Y
DIARY: March 31, 2002 07:38 PM Sunday;
Rod Welch
Purchased McAfee virus protection program.
1...Summary/Objective
2...McAfee Virus Program v 6.0 Installed on C13
....1...Virus definitions (DAT) updates for one year after product
....2...FREE Online Product Upgrade. Within ninety (90) days of
3...McAfee Virus Program Installed on C12, Norton Removed
4...Norton Virus Program Could Not Run Successfully
5...Virus Infected 2 Files on C11 in Concord
6...McAfee Installed on C11 in Concord, Virus Found on 2 Different Files
..............
Click here to comment!
CONTACTS
SUBJECTS
Virus Notice from Jennifer that Patty Sent Email Hi That is a Virus
Norton Failed to Execute on C11
Acquisition McAfee Office 2000 for W95 and W98
C11 Install McAfee Office for W95 and W98
Norton Virus Program Removed in h 00 16
MacAfee Virus Progam Installed Required Removing Norton
McAfee Virus Scan 6.0 Purchased and Installed on C13 in San Francisco
C13 Install McAfee Virus Scan v 6.0
Installation Code Put on G 00 NAVNT
Removed from C11 C12 and C13 Replaced by McAfee
Program Updates Free Within 90 Days of Purchase on 020331
Virus Definitions Updated Free for 1 Year from Date of Purchase on 02
1414 -
1414 - ..
1415 - Summary/Objective
1416 -
141601 - Follow up ref SDS 3 0000.
141602 -
141603 - Got the virus problem fixed that was reported by Jennifer on 020330.
141604 - Could not get the Norton program to work, ref SDS 0 ZE3F, so purchased
141605 - McAfee and got it installed on c11. ref SDS 0 8N5O Found several
141606 - files infected by a virus. These were deleted and the system seems to
141607 - be working correctly now. ref SDS 0 3Z9I
141608 -
141609 - [On 041108 tried to update Mcafee virus definitions; was told
141610 - have buy a new program. More problems occurred, which McAfee
141611 - was unable to solve. ref SDS 5 YN4O
141613 - ..
141614 - [On 041205 abandoned McAfee. ref SDS 6 RQ6N
141616 - ..
141617 - [On 041223 installed Pccillin to replace McAfee. ref SDS 7 RU6G
141618 -
141619 -
141620 -
141622 - ..
1417 -
1418 -
1419 - Progress
142001 - ..
142002 - McAfee Virus Program v 6.0 Installed on C13
142003 -
142004 - Follow up ref SDS 3 QJ8O.
142005 -
142006 - Today, we visited Drisc and Bob Bronis in Sunnyvale for Easter.
142007 -
142008 - On the way back we stopped in San Francisco, and I tried to download
142009 - McAfee on c13. Used Google to search for an Internet address on
142010 - MacAfee Virus Scan 6.0 and found a location...
142011 -
142013 - ..
142014 - http://www.mcafee-at-home.com/
142015 -
142017 - ..
142018 - This location has a link to McAfee v. 6.0....
142019 -
142020 -
142021 - http://www.mcafee-at-home.com/products/virusscan/default.asp?m=1
142022 -
142024 - ..
142025 - Placed....
142026 -
142027 - Order Number.................. 16095523
142029 - ..
142030 - Cost.......................... $49.95
142031 -
142032 - [On 020506 paid Discover card. ref SDS 4 C14M
142034 - ..
142035 - McAfee VirusScan.............. v6.02.1019
142037 - ..
142038 - Serial Number................. E000-VB14-G8RY J Virus
142039 - definitions............. 4.0.4194
142041 - ..
142042 - Created on.................... 020327
142044 - ..
142045 - Scan Enginer.................. 4.1.60
142047 - ..
142048 - Received ref DRT 1 0001 from McAfee's store managed by beyond.com.
142049 -
142050 - This shows....
142051 -
142052 - MCAFEE SN107852
142053 -
142054 - .... ref DRT 1 0073 Next monthly statement will show a charge
142055 - from beyond.com. ref DRT 1 SP5K
142057 - ..
142058 - Received a second letter, ref DRT 2 0001, explaining....
142059 -
142060 - 1. Virus definitions (DAT) updates for one year after product
142061 - installation. After one year, an additional year of virus
142062 - definitions is available for $4.95 (USD) via online purchase.
142063 - ref DRT 2 CI5O
142065 - ..
142066 - 2. FREE Online Product Upgrade. Within ninety (90) days of
142067 - purchase you may download one (1) free upgrade. ref DRT 2 UI6M
142068 -
142069 - [On 041108 tried to update Mcafee virus definitions; was
142070 - told have buy a new program. More problems occurred, which
142071 - McAfee was unable to solve. ref SDS 5 YN4O
142072 -
142074 - ..
142075 - Downloaded about 32 MB and put it in....
142076 -
142077 - g: 00 mcafee vsc602bi.exe
142078 -
142079 - ...for future use. Transferred this installation file to c12 for
142080 - copying to c11 in Concord.
142082 - ..
142083 - Ran the program to install McAfee.
142085 - ..
142086 - McAfee Installation operation recommended removing Norton virus
142087 - program on...
142088 -
142089 -
142090 - h: 00 16
142091 -
142092 -
142093 - ...so did that, and after Norton was removed, the program closed
142094 - Windows and booted the program. When operating system was back
142095 - online, had to start installation operation again. This time it ran
142096 - successfully.
142097 -
142098 - [...same thing occurred with c11. ref SDS 0 8N5O
142100 - ..
142101 - Installed McAfee in...
142102 -
142103 -
142104 - h: 00 23
142106 - ..
142107 - After installation, updated the virus definitions using the menu
142108 - options in the program.
142110 - ..
142111 - Transferred the installation file to c12.
142113 - ..
142114 - Did not have time today to run the program on c13 today, because we
142115 - were only stopping by the office in San Francisco on the way home from
142116 - visiting Bob and Drisc in Sunnyvale for Easter.
142118 - ..
142119 - A few days later on 020403 came to the City and ran McAfee and
142120 - it reported no virus was found.
142121 -
142122 -
142123 -
142124 -
142125 -
142126 -
1422 -
SUBJECTS
Virus Protection, Acquisition McAfee
McAfee Office 2000 for W95 and W98
C12 Install McAfee Office for W95 and W98
Norton Virus Program Removed in h 00 16 on c12
MacAfee Virus Progam Installed Required Removing Norton on c12
McAfee Virus Scan 6.0 Purchased and Installed on C13 in San Francisco
C13 Install McAfee Virus Scan v 6.0
2409 -
241001 - ..
241002 - McAfee Virus Program Installed on C12, Norton Removed
241003 -
241004 - Tried running Norton virus program on c12 which is in...
241005 -
241006 -
241007 - h: 00 06
241008 -
241009 -
241010 - ...and this failed.
241012 - ..
241013 - After downloading the installation program for McAfee to c13, copied
241014 - the file across the network to c12 and put it in...
241015 -
241016 -
241017 - g: 00 mcafee vsc602bi.exe
241018 -
241020 - ..
241021 - Ran the installation program. The program installed, but there was no
241022 - message to remove Norton, as occurred when installing on c11, per
241023 - above. ref SDS 0 SH5K This probably happened because Norton does not
241024 - seem to be active on c12. It is not listed in the Program menu.
241026 - ..
241027 - Ran the program. It worked successfully.
241029 - ..
241030 - Did not take time to update virus definitions for McAfee on c12.
241032 - ..
241033 - It would have taken 5 minutes or so to connect the modem, and Millie
241034 - was in a hurry to leave.
241036 - ..
241037 - We almost never use the modem with c12 and so the chances of getting
241038 - a virus are very small on this machine.
241040 - ..
241041 - Removed Norton virus program from....
241042 -
241043 -
241044 - h: 00 16
241046 - ..
241047 - A few days later on 020403 was in the City and so connected c12 to
241048 - the DSL cable through the network card. Ran McAfee and selected the
241049 -
241050 - ..
241051 - Update Virus Definitions
241052 -
241053 -
241054 - ...option. Then ran the program and got report that the system does
241055 - not have a virus.
241056 -
241057 -
241058 -
241059 -
241060 -
241061 -
241062 -
2411 -
SUBJECTS
Virus Notice from Jennifer that Patty Sent Email Hi That is a Virus
Norton Failed to Execute on C11
Virus Protection Acquisition
Error Message on System Shut Down as a Result of Virus
Norton Virus Program Removed from C11 C12 and C13
3107 -
310801 - ..
310802 - Norton Virus Program Could Not Run Successfully
310803 -
310804 - Follow up ref SDS 3 0001.
310805 -
310806 - We have been getting an error message today when we try to restart the
310807 - computer.
310808 -
310809 - After McAfee was installed, and run, per below, ref SDS 0 8N5O,
310810 - the error message seems to have disappeared after clearning virus
310811 - infected files.
310813 - ..
310814 - Initially tried to delete the Norton progam using the Remove program
310815 - option in the Norton menu for Programs under Start. This failed.
310816 - Tried again to use Add/Remove Programs in the Control Panel listed in
310817 - the system directory file for c11. This failed, per experience
310818 - yesterday. ref SDS 3 KP5M
310820 - ..
310821 - Thought that McAfee installation operation that deleted Norton on c13,
310822 - per above, ref SDS 0 SH5K, might succeed where other methods have so
310823 - failed, but this failed also, per below. ref SDS 0 MQ7L
310825 - ..
310826 - As a result, it was necessary to find a way to delete the Norton code
310827 - on c11. This evening reviewed again the record on 010222 and noticed
310828 - it says...
310829 -
310830 -
310831 - Used code on h: 00 16 to run setup.exe
310832 -
310833 -
310834 - .... ref SDS 2 HU54 This strongly suggests there is installation code
310835 - on c13 somewhere, and since this aligns with procedure and practice to
310836 - put installation code on the disk, decided to look further for an
310837 - install.exe file on c11, somewhere on...
310838 -
310840 - ..
310841 - h: 00 06
310842 -
310843 -
310844 - ....since if it is on c13, it is likely also on c11 for the same
310845 - reason, i.e., to faciliate installation that is needed today. The
310846 - problem seems to be that on 010222 there was not enough time to create
310847 - a clear enough audit trail that shows what was done, what was used and
310848 - where things are located. We invested some intellectual capital, but
310849 - not enough to be effective when rushed, as I was yesterday.
310851 - ..
310852 - Today, eventually found code to install the Norton program.
310854 - ..
310855 - Yesterday, I could not find this code because could not recognize.....
310856 -
310857 -
310858 - h: 00 16 vbox installers symant...\navnt install.exe
310859 -
310860 -
310861 - ...is the directory and launch program for installing the Norton
310862 - virus program.
310864 - ..
310865 - In order to find this stuff easier the next time, moved navnt to...
310866 -
310867 -
310868 - g: 00 navnt
310869 -
310870 -
310871 - ...where navnt =
310873 - ..
310874 - Norton Anti Virus program for NT
310875 -
310876 - ...and where "NT" means the same thing as Windows 2000.
310878 - ..
310879 - Even though we eventually deleted the Norton virus program, will keep
310880 - the installation code in case want to try it again at a future time.
310881 -
310883 - ..
310884 - Ran....
310885 -
310886 -
310887 - g: 00 navnt install.exe
310888 -
310889 -
310890 - ....to install Norton in the same directory...
310891 -
310893 - ..
310894 - h: 00 16
310895 -
310897 - ..
310898 - This was successfull, however the Norton program still would not run,
310899 - returning save error message as yesterday. ref SDS 3 0001 The record
310900 - on 010222 says the same problem occurred and was solved by installing
310901 - Norton in a different disk partition. ref SDS 2 QY4N
310903 - ..
310904 - Tried installing Norton on....
310905 -
310906 -
310907 - e: 00 16
310909 - ..
310910 - This worked. Norton ran successfully after being installed on the e:
310911 - drive, similar to experience on 010222. ref SDS 2 QY4N
310913 - ..
310914 - Norton reported no viruses. However, the program says the virus
310915 - definitions are 400 days out of date because we have installed the
310916 - program acquired over a year ago. Norton messages recommended
310917 - updating the definitions, otherwise the program is of no value.
310919 - ..
310920 - Ran live update, which is a menu feature in Norton that connects to
310921 - their web site over the modem and downloades new viruses based on the
310922 - difference between the date of last update and the current date.
310924 - ..
310925 - This operation to download new virus definitions paused after getting
310926 - about 30% complete. A message says to wait a few minutes. After 20
310927 - minutes decided it was broke. Tried to cancel. Got another message
310928 - said it takes a few minutes. After 20 minutes decided the cancel
310929 - operation is broke, so used Task Manager to end the program. Did this
310930 - twice with same result. Decided Norton cannot be run successfully.
310932 - ..
310933 - Was able to remove Norton using the Norton remove program as a result
310934 - of installing it today on....
310935 -
310936 -
310937 - e: 00 16
310939 - ..
310940 - Since this installation on the e: drive reset the w2k registry, the
310941 - remaining Norton code on ...
310942 -
310943 -
310944 - h: 00 16
310945 -
310946 -
310947 - ...was no longer blocked from being deleted. Was then able to delete
310948 - this directory so that Norton virus program is no longer on c11.
310950 - ..
310951 - Thus, we have the installation code on g: but the program has been
310952 - removed from c11.
310953 -
310954 -
310955 -
310956 -
310957 -
310958 -
310959 -
3110 -
SUBJECTS
Virus Notice from Jennifer that Patty Sent Email Hi That is a Virus
Norton Failed to Execute on C11
Virus Protection
McAfee Office 2000 for W95 and W98
C11 Install McAfee Office for W95 and W98
Norton Virus Program Removed in h 00 16
MacAfee Virus Program Installed in h 00 23
Program Updates Free Within 90 Days of Purchase on 020331
Virus Definitions Updated Free for 1 Year from Date of Purchase on 02
4111 -
411201 - ..
411202 - Virus Infected 2 Files on C11 in Concord
411203 - McAfee Installed on C11 in Concord, Virus Found on 2 Different Files
411204 -
411205 - Installation code for McAfee purchased earlier this evening in San
411206 - Francisco and downloaded to c13, per above, ref SDS 0 RE7H, was
411207 - transferred from c12 to C11 in Concord.
411208 -
411209 - Put the installation code on c11 in...
411210 -
411212 - ..
411213 - g: 00 mcafee vsc602bi.exe
411214 -
411215 - ..
411216 - Tried to install McAfee. Got similar error message received
411217 - during installation on c13, to delete Norton, per above. ref SDS 0
411218 - SH5K
411220 - ..
411221 - Clicked OK, but got error message after the operation started, that
411222 - deleting Norton failed. I had hoped the McAfee operation might be
411223 - successful where the W2K Add/Remove Program operation failed, and the
411224 - Norton menu option failed, per above. ref SDS 0 MP3O
411226 - ..
411227 - Was eventually successful in removing the Norton program, per above.
411228 - ref SDS 0 BL9F
411230 - ..
411231 - McAfee installed successfully.
411233 - ..
411234 - Downloaded virus definitions updated.
411235 -
411236 - 1 year of free virus updates, per above. ref SDS 0 LJ3G
411237 -
411238 - 3 months to upgrade the McAfee program, per above. ref SDS 0 KQ4J
411239 -
411241 - ..
4113 -
4114 -
4115 - 0024
4116 - ..
411601 - By this time it was after mid-night.
411603 - ..
411604 - Ran McAfee virus protection.
411606 - ..
411607 - Discovered two files were infected....
411608 -
411609 - 1. 0145....virus: backdoor-sub.svi
411610 -
411611 - h: 00 19 dialer update.exe
411612 -
411613 - Was given choice to delete or clean. Chose "clean" and the
411614 - file was deleted, evidently indicating the file could not be
411615 - saved.
411616 - ..
411617 - Research a few days later shows this file is not on c13,
411618 - indicating it was added by the virus attack. So the fact
411619 - it was deleted does not require that it be replaced.
411620 -
411621 - 2. 0201....virus: w32igoner@mm
411622 -
411623 - i: 00 02 system32 gone.scr
411624 - ..
411625 - Research a few days later shows this file is not on c13,
411626 - indicating it was added by the virus attack. So the fact it
411627 - was deleted does not require that it be replaced.
411628 - ..
411629 - When the virus scan completed, it reported....
411630 -
411631 - scanned files.......... 114481
411632 -
411633 - infected files......... 2
411634 -
411635 - Deleted files.......... 2
411636 - ..
411637 - Need to reinstall dialer.
411639 - ..
411640 - Need to reinstall W2K maybe.
411642 - ..
411643 - No indication that IE has been infected.
411645 - ..
411646 - The problem with w2k reported above, ref SDS 0 ZE3F, disappeared.
411647 -
411648 -
411649 -
411650 -
411651 -
411652 -
411653 -
411654 -
411655 -
411656 -
4117 -