Sophos Anti-Virus for Windows 2000+: Installation failed

Reading Time: < 1 minute

This one seems to bug lots of Sophos AntiVirus admins.

When you install or try updating Sophos on a XP PC, the install tries installing but then fails. If you hover over the sophos icon located in the taskbar, it displays ‘update failed’.

The issue is highly likely to be related to permissions within the registry.

Try this:

The issue may be related to a permission issue on the following registry key:
HKLM\Software\Microsoft\WindowsNT\Current Version\Windows\

1) Locate the above key, if you get an error when clicking on the Windows key, you have located your problem. If you don’t chedck that everyone has not been denied rights to the key. If yes, continue with the procedure below.

2) Right click on the Windows registry key and click permissions you may find its empty. If it’s empty, click advanced and change the ownership to yourself.

3) Or You may find ‘Everyone’ with deny access, if this is the case click and remove the group ‘Everyone’ and click OK.
Right click the Windows key and if the permissions have been restored, the above key will show all of it’s permissions.
Try the install or update again

Getting a blank page when accessing Internet

Reading Time: < 1 minute

If you’re getting a white page when accessing Internet Explorer, reset your Internet Explorer settings by clicking tools, internet options, advanced tab and click the reset button. Do the same for the security tab.

Close Internet Explorer and try again.

If you still experience the issue, disable Internet Explorer add ons and enable one by one until you find the one causing issues.

Anti Malware Doctor

Reading Time: < 1 minute

If you have Anti Malware Doctor installed on your machine, it’s spyware/virus. You will receive messages such as virus detected or virus detected which may dial out to an expensive telephone number etc etc, and will prompt you to purchase the software to remove.

Download http://www.superantispyware.com/ and scan your machine. There are lots of spyware removal software available on the Internet, but this is one which picked up and removed Anti Malware Doctor, where as a couple of other removal software I tried did not.

How to manually remove VirusScan Enterprise

Reading Time: 3 minutes

How to manually remove VirusScan Enterprise 8.0i

You come across an issue, where you are unable to start the McAfee McShield service and receive error access denied.

You are unable to install a newer version of McAfee as you receive a message to say you have insufficient priveleges.

You have tried removing McAfee but unable to remove the McAfee McShield Service.
I found the below instructions from McAfee helpful.

IMPORTANT: 

  • The following instructions are intended to be used as a last resort for removing VirusScan Enterprise. Before attempting a manual removal, try all other methods first. Administrators should use discretion when employing this solution.
  • These steps do not include instruction for removing the McAfee Error Reporting Service and Common Framework Service as these components may be shared with other McAfee products. 
CAUTION: This article contains information about opening or modifying the registry.
  • The following information is intended for System Administrators. Registry modifications are irreversible and could cause system failure if done incorrectly.
  • Before proceeding, McAfee strongly recommends backing up your registry and understanding the restore process. For more information, see: http://support.microsoft.com/kb/256986
  • Do not run a .REG file that is not confirmed to be a genuine registry import file.

Manual removal procedure

Step 1 – Stop and Disable running McAfee and other services

 

  1. Click Start, Run, type services.msc and press ENTER.
  2. Right-click McAfee Framework and select Stop.
  3. For each of the following services, right-click, select Properties, set the Startup type to Disabled, click Stop, and click OK.Network Associates McShield (McShield.exe)
    Network Associates Task Manager (VsTskMgr.exe) 
  4. If Simple Network Management Protocol (SNMP) service is running it will lock the VSE80i Mcvssnmp.dll. To unlock the file and allow it to be deleted please stop the following servicesSNMP Service
    SNMP Trap Service

Step 2 – Remove components

  1. Click Start, Run, type cmd and press ENTER.
  2. Change directory to:  \Program Files\Common Files\Network Associates\Talkback.
    Type TBMON -Delref and hit Enter to decrement the counter for the McAfee Error Reporting Service.
  3. Change directory to: \Program Files\Network Associates\VirusScan.
  4. Type Naiavfin -u and press Enter to flag the McAfee Filter (naiavfnx.sys) and TDI (mvstdinx.sys) drivers for removal after a system restart.
  5. Type cd \Program Files\Network Associates\Common Framework and press ENTER.
  6. Type Frminst /remove=updater and press ENTER to decrement the counter for the Common Framework service.
  7. Type cd \Program Files\Network Associates\VirusScan and press ENTER.
  8. Type Regsvr32 /u Scriptproxy.dll and press ENTER to unregister the .DLL for Script Scanning.
  9. If the McAfee AntiSpyware Enterprise Module 8.0 is installed, type CSSCAN /UninstallMAS and press ENTER to remove it.


Step 3 –
Delete registry values

  1. Click Start, Run, type regedit and press ENTER.
  2. Navigate to [HKEY_CLASSES_ROOT\*\ShellEx\ContextMenuHandlers\VirusScan].
  3. Right-click the VirusScan key and select Delete.
  4. Navigate to [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run].
  5. Right-click the value ShStatEXE and select Delete.
  6. Restart your computer.NOTE:  At this time, VirusScan Enterprise (VSE) components are no longer running and your system is unprotected. For security, you may want to disconnect from your network to continue working.

Step 4 – Remove Registry Keys

  1. Click Start, Run, type regedit and press ENTER.
  2. Select Edit, Find.
  3. Delete language dependent registry key:For VSE 8.0i English, type BB1D3FD5E498DCD4285751A99C28B934
    For VSE 8.0i German, type B1D6580FEE1125641847AE3F5DBAC666

    For VSE 8.0i Japanese, type 2CE70B0B82FF434458D8D84333E8734F

     
  4. Click Find Next.
  5. Delete any matching entries found.
  6. Repeat until no further entries are found.
  7. Navigate to each of the following keys, right-click each, and select Delete:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McShield]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McTaskManager]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NaiAvFilter1]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NaiAvFilter10n] (where n is any number]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EntDrvnn] (where nn is any number)
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NaiAvTdi1]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\Epolicy Orchestrator\Application Plugins\VIRUSCAN8000]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\Alert Client\VSE]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\Detect]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\Entercept]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\McPAL]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\McVSSNMP]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\NVP]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\On Access Scanner]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\On Demand Scanner]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components\VirusScan Engine]
    [HKEY_LOCAL_MACHINE\Software\Network Associates\TVD\VirusScan Enterprise]For VSE 8.0i English delete:[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
    \{5DF3D1BB-894E-4DCD-8275-159AC9829B43}]For VSE 8.0i German delete,

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
    \{F0856D1B-11EE-4652-8174-EAF3D5AB6C66}]

    If the AntiSpyware Enterprise Module was installed then also delete:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VSEMAS__8000]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    \Uninstall\McAfee Anti-Spyware Enterprise Module]

     

  8. Navigate to the following key, right-click the value Exchange Scan and select  Delete:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions] 
  9. Navigate to the following key, right-click the value C:\WINDOWS\System32\EntAPI.dll, and select Delete:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    \CurrentVersion\SharedDLLs]

Remove Directory Structure

Step 5 –

Use Windows Explorer to navigate to each of the following folders. Right click each, and select Delete:

\Program files\Network Associates\VirusScan
\Program files\Common files\Network Associates\Engine
\Documents and Settings\All Users\Start Menu\Programs\Network Associates
\Documents and settings\All Users\Application Data\Network Associates\BOPDATA
\Documents and settings\All Users\Application Data\Network Associates\VirusScan

Step 6 – Remove Files

  1. Use Windows Explorer to navigate to C:\WINDOWS\System32.
  2. Right-click EntAPI.dll and select Delete.
  3. Navigate to C:\WINDOWS\System32\Drivers.
  4. Locate the following files, right-click each one and select Delete.MVSTDInn.SYS
    NAIAVFnn.SYS
    EntDrvnn.SYS
    NOTE: nn will be two alphanumeric characters such as 5x.


If the Lotus Notes Client is installed:

  1. Open each copy of NOTES.INI and remove the following two lines:AddInMenus=NCMenu
    EXTMGR_ADDINS=NCExtMgr 
     
  2. Delete the following files from the Lotus Notes Program Files folder (default location C:\Program Files\Lotus\Notes)NCInstall.dll
    NCDaemon.exe
    NCTrace.dll
    NCScan.dll
    NCExtMgr.dll
    NCMenu.dll

McAfee recommends the following to ensure a complete cleanup of VirusScan Enterprise:

Empty all files from the following TEMP folders:

C:\Documents and Settings\<User>\Local Settings\Temp
C:\WINDOWS\Temp

Remove previous .MSI file:

  1. Navigate to C:\WINDOWS\Installer.
  2. Right-click each .MSI file and select Properties.
  3. Click the the Summary tab.
  4. If the Summery shows VirusScan, click OK, right-click the file and select Delete.

Remove the VirusScan Enterprise icons folder:

  1. Navigate to C:\WINDOWS\Installer\VSE 8.0i English Right click the {5DF3D1BB-894E-4DCD-8275-159AC9829B43} folder and select Delete.VSE 8.0i German,  Right click the {F0856D1B-11EE-4652-8174-EAF3D5AB6C66} folder and select Delete. VSE 8.0i Japanese, Right click the {B0B07EC2-FF28-4434-858D-8D34338E37F4} folder and select Delete
  2. Restart your computer.

See details at: https://kc.mcafee.com/corporate/index?page=content&id=KB58597
Source: McAfee