From: Ron Reaugh on

"cquirke (MVP Windows shell/user)" <cquirkenews(a)> wrote in
message news:69cbb1l2i42l16c82sh2hq90e86de52kdo(a)


> Because of the "product activation" commercial malware factor,
> "Norton" would be at the very bottom of my list. I'm using AVG as
> resident scanner, and Trend SysClean and F-Prot for DOS as my
> on-demand scanners for formal post-infection interventions.

RIGHT, like most the other well informed.

From: Kaimbridge on
cquirke (MVP Windows shell/user) wrote:

>> On a couple of programs I've run, I've gotten the "16 bit MS-DOS
>> Subsystem" error box, "C:\PROGRA~1\Symantec\S32EVNT1.DLL. An
>> installable Virtual Device Driver failed Dll initialization. Choose
>> 'Close' to terminate the application."
>> Doing a Google search, I see that it is the result of a
>> faulty/corrupt Symantec (i.e., Norton) register--HUH!!!:
> Register? Hardware processors have registers, software may have
> registry entries. Do you mean, registry entry?


>> But, sure enough, while visiting the registry (regarding a separate
>> issue--see below), there *is* a Symantec registry folder!?!

Under HKEY_CURRENT_USER/Software/Symantec, there is a "LiveUpdate
Administration Utility" folder, and under
HKEY_LOCAL_MACHINE/Software/Symantec, there are several folders:
"CCPD-LC", "IDS", "InstalledApps", "PaqchInst", "SharedUsage",
"Symevent" and "SymNetDrv"!.

I went to their site and searched, and came up with the culprit:

# The two most common causes for the error messages to display when
# launching 16 bit applications are outdated (older) Symantec Event
# files (Symevnt) or a corrupt registry key. To resolve the problem,
# use the steps in the following sections.
# Update the Symevnt files
# To update Symevnt files, download and run the Sevinst.exe update
# file.

I bit and ran it and it did seem to cure it (though now in "Program
Files/Symantec", there are five brand new files: S32EVNT1.DLL,

>> Could SP2 have added the Symantec folder?
> Possibly. In some cases, registry settings and/or Program Files
> subdirs may be pre-seeded so that appropriate permissions can be set,
> and so on. That may be the case here.. or you may already have active
> malware that's seeded its own "Norton" material, either to kosh
> "Norton" or as protective camoflage. As "Norton" contains its own
> commercial malware - a hidden system designed to DoS you if it
> "thinks" you are breaking their precious licensing terms - you'd not
> want to pick a fight with it, deleting arbitrary files etc.

I had considered seeing if I could remove their program/registry files,
but came to the same conclusion you did: Let sleeping dogs lie!

> So pretending to be a part of "Norton" is quite smart. even if those
> files or settings didn't have a particular counter-NAV purpose.

>> The reason that I was in the registry was that SP2 locked out
>> WordPad's ability to load "Word For Windows 6.0" ".doc" files,
>> due to an apparent security hole.
> That's interesting. WordPad doesn't interpret Visual Basic for
> Attacks or Word macros, so they must be hedging against some sort of
> code exploit

These two pages give the cure:

I tried it and .doc files open fine now! P=)


Wanted-Kaimbridge (w/mugshot!):
Digitology-The Grand Theory Of The Universe:

***** Void Where Permitted; Limit 0 Per Customer. *****

From: Marco A. Cruz Quevedo on
Why not jus give atry to:


I have been using it for 2 years and does the job!


From: ktvoelker on
But when a group of people make a product for themselves because they
need it, and aren't interested in turning it into a business, you can
get a good thing for free. Of course, this wouldn't have worked in the
1800's, when there weren't really any products that a person could give
away at no significant cost to themselves. But now software is such a
thing. Clam Antivirus ( is such a
community-created piece of software. It is free and freely
redistributable and alterable under the GNU General Public License, and
many major companies (Macintosh included) trust it.

From: cquirke (MVP Windows shell/user) on
On 22 Jun 2005 21:09:04 -0700, ktvoelker(a) wrote:

>Clam Antivirus ( is a community-created
>piece of software. It is free and freely redistributable and alterable
>under the GNU General Public License

Freely alterable? You mean I can create and distribute a malware'd
(sorry, "commercially value-added") version? :-)

I went to the Wiki but I could not edit. As I see this is a primarily
non-Windows initiative, I would have asked about a mOS version:
- bootable Linux CDR such as Knoppix, etc.
- ClamAV on a oft-updated, write-protected USB stick
- scan all files and report malware found (ClamAV doesn't clean)

>-------------------- ----- ---- --- -- - - - -
Tip Of The Day:
To disable the 'Tip of the Day' feature...
>-------------------- ----- ---- --- -- - - - -