Topic: Help - Error 1920 Symantec Anti Virus

[Corbomite]

I seem to have gotten a virus that took over my browser and now I can't reinstall my antivirus program to kill it (don't ask why I uninstalled it... it's a long story). It gets to the Starting Services part of the install and then gives me Error 1920 and says to verify that I have the right privileges. Can someone Google this for me and find a fix? Everytime I try I get the right links from Google or any other browser, but when I click on them it tells me it can't find the web page or sends me somewhere other than it says.


Help!!!

[Age]

I wouldn't use Norton use AVG or Avast or Avira or Rising I will google that 1920 for you.

http://help.lockergnome.com/security/Error-1920-ftopict11194.html

here are all  the results from google

http://www.google.ca/search?hl=en&q=error+1920&btnG=Google+Search&meta=

[Nemesis]

With this type of situation software version helps.  Which OS version and service pack?  Which Symantec version?

[Dash Jones]

Ah, it sounds like you got the bad one that's been going around.  If it's the one that has hit several major sites, the reason you can't do that is that your admin rights have been taken, or at least some of the admin rights have been preempted from you.

The only way I could figure out to help the people I knew who got hit by it was a total reformat and OS reinstall.

Perhaps you're lucky and you didn't get that one, if not...you're hosed.

It wouldn't happen to be repeatedly telling you that you need an anti-virus would it or that you have been infected?

[Corbomite]

Ah, it sounds like you got the bad one that's been going around.  If it's the one that has hit several major sites, the reason you can't do that is that your admin rights have been taken, or at least some of the admin rights have been preempted from you.

The only way I could figure out to help the people I knew who got hit by it was a total reformat and OS reinstall.

Perhaps you're lucky and you didn't get that one, if not...you're hosed.

It wouldn't happen to be repeatedly telling you that you need an anti-virus would it or that you have been infected?

That's exactly what it is saying. It wants me to DL XP Antivirus Software, which I know is bogus. Thanks for the links Age. I'll try them.

[Age]

You are welcome it wants you to DL Windows Defender which isn't bad I got it as a precaution.

[Pestalence_XC]

Corb.. In my business, I deal with this all the time.

First.. You want to DL AVG Anti-Virus, Ad-Aware 2008 and Spybot Search and Destroy.

After intalling them, Update them completely, restart, using F8 and go into safe mode on the Admin's accoune and run the scans for all 3 programs from there.. It will take quite a while.

Next to restore your administrators keys..

To restore your Taskmanager

1.Click Start

2.Click Run

3.Type REGEDIT

4.Click OK The Registry Editor will now open

5.Browse to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system

6.In the right pane, look for the value: DisableTaskMgr

7.Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

8.Now browse to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

9.In the right pane, look for the value: DisableTaskMgr

10.Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

11.Close the Registry by choosing File | Exit

12.You should now be able to access Task Manager. If not, reboot into Safe Mode and repeat the steps outlined above.



To restore Regedit if unaccessable :

Step 1: Hit the window or click start button then press "r" or simply click the run

Step 2: type gpedit.msc

Step 3: Click on Administrative Templates

Step 4: Click the System and locate the Prevent access to registry editing tools and double click on it

Step 5: Select the enabled on the optionbutton the click apply.

Step 6: After clicking on apply select the disabled in the option button then click the apply again then click ok button when finished.



If you are having other problems like right clicking My Computer and not being able to access the Properties section (Admin privilidges revoked) let me know.. that takes a special fix.

[Corbomite]

Pesty,

Will those registry edits fix the 1920 error?

[Don Karnage]

try pccillin http://www.download.com/Trend-Micro-Internet-Security-Pro/3000-8022_4-10750557.html?tag=mncol&cdlPid=10884712

[Corbomite]

Thank you Don. All these program suggestions are great except for one problem.... I can't install anything until I get rid of the Error 1920 problem.

[Nemesis]

I've never run into a virus myself so I have never needed to recover from one so I can't be of much help.  If you have access to another system you might consider trying the Ultimate Boot CD (its on the free software list).  You would need another computer to create it and a Windows XP install CD (SP1 or later).  I've never used it myself but you might find it worth trying.

[toasty0]

Pesty,

Will those registry edits fix the 1920 error?

It should.

Also, what anti virus are you using?

[Corbomite]

Pesty,

Will those registry edits fix the 1920 error?

It should.

Also, what anti virus are you using?

Thanks Toasty. I'm using Symantec, which I've had issues with so that's why I uninstalled it. I'll be happy to get a better AV program once I untangle this knot I've got myself into.

[FRA.E.Kehakoul_XC]

A few years back i had this problem too,
i got rid of it by using first this online scanner,

http://support.f-secure.com/enu/home/ols.shtml

http://housecall.trendmicro.com/ and if those ones are blocked   this one

http://www.bitdefender.com/scan8/ie.html

after that i was able to reinstall Adaware and spybotsearch and destroy in secure mode.

I am currently using A2 squared, which got a resident protection shield for free , and  sig updates sometimes several a day.
it doesnt interfere with other programs and has found the most signatures and trojans from all tested scanners. Inclusive the best buyable ones.

http://www.emsisoft.com/en/software/free/

[Pestalence_XC]

Pesty,

Will those registry edits fix the 1920 error?

It should.

Also, what anti virus are you using?

Thanks Toasty. I'm using Symantec, which I've had issues with so that's why I uninstalled it. I'll be happy to get a better AV program once I untangle this knot I've got myself into.

Corb.. You can do an online AV scan from Panda.. or one from Trend Micro called Housecalls.. that should remove the brunt of the problem and allow you to get AVG installed.. then after AVG scans and starts protecting using the resident shield.. you can get Spybot on there to eradicate the registry keys to the virus, and then Ad-Aware 2008 to eradicate the latent files to the viruses..

Do all your scans OFFLINE.. disconnect the ethernet cable from the back of your rig after doing the online scan and before you use AVG to do a local system scan.. this is to help prevent the Virus from re-downloading itself to your system.

After you get the virus eraticated.. then you can use the registry restoration I showed you.

After that, please tell me what other problems you may be having with your OS.. I can either send you reg keys to restore permissions or replacement files to fix the OS.

Once you get main control of your system.. please open a command prompt, and type in "sfc.exe /scannow" ... make sure that your Win XP installation disk is in the HDD.. type that into your Command Prompt without the quote marks.

this will do a system level scan checking for invalid windows files and reinstall corrupted system files if the virus damaged them.

the first thing you have to do is get the Virus off your system and get a good AV on there that will block self propogation (viruses that reinstall themselves).

Hope that this helps.

[Age]

Consider yourself lucky as my other system windows in broken and I lost half of my admin rights to it.I got 2 trogans on my system and an older version of spybot couldn't remove them and AVG was set to do scans at 4am.I have it turned off then as result my system restore won't work and my A: and D: drive won't work either.I can't even use my recovery diskes this being an HP or possibly a rast and recovery.I can't  format as I only have recovery disks on my new system I have the full XP disk but it is licensed to my new machine not my HP.   

[Corbomite]

Corb.. In my business, I deal with this all the time.

First.. You want to DL AVG Anti-Virus, Ad-Aware 2008 and Spybot Search and Destroy.

After intalling them, Update them completely, restart, using F8 and go into safe mode on the Admin's accoune and run the scans for all 3 programs from there.. It will take quite a while.

Next to restore your administrators keys..

To restore your Taskmanager

1.Click Start

2.Click Run

3.Type REGEDIT

4.Click OK The Registry Editor will now open

5.Browse to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system

6.In the right pane, look for the value: DisableTaskMgr

7.Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

System doesn't appear under this heading, only Explorer. There is no option to DisableTaskMgr.

8.Now browse to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

9.In the right pane, look for the value: DisableTaskMgr

10.Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes.

11.Close the Registry by choosing File | Exit

12.You should now be able to access Task Manager. If not, reboot into Safe Mode and repeat the steps outlined above.

System does appear under this heading, but no option to Disable TaskMgr.

To restore Regedit if unaccessable :

Step 1: Hit the window or click start button then press "r" or simply click the run

Step 2: type gpedit.msc

Step 3: Click on Administrative Templates

Step 4: Click the System and locate the Prevent access to registry editing tools and double click on it

Step 5: Select the enabled on the optionbutton the click apply.

Step 6: After clicking on apply select the disabled in the option button then click the apply again then click ok button when finished.

I see no option to Prevent Access To Registry Editing Tools under the System heading.

[Pestalence_XC]

OK.. If you have your XP disk.. put it in drive.. close out auto play

Open a command prompt

type in

sfc.exe /scannow

click OK

let the system scan.. it is possible that taskmgr got over written.. this should help fix it.

[Dash Jones]

It sure sounds like the virus/trojan we got.  It's taken the admin rights.  As I said, the only way we figured out how to kill it for good was a complete reformat.  It's a genius piece of writing...even if it's evil, in that the code is code, inside of code, inside of code.  It at first merely redirects, but when one starts to fight that, it has a trigger which causes another attack, which also has a trigger which eventually hacks the admin accessibility...and then, depending on what you try...can lock you out further.

Genius little code...very malicious, very evil.  if you DO find a workaround, be sure to tell us.

Finally, this is a KNOWN trojan...and there should be a great deal of info on how to deal with it at Symantec and McAfee, they may also have a call in and support line to talk you through some of it as well.

[Corbomite]

OK now we're getting into scary territory for me! 

OK.. If you have your XP disk.. put it in drive.. close out auto play

How do I close out Auto Play?

Open a command prompt

Would that be under the Start/Run option or do I do that some other way?



There isn't anything important on this machine and all the files I want to restore are backed up on a separate drive so I'm perfectly willing to reload Windows. I just don't know when I'll have half a day to do it!