Home » Archived Forums » RenGuard Client » Renguard/Norton Problems
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
  Renguard-related virus [message #175669 is a reply to message #175500] |
Thu, 20 October 2005 20:40   |
![[NE]Shockwave[HS] is currently offline](/theme/Renegade_Forums/images/offline.png "[NE]Shockwave[HS] is currently offline")
[NE]Shockwave[HS]
Messages: 18
Registered: May 2005
Karma: 0
|
Recruit |
|
|
Ok, I've been playing Renegade for quite a while using Renguard without any major incidents....until now. I'm just going to load up GSA and find a server like usual, except I get an error message along with my Norton Internet Security that I have a virus on my system. I've attached the picture of the error message to this. Now I thought at first that this might be affecting everything. But when I tried to access other programs like Internet Explorer, other games i play online, or just even other crap, NOTHING happens. This only occurs when I try to access the Renguard network. Also, I attached a picture of what Norton says this virus is supposed to do.
What it's supposed to do throws me off a little. Who would take the time to find a way to block me out of Renguard? I'm not a huge tech person, so I don't really know all of the possibilities on what could've happened. My guess (which is completely without evidence) is that someone who has played Renegade with me before doesn't like me...and just decided to send me a present to be an asshole. Like I said, I don't know. Hopefully you guys may know something I don't. Anything at all will be helpful. I will exhaust every possible option before I'm forced to do a system restore. If there's some way you can track something through the Renguard network like this, you guys would be the ones to ask.
-
Attachment: desktop1.jpg
(Size: 51.10KB, Downloaded 348 times)
-
Attachment: desktop2.jpg
(Size: 49.21KB, Downloaded 334 times)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Renguard/Norton Problems [message #175867 is a reply to message #175500] |
Sat, 22 October 2005 06:26 |
 |
Blazer
Messages: 3322
Registered: February 2003
Location: Phoenix, AZ
Karma: 0
|
General (3 Stars)
Administrator/General |
|
|
Nobody is getting "infected". Norton has simply added SVKP to their list of antivirus definitions, most probably because some real virus or worm they found was packed with SVKP. So everyone using NAV who updates their definitions seems to be "suddenly infected". SVKP has been part of RenGuard all along, and is nothing bad.
SVKP is a protection that RenGuard uses, it basically encrypts renguard so that people cannot easily hex edit it or use debuggers on it and otherwise reverse engineer it so they can bypass it.
Sadly apparently someone used SVKP to protect some malicious program that Norton analyzed, so instead of fingerprinting that specific worm, they added svkp.sys to their blacklist...pretty silly but ah well what can we do.
Again, I say, SVKP is NOT a worm, virus, trojan, or anything bad. It is part of RenGuards protection. BHS paid money for SVKP. It is protection software, not a "hacker tool" or backdoor program.
If you remove svkp.sys, RenGuard will cease to function. The recommended way to get around this "problem" is to, as posted, remove svkp.sys from the norton quarantine list. Another option is to not use Norton, but for all we know Norton shares their virus definitions with others and svkp will show up soon for other antivirus programs.
This isn't really a big deal, the important things are that svkp.sys is not anything malicious, and all antivirus programs have a way to add programs to a "whitelist", so you don't get constant warnings.
[Updated on: Sat, 22 October 2005 06:28] Report message to a moderator |
|
|
|
|
|
|
|
| Re: Renguard/Norton Problems [message #175893 is a reply to message #175500] |
Sat, 22 October 2005 09:54 |
Kanezor
Messages: 855
Registered: February 2005
Location: Sugar Land, TX, USA
Karma: 0
|
Colonel |
|
|
Alright: Norton AntiVirus just complained about SVKP.sys for a second time on my machine (eg, after I had solved the problem locally), so it seems like this isn't going to go away easily. First up:
Go complain about this problem to Symantec. They caused the problem.
https://secure1.symantec.com/discuss/support/feedback2.nsf/p roduct+feedback
Now that that's said, let's get RenGuard working again. That is, working until Norton AntiVirus decides to fuck it up again. My instructions will be very specific, so if you fuck up, it's your fault. Also, these instructions will require two reboots.
1) Let's add SVKP.sys to Norton two exclusions lists.
1a) Open Norton AntiVirus.
1b) Click on "Options" at the top of the window
1c) On the left, under "System", click on "Manual Scan"
1d) Two items will appear under "Manual Scan", click on "Exclusions"
1e) On the right, click "New"
1f) Type in "C:\WINDOWS\system32\SVKP.sys"
1g) Click "OK"
1h) Click "OK"
1i) Click "Options" again
1j) On the left, click on "Threat Categories"
1k) Two items appear, click on "Exclusions"
1l) On the right, click "New"
1m) Type in "C:\WINDOWS\system32\SVKP.sys"
1n) Click "OK"
1o) Click "OK"
2) Now that SVKP has been added to Norton AntiVirus's exclusion lists, we'll need to make sure that it's also not in the Quarantine list.
2a) On the left (Norton AntiVirus should still be open... if not, open it again you silly!), click on "Reports"
2b) In the top center, click on "View Quarantined Items"
2c) Look for an item in the list with a file name of "SVKP.sys" and a threat name of "Hacktool.rootkit" (or something very similar)
2d) If you find an item in the Quarantine list which matches the description, then right click it and select "Restore"
2e) When you're finished (or if you did not find anything in the Quarantine list that matches the description), close the Quarantine list, and close Norton AntiVirus.
3) Because Norton AntiVirus is a piece of shit, you will now need to reboot your machine for the exclusions to take affect. So, reboot. This tutorial will be here when you get back.
---
4) Uninstall RenGuard and SVKP
4a) Use RenGuard's installer -- if you do not have it, then re-download it from www.renguard.com!
4b) Click Start -> Run and type in "regedit" to open Registry Edit.
4c) Remove the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SVKP.
4d) Remove the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _SVKP.
4e) Close RegEdit
5) Reinstall RenGuard (which will also reinstall SVKP)
6) Reboot your machine
If you did everything correctly, RenGuard should now work. CorePatch 1 will be redownloaded, even if you already have it installed... silly RenGuard can't see that the files are already from CorePatch 1. Downloading and installing CorePatch 1 again will not hurt anything. If you do not want to wait for CorePatch 1 to download, then you can disable it from RenGuard's options window.
Also remember than when installing CorePatch 1, the error 17 at the end is fine.
---
[Updated on: Sat, 22 October 2005 09:59] Report message to a moderator |
|
|
|
Goto Forum:
Current Time: Mon Mar 10 05:09:16 MST 2025
Total time taken to generate the page: 0.01281 seconds
|
Search
Help
Members
Register
Login
Home
lol)
