Immediately after installing the Seagate software for my new external hard-drive (500 GB Seagate FreeAgent HD, USB), the Norton icon disappeared from the taskbar (I'm running NIS 2009, no other real-time security stuff). This freaked me out, thinking that some malware had just been installed that had disabled Norton,  so I immediately shut off the PC. I left it off for a few minutes, while contemplating my options.

Then I started up in Safe Mode and did a SuperAntiSpyware full-scan, then when that was done I did a Norton full scan. Neither scan turned up anything at all (that's normal, in my case).

So I shut down again, and booted up again to my regular account (which still *temporarily* had admin privileges because I'd been installing software, which requires admin privileges) and the Norton icon had reinvented itself and it was showing up in the taskbar like it's supposed to.

(Yes, I always have the taskbar "Properties" set to "Always show" Norton Internet Security, and I checked to see if it was still set that way - it was.)

But I was still concerned about what happened during the brief interval that Norton was disabled - with Norton apparently shut off like that, malware could have done anything it wanted - right? Wouldn't it only take a few seconds for some malware files to be dropped onto my machine?

I figured since whatever happened had already happened ("horse was already out of the barn"), I might as well play with it for a bit anyway. So I messed around with the Seagate software some more (the legit stuff that the installer had intalled), I decided that it wasn't necessary for my purposes anyway (the HD works fine without it, and I wasn't impressed with the Seagate backup/sync utilities), so I uninstalled just the Seagate *software* using the normal Windows "Add or Remove Programs".

The hard-drive itself is still attached and working fine, although by this time I decided to back up the whole Seagate installer into an .iso file and make a CD-R backup of it (in case I ever wanted to try reinstalling the software at some point in the future), then I formatted the new HD which is my usual procedure when adding new drives.

The Seagate software that I ran, was pre-installed on the HD itself, at the factory (I ran the installer from the new HD, before backing it up and formatting it).

I do have Autorun turned off in gpedit.msc, and all MS patches are current, so presumably that should have prevented any automatic infections from occurring if the software had some malware in it, right?

Also, before I manually ran the installer from the Seagate drive, I used NIS 2009 and SuperAntiSpyware to scan all the software on the entire new external HD... nothing found... but I was thinking I'd read elsewhere that Norton doesn't detect things in compressed files (presumably installer stuff is compressed??), so I don't know if that was a useful step or not.

So my question is:
Should I be worried that the installer disabled Norton, like it did? Frankly I'm just about ready to ditch Windows entirely (again) for online stuff and go back to surfing with Live CDs (I'd like to see malware try to write to those read-only disks {evil grin}), as this constant threat of malware is starting to wear on my nerves. The fact that Norton evidently got disabled by merely installing some supposedly-reputable software, isn't helping my confidence level very much.

I was curious to see if this was repeatable - so I reinstalled the Seagate software, to see if would shut off Norton again, but that time it didn't - of course you know what I'm thinking there, that if there was some sort of malware it would have been already activated by the first (previous) install, thus it would have no further need to shut off Norton again.

I suppose the only way to find out for sure, would be to wipe Windows and reinstall Windows and NIS and everything else, then see if it would occur again when installing the Seagate software on a fresh system, but I've already done too much reformatting/reinstalling this year so I'm not going to do that again right now.

Just because subsequent scans don't turn up anything, doesn't really mean much because what if it's one of those new undetected  zero-day things or something? Malware is getting pretty smart these days, and I'm beginning to lose faith that the a/v people are able to keep up with it 100% - even the big names in the industry. I could be running an infected PC right now and not even know it, none of the usual tools able to detect it? (On the bright side, at least I don't do any online banking... I suppose things could be worse.)

So back to my original question:
Am I right to be worried that the Norton icon disappeared from the taskbar immediately after installing some new software? If I had it to do over again, I'd poke around in services.msc or something, see what was running and what wasn't, but as I said, at the time I panicked and immediately shut off the PC, and Norton seems okay now... but I worry about what happened during the interval when Norton was evidently disabled, and more importantly, WHY and HOW that Norton allowed itself to be disabled.

If anyone has any soothing words to keep me from fretting about this, I'd love to hear them. Thanks.

---

NIS 2009, v. 16.2.0.7 (it hasn't updated itself yet to the new version)

XP Pro SP3, 2 GB RAM

Not much in the way of 3rd-party stuff aside from the basics.

Firefox 3.0.7 with NoScript

No Flash, no PDFs

Safe surfing habits (I never visit any weird/questionable websites).

No music/movie stuff (no downloads, no viewing - none whatsoever).

No filesharing, no warez, no cracks

Since your scans came up clean, I would drop the worry level several notches.  If it ever happens again, check to see if the ccSvcHst service is still active in the system; you are protected as long as the service is running.  Check the Event logs and see if anything shows up there about the service shutting down.  Just as a side note, I have seen UPnP (in Windows) do some weird thinks with the Task Bar icons.  Icons catch the attention but services / programs being active is the real concern.  Good luck.

J2000:

Whenever you have computers, and add software plus peripherals to the mix, you are going to have the occasional conflict.  Over time, you will be able to look at a situation, know what caused the conflict, do exactly what you did and solve the problem.  Computers are for fun and frivolity as well as entertainment, education, and production.  You don't want to become so paranoid that you cease to enjoy the thing.  

Just when you think you have everything just the way you want it, software changes, drivers change, Windows updates, and there you are, fixing it again. 

When Norton is affected, rather than shutting the system down, you could just pull the cable to the router while you figure out what to do about the situation. 

---

dbrisendine wrote:
Since your scans came up clean, I would drop the worry level several notches.  If it ever happens again, check to see if the ccSvcHst service is still active in the system; you are protected as long as the service is running.  Check the Event logs and see if anything shows up there about the service shutting down.  Just as a side note, I have seen UPnP (in Windows) do some weird thinks with the Task Bar icons.  Icons catch the attention but services / programs being active is the real concern.  Good luck.

---

Thanks for your reply - I will do as you suggested.

Your suggestion to check the Event logs is particularly useful in calming me down right now - I'm looking at the Event Viewer right now - it's showing a wealth of information including the precise moment when I first installed the Seagate software, and I don't see anything in there that indicates that Norton shut down, nothing else in there that looks suspicious either, so I guess that's good.

I'm going to go with what you indicated about possible icon malfunction, rather than something more severe.

So, thanks again - I really appreciate your reply - my worry level is now pretty much back to more normal (acceptable) levels.

(And I probably owe Norton an apology for my possibly jumping to conclusions and doubting NIS's capabilities)

---

delphinium wrote:

 

Whenever you have computers, and add software plus peripherals to the mix, you are going to have the occasional conflict.  Over time, you will be able to look at a situation, know what caused the conflict, do exactly what you did and solve the problem.  Computers are for fun and frivolity as well as entertainment, education, and production.  You don't want to become so paranoid that you cease to enjoy the thing.  

---

 That's true.

---

delphinium wrote:
Just when you think you have everything just the way you want it, software changes, drivers change, Windows updates, and there you are, fixing it again.

---

LOL yeah, but I don't mind it too much, as long as it's (a) not security-related, and (b) not constant/everyday - keeps things interesting. 

---

delphinium wrote:
When Norton is affected, rather than shutting the system down, you could just pull the cable to the router while you figure out what to do about the situation. 

---

That's good advice.

My little modem has a "standby" button on it, which disconnects the computer from the internet, and I use that whenever I'm not actually doing something online. Whenever I install new software, the computer's always offline.

That’s a really good idea.  The ability to hit a switch in the middle of a malicious download is much better than improperly shutting down.

---

j2000 wrote:

Immediately after installing the Seagate software for my new external hard-drive (500 GB Seagate FreeAgent HD, USB), the Norton icon disappeared from the taskbar (I'm running NIS 2009, no other real-time security stuff).

 

[ ... ] 

 

So I messed around with the Seagate software some more (the legit stuff that the installer had intalled), I decided that it wasn't necessary for my purposes anyway (the HD works fine without it, and I wasn't impressed with the Seagate backup/sync utilities), so I uninstalled just the Seagate *software* using the normal Windows "Add or Remove Programs".

The hard-drive itself is still attached and working fine, although by this time I decided to back up the whole Seagate installer into an .iso file and make a CD-R backup of it (in case I ever wanted to try reinstalling the software at some point in the future), then I formatted the new HD which is my usual procedure when adding new drives.

The Seagate software that I ran, was pre-installed on the HD itself, at the factory (I ran the installer from the new HD, before backing it up and formatting it).

 

[ ... ]

Also, before I manually ran the installer from the Seagate drive, I used NIS 2009 and SuperAntiSpyware to scan all the software on the entire new external HD... nothing found... but I was thinking I'd read elsewhere that Norton doesn't detect things in compressed files (presumably installer stuff is compressed??), so I don't know if that was a useful step or not.

[ ... ]

I was curious to see if this was repeatable - so I reinstalled the Seagate software, to see if would shut off Norton again, but that time it didn't - of course you know what I'm thinking there, that if there was some sort of malware it would have been already activated by the first (previous) install, thus it would have no further need to shut off Norton again.

---

I do support also over on Compuserve on PCHardware and on Windows -- and I have a Seagate and 2 Maxtor internal drives in my desktop (Seageate own Maxtor now) -- so I'm interested in what this software is/was <s> I don't remember anything coming pre-installed on any of my drives although now that I think about it I bought OEM versions of all of them so they come bare.

However I have downloaded some Seagate/Maxtor software and used that since one is a dedicated version of Acronis True Image backup software -- fixed only to work on these drives. If that's what it was then keep it unless you already have imaging software.

---

huwyngr wrote:
I do support also over on Compuserve on PCHardware and on Windows -- and I have a Seagate and 2 Maxtor internal drives in my desktop (Seageate own Maxtor now) -- so I'm interested in what this software is/was <s> I don't remember anything coming pre-installed on any of my drives although now that I think about it I bought OEM versions of all of them so they come bare.

---

Sorry it took me so long to answer your question. In order to answer it adequately,  I needed to get some screenshots, which meant reinstalling  the software again, which I procrastinated doing for a while, but I finally got around to it. It's now uninstalled again, hopefully this time permanently ;) but anyway here's a little bit of info about it.

The software that was pre-installed on the hard-drive is called "Seagate Manager", and it's version 2.1.14.0. Here's a screenshot of the main window, scaled down a little to fit on the forum better:

Doing a "Properties" on the app's "stxmanager.exe" show that its digital signature was on July 30, 2008.

After I posted here earlier, later I found on Google that some earlier Seagate HDs actually did ship with a pre-installed virus! (PC World article)   I hadn't even known about that, or I really would have been worried more than I already was! However in my case the time-frame and country of distribution don't match my HD (same company but wrong year, wrong country, wrong model), so unless there were other instances that no one's heard about (unlikely), what I experienced was probably unrelated to Seagate's earlier unfortunate malware problem. (If I'd known they'd EVER had any such security lapses in their company or subcontractors, I never would have bought that brand of HD... "if it could happen once...")

One of the probably-trivial things that annoyed me about the Seagate software, was that every time it ran, it would re-create an "autorun.inf" file and a "FreeAgentDesktopNext.ico" file at the root of the HD. I'd delete those two files, and they'd reappear later. They were probably harmless, but I didn't like it doing that for no good reason. If I delete an unnecessary file, I expect it to stay deleted, not keep being recreated all the time. The two perpetually-recreated files are the highlighted ones in the following picture:

I don't know how to interpret autorun.inf files, but this one might (?) be related to the Seagate icon, assuming that's what the .ico file is? After all the Downadup ruckus about autorun stuff, I'm naturally suspicious of it. I don't know what the first line does though - here it is opened in Notepad:

Although why in the heck a Windows machine needs special drive icons when Windows doesn't display icons on the desktop anyway (like some other OS's do), is something I don't understand. Even with those two files in place, the Seagate HD icon looked just exactly like all my other drive icons, so I don't know what the icon's purpose was. If it's actually an icon, that is (I don't know how to determine such things). I should have made a copy of those two files but at the time it seemed like screenshots were sufficient; now I'm not so sure.

Also, apart from any security issues, the Seagate Manager backup/sync functions were pretty lame. For one thing, you couldn't set the sync preferences or even tell it to "Sync Now" (see pic below) unless you were logged in as an administrator    (at least on XP, when backing up a folder on one of the main HD's partitions, to the Seagate HD), and what security-conscious person runs as an admin all the time? I certainly don't.
It's a shame too, because the software had potential to be useful, like the would-have-been-convenient little taskbar-menu with its "Sync Now" feature which, sadly, again only works for administrators:

I finally figured out that by playing with various permissions I could get the Seagate software to do only the real-time sync (not what I wanted; I wanted manual sync) if I'd set the settings while logged in as an admininistrator, but I did not want the real-time sync - I just wanted to be able to sync two folders manually, when it's appropriate (like once or twice a day or after making important changes to files), because that way I get a little bit of extra protection there in case I've screwed up one of my files, it won't instantly be copied into the sync folder like the Seagate software did. But with Seagate Manager I could not run manual syncs while running under a Limited user-account. Really stupid for Seagate to design it like that because it just gives users yet another reason to run as admin all the time, which is a bad idea from a security standpoint. Anyway enough about that aspect of it.

Oh, the other weird thing about the Seagate software, is that the backups never matched anyway - number of files/folders were always a lot different (off by HUNDREDS of files!!), so I didn't trust it anyway - like, where were all the rest of my folders etc?!? No, I don't use very long file-names either, so it wasn't the 200-whatever character path-name thingie I've heard about elsewhere. And it was only about 4 gigs worth of stuff I was trying to sync, and all of it had the same permissions.

I found something better, though   - I'm currently playing with the Microsoft SyncToy which - so far anyway - seems like a much better sync utility, for my purposes anyway. At least Microsoft's SyncToy works even when I'm using my normal non-administrator account (with proper permissions on the relevant folders, of course), and it seems to have a lot more options. 

---

huwyngr wrote:

However I have downloaded some Seagate/Maxtor software and used that since one is a dedicated version of Acronis True Image backup software -- fixed only to work on these drives. If that's what it was then keep it unless you already have imaging software.

---

I have no experience with Acronis True Image but surely True Image must be much more advanced and useful than the stuff that shipped with my HD, hope so anyway - hmm, now I'm curious; I'll have to get a TrueImage trial download someday and see what it's like. Anyway I'm keeping my backups of the software installer, for historical purposes  even though I won't be using it anymore. The only reason now that I would ever consider reinstalling it again, would be for HD diagnostics (hopefully if the stupid drive ever needs testing, I'd be able to use some other app instead), or to re-set the drive's timeout but I set it to a time-out value that should be acceptable for the life of the thing.

Don't worry about any delay -- I'm lucky to have found your message!

I'll do a look around on the Seagate website and see what I can learn.

If you want more about it a Google on "seagate Manager" produces a lot of references including some on the Seagate Support site like this one:

http://forums.seagate.com/stx/board/message?board.id=freeagent&thread.id=3688 

or

http://www.tomshardware.com/reviews/-external-hard-drive,2045-4.html 

I have an external Seagate FreeAgent in service now and an internal Seagate but that was OEM so comes bare.

Is there anything else you need help from me on? Not that I'm likely to be able to give it!

---

huwyngr wrote:

Don't worry about any delay -- I'm lucky to have found your message!

 

I'll do a look around on the Seagate website and see what I can learn.

 

If you want more about it a Google on "seagate Manager" produces a lot of references including some on the Seagate Support site like this one:

 

http://forums.seagate.com/stx/board/message?board.id=freeagent&thread.id=3688 

 

or

 

http://www.tomshardware.com/reviews/-external-hard-drive,2045-4.html 

 

 

I have an external Seagate FreeAgent in service now and an internal Seagate but that was OEM so comes bare.

 

Is there anything else you need help from me on?

---

Thanks for the links, and no I'm good (no further help needed) but thanks for asking! 

---

huwyngr wrote:
Not that I'm likely to be able to give it!

---

I'm learning a lot of very useful and helpful computer-related info from you and other people here too, so I appreciate your knowledge. Thanks again