My other computer has a virus/malware/spyware. It will not run an Norton scan, even in safe mode. I cannot connect to the internet. After some surfing around I thought the Norton Bootable Recovery Tool might be the answer. It is an older computer (Dell Inspiron 9200) and the CD/DVD reader does not work so I downloaded the Recovery tool onto an USB drive. I get as far as "start scan" and then get a runtime error program E:\sources\symantec_NBRT\nrt.exe and nbrt.exe application error, software exemption (0x40000015) occured in the application at location 0x73dfbea4. Is there any way to fix this?
I saw a similar issue on a Symantec forum and the solution was to open the command prompt and fix the root. Is this route something that might fix my problem?
Can you please make sure that the NBRT USB created works properly in another clean machine? If not, please re-create the tool on an USB on a clean machine and try to remediate the threats on the infected machine.
If you have done the above or you still get the error, please try the following steps.
1. Download the attached NBRTLog.dat.txt file.
2. Rename it to "NBRTLog.dat" without the quotes 3. Copy the NBRTLog.dat file into the NBRT USB media under %USB_DRIVE%:\SOURCES\SYMANTEC_NBRT\NBRTLog.dat file. (Please confirm the overwrite when asked to replace) 4. Boot this USB media and try to replicate the issue. 5. Once done, reboot the machine in normal mode and collect the .etl logs from C:\NBRT\ folder and send it across to us for further analysis.
Thanks for your response. I did run the NBRT USB on a clean machine and it worked fine. Forgive me....I am admitted computer dummy and am trying to follow the steps for the next part and am running into problems. I downloaded the text file and renamed it no problem. Step 3 has me stuck. I can put a copy of th txt file on the USB media. Am I supposed to rename it to %USB_DRIVE%:\SOURCES\SYMANTEC_NBRT\NBRTLog.dat or am I supposed to file it under %USB_DRIVE%:\SOURCES\SYMANTEC_NBRT\NBRTLog.dat ? It won't let me use "\" symbols to rename something.
Please copy the NBRTLog.dat (The outcome of step 2 mentioned in my previous post) file to the SYMANTEC_NBRT folder in the USB drive. The SYMANTEC_NBRT folder exists within the SOURCES folder of your USB drive.
Please perform the mentioned steps on a clean computer. After performing them, go ahead and follow steps 4 and 5 as mentioned in my previous post.
Kindly attach the etl file so that we can help you further with the issue. I believe the forums allows attachments of txt, jpeg and lue files. So kindly rename your etl file to a txt file, we will rename it back to etl at our end.
Can you please describe in detail the steps that you executed?
Were you able to overwrite the NBRTLog.dat file into the directory that I had specified?
Also, can you please let us know what happens when you boot the infected machine with the USB? How far do you get? Are you able to read the EULA and enter the product key? Were you able to observe the screen where from Norton Advanced Recovery Scan and Norton Power Eraser Recovery Scan options are available?
If you choose Norton Advanced Recovery Scan, were you able to see the 'Start Scan' button? What happened after you clicked it?
Were you able to launch the Norton Power Eraser Recovery Scan option?
What is the version of Norton Bootable Recovery Tool that you are using?
Please do not get overwhelmed by the questions above. The questions are to get more insight into your problem.
After having replaced the NBRTLog.dat file properly, you should be getting a NBRT_Logfile.etl in C:\NBRT folder. Once you get it, please send it to us.
I right clicked on the NBRTLog.dat txt file and selected "save as". The file downloaded, but I didn't have to rename it because it came up exactly as "NBRTLog.dat". It automatically classified it as a text document.
Sorry about that...of course after extensive typing and answering all your questions I posted and it only got the first couple of sentences
I right clicked on the NBRTLog.dat txt file and selected "save as". The file downloaded, but I didn't have to rename it because it came up exactly as "NBRTLog.dat". It automatically classified it as a text document.
I right click to copy the NBRTLog.dat file and placed on the USB under Symantec_NBRT under sources. It did as me if i wanted to replace the existing file and I said yes.
To get the infected computer to run the USB NBRT I press F12 at startup to bring up the BIOS menu and select USD. NBRT seems to load just fine and am able to enter my PIN. The next screen shows 2 options, 1 being Norton Eraser which is very faint and will not let me click on it and the other is NBRT. I click on NBRT and then click on start scan. The scan never starts and 2 messages pop up. The first is a runtime error stating Program E:\Sources\Symantec_NBRT\nbrt.exe This application has requested the runtime to terminate in an unusual way. Please contact the application's support team for more infomation. I click OK to acknowledge this and the 2nd message pops up. It reads nbrt.exe application error The exception unknown software exception(0x40000015) occurred inthe application at location 0x73cfbea4 click OK to terminate the program. I click OK to acknowledge the message.
After all this my only option is to exit and then windows xp starts up. I shut down the computer and let is start up normally. Once up amd running I went to the start menu of the infected computer click on "my computer" , then click on "local disk (c:), then try to open the NBRT file. (It does not reflect there are any KB in it) This brings up a VirusDef file. I click on it an it brings up a newdefs-trigger file. I click on that and nothing happens, it's empty.
Meanwhile all these messages are popping up. ASPDaemon.exe has encounter a problem and needs to close we are sorry for the inconvenience. iTunesHelper has encountered a problem and needs to close we are sorry for inconvenience. Runtime error! Program C:\Program... This application has requested the runtime to terminate in an unusual way please contact the applications support team for more information. Symantec service framework has encountered a problem and needs to close we are sorry for the incovenience
How do I know what version of NBRT I am using? Where would I find this info?
Let me first thank you for the detailed explanation.
I want to clarify one thing. The NBRTLog.dat file is a file of dat format with name (without the file extension) NBRTLog, whereas NBRTLog.dat.txt is a text file with name (without the file extension) NBRTLog.dat . So, your computer should classify it as a dat file instead of a text file. [Please don't mind the program with which the dat file is associated with.]
Anyways I have now attached a file "NBRTLog.txt". Please download this and rename it to "NBRTLog.dat". While changing a file extension, windows will pop-up a warning alert as shown below; Please click 'Yes'.
This NBRTLog.dat file is to be copied into the Symantec_NBRT folder under the Sources folder in the USB drive. After you have copied, please go to the infected machine and boot into NBRT. Please click on 'Start Scan' and proceed as you have done previously. Post reboot please go to C:\NBRT folder and send us the .etl file in there.
Let me first say WOO-HOO!!!!! Finally I got it to work. Thanks for your patience and continued effort. Attached is the etl. file., renamed to txt file.
Thank you for the logs; the logs were helpful in letting us know what the problem is. We've sent you a private message requesting for some information to zero in on the issue. Kindly respond to that.