IM GOING TO FUCK CRIMSONS FACE

From RenegadeWiki
(Redirected from RenGuard SVKP Issue)
Jump to: navigation, search

This shouldn't happen anymore with the current version of Renguard.



We're not sure exactly why we're seeing this so often recently. Our guess is that the most recent virus definitions file that Symantec put out for Norton's Anti-Virus doesn't like SVKP, which is a service necessary to run RenGuard...

In any case, you should first scan your computer to make sure that you do not have any viruses. When you are confident that you have no viruses, you can then tell Norton's AntiVirus to remove SVKP.sys from the Quarantine list. I will detail the instructions for that shortly, for Norton's Anti-Virus 2005. If SVKP.sys is not in your Quarantine list, then you must reinstall RenGuard (and you can probably thank Symantec for that).

To remove SVKP.sys from your Quarantine list, double-click on the Norton's Anti-Virus icon in your system tray (next to your clock). When NAV has finished loading, on the left you should see a links. I have "Status", "Scan for Viruses", "Reports", and "Advanced Tools". You should click on "Reports". Then, in the top center of the window should be an item named "View Quarantined Items". Click on that. This will bring up a new window showing exactly what files Norton's Anti-Virus has quarantined. Look for an entry with a file named "SVKP.sys" with a threat named "Hacktool.rootkit". Right click, and select "Restore".

If all goes well, then Norton's Anti-Virus should not complain about SVKP.sys anymore (unless Symantec does this again).

And again, RenGuard is not a worm, a virus, a backdoor, or any other malware. I can personally guarantee that.

If the RenGuard loader still couldn't initialize the service after removing SVKP.sys from your Quarantine list, then you will most likely need to reinstall SVKP.sys (which can be done by reinstalling RenGuard).

[edit] Am I infected?

Nobody is getting "infected". Norton has simply added SVKP to their list of antivirus definitions, most probably because some real virus or worm they found was packed with SVKP. So everyone using NAV who updates their definitions seems to be "suddenly infected". SVKP has been part of RenGuard all along, and is nothing bad.

SVKP is a protection that RenGuard uses, it basically encrypts renguard so that people cannot easily hex edit it or use debuggers on it and otherwise reverse engineer it so they can bypass it.

Sadly apparently someone used SVKP to protect some malicious program that Norton analyzed, so instead of fingerprinting that specific worm, they added svkp.sys to their blacklist...pretty silly but ah well what can we do.

Again, I say, SVKP is NOT a worm, virus, trojan, or anything bad. It is part of RenGuards protection. BHS paid money for SVKP. It is protection software, not a "hacker tool" or backdoor program.

If you remove svkp.sys, RenGuard will cease to function. The recommended way to get around this "problem" is to, as posted, remove svkp.sys from the norton quarantine list. Another option is to not use Norton, but for all we know Norton shares their virus definitions with others and svkp will show up soon for other antivirus programs.

This isn't really a big deal, the important things are that svkp.sys is not anything malicious, and all antivirus programs have a way to add programs to a "whitelist", so you don't get constant warnings.


[edit] Alternate solution

  1. Let's add SVKP.sys to three of Norton's exclusions lists.
    • Open Norton AntiVirus.
    • Click on "Options" at the top of the window
    • On the left, under "System", click on "Auto-Protect"
    • Three items will appear under "Auto-Protect", click on "Exclusions"
    • On the right, click "New"
    • Type in "C:\WINDOWS\system32\SVKP.sys"
    • Click "OK"
    • Click "OK"
    • Click "Options" again
    • On the left, click on "Manual Scan"
    • Two items will appear, click on "Exclusions"
    • On the right, click "New"
    • Type in "C:\WINDOWS\system32\SVKP.sys"
    • Click "OK"
    • Click "OK"
    • Click "Options" again (last time)
    • On the left, click on "Threat Categories"
    • Two items appear, click on "Exclusions"
    • On the right, click "New"
    • Type in "C:\WINDOWS\system32\SVKP.sys"
    • Click "OK"
    • Click "OK"
  2. Now that SVKP has been added to Norton AntiVirus's exclusion lists, we'll need to make sure that it's also not in the Quarantine list.
    • On the left (Norton AntiVirus should still be open... if not, open it again you silly!), click on "Reports"
    • In the top center, click on "View Quarantined Items"
    • Look for an item in the list with a file name of "SVKP.sys" and a threat name of "Hacktool.rootkit" (or something very similar)
    • If you find an item in the Quarantine list which matches the description, then right click it and select "Restore"
    • When you're finished (or if you did not find anything in the Quarantine list that matches the description), close the Quarantine list, and close Norton AntiVirus.
  3. Because Norton AntiVirus is a piece of shit, you will now need to reboot your machine for the exclusions to take affect. So, reboot. This tutorial will be here when you get back.
  4. Uninstall RenGuard and SVKP
    • Use RenGuard's installer -- if you do not have it, then re-download it from www.renguard.com!
    • Click Start -> Run and type in "regedit" to open Registry Edit.
    • Remove the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SVKP.
    • If you can, remove the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _SVKP. If you cannot remove this one, then don't worry about it... move on.
    • Close RegEdit
  5. Reinstall RenGuard (which will also reinstall SVKP)
  6. Lastly, you may need to reboot your machine

If you did everything correctly, RenGuard should now work. RenGuard will try to redownload CorePatch 1, even if you already have it installed... silly RenGuard can't see that the files are already from CorePatch 1. Downloading and installing CorePatch 1 again will not hurt anything. If you do not want to wait for CorePatch 1 to download, then you can disable it from RenGuard's options window. Also remember that when installing CorePatch 1, the error 17 at the end is fine.

If you've lost your copy of SVKP.SYS, you can download it here: [http://www.renegadeforums.com/index.php?t=getfile

Personal tools