I. Causes and Consequences
On the morning of May 18, Symantec's famous antivirus Norton Internet Security 2007 prompts Windows XP users to have a backdoor virus (a virus called "Hargs" that steals user passwords, records keystrokes, and opens backdoor viruses on any TCP port). The routes of transmission include mail, system vulnerabilities, and weak passwords of the system. And starts automatic cleanup, prompts for a reboot after the cleanup completes, and Windows warns that files are replaced and needs to be inserted into the original installation disk recovery file. And the computer after the restart of the blue screen, even in safe mode can not be normal access to the system.
It is understood that there are no problems with computers that have not been upgraded to Norton's latest virus library. Domestic well-known anti-virus software manufacturer rising company to Sohu it said, this incident is not due to the virus, but due to Norton error. Rising company said that any installation of Norton Anti-Virus software Windows XP users, will be a failure.
In this respect, rising security experts said that the installation of the ms06-070 patch XP system, if the Norton upgrade the latest virus library, Norton Anti-Virus software will be the system files Netapi32.dll, Lsasrv.dll isolation clearance, resulting in system crashes.
Since most foreign brands of laptops and desktops are pre-installed with Windows XP and Norton Antivirus, these users are extremely vulnerable to this "manslaughter" attack, so millions of computers in mainland China will be at risk of collapse. Because this manslaughter only occurs on the simplified Chinese version of the XP system, it has little impact on foreign users.
On the cause of the incident, rising research and development director Liu said, in recent years, some anti-virus enterprises in order to pursue the number of viruses, killing rate, new virus response time, and other individual technical indicators, and reduce the standard of product testing, this will lead to two very serious consequences, one is the rapid rise in false alarm rate, and the second is prone to major product bugs Even more serious consequences than the common virus attack.
Ii. solutions and matters for attention
For WinXP Norton users who have been paralyzed by the system
Method One:
1. Use the Windows installation CD to boot the system and press R to enter the Recovery Console at the prompt menu.
2, in the prompt press "1" and then enter, select the system that needs to be repaired, and enter the administrator password.
3, perform the following command to repair (x indicates the disc letter):
Expand x:\I386\netapi32.dl_ c:\windows\system32\ [Enter]
Expand x:\I386\netapi32.dl_ c:\windows\system32\dllcache\ [Enter]
Expand x:\I386\lsasrv.dl_ c:\windows\system32\ [Enter]
Expand x:\I386\lsasrv.dl_ c:\windows\system32\dllcache\ [Enter]
4. Restart your computer and close Norton's real-time monitoring program.
Method Two:
1, from download Netapi32.dll and Lsasrv.dll files to floppy disk (or CD-ROM, u disk)
2, use the CD (or floppy disk, U disk) to start the computer failure.
3, from the CD-ROM (or floppy disk, U disk) Copy the latest Netapi32.dll and Lsasrv.dll files to the breakdown of the computer the following two directories:
C:\Windows\System32
C:\Windows\System32\Dllcache
4, restart the computer can be.
Click to download Netapi32.dll and Lsasrv.dll files
Norton users who have not been affected by manslaughter
1, unplug the network and then turn on the computer.
2, start the computer, turn off Norton anti-virus software real-time monitoring program and then plug in the Internet network.
3. Do not upgrade Norton Virus Library and do not enable Norton Real-time monitoring program until Symantec company solves the problem.
4, the shutdown anti-virus software real-time monitoring program may cause the computer to infect other viruses, trojans and malicious programs, users can temporarily choose other anti-virus software.