Symantec false positives Microsoft System File virus events + solutions

Symantec false positives Microsoft System File virus events + solutions

The LiveUpdate update definition issued by Symantec mistakenly deletes the two system files in Microsoft Simplified Chinese Windows XP as backdoor. haxdoor, which causes the Windows system to fail to run after restart based on error detection.

Affected are Microsoft kb924270 security update Windows XP Service Pack 2 system, Microsoft Security Update kb924270. the affected files are netapi32.dll (5.1.2600.2976) and lsasrv. DLL (version 5.1.2600.2976 ). windows XP Versions in other languages or Windows XP versions without Microsoft Security Update kb924270 are not affected.

Symantec released the LiveUpdate Update definition to correct this event at, January 1, May 18, Beijing time. the updated version number is 20070517. 071. users who have not restarted windows after error detection can solve this problem by applying the update definition of LiveUpdate. users affected by restarting the system can use the Microsoft Recovery Console to restore the system to its previous state.

Symantec has taken action to provide users with updated file definitions. symantec takes the Security and functionality of the solutions it provides very seriously, and recommends that affected users take necessary measures to ensure that their systems are protected.

-----------------------------------------------------------

Kb924270

It has been confirmed that there is a security issue that attackers may exploit to compromise the security of windows and gain control over the system. You can install this Microsoft Update Program To protect your computer from attacks. After the update program is installed, you may need to restart the computer.

Supported Operating Systems: Windows XP Service Pack 2

Release date: 2006/11/13

Language: Simplified Chinese

-----------------------------------------------------------

5.17 solution to system crash caused by accidental removal of Norton (Backdoor. haxdoor)

After Norton is upgraded to version May 17, it will cause the XP system that has been patched with kb924270 to crash because Norton updated the netapi32.dll and lsasrv of kb924270. the DLL file is falsely reported as backdoor. haxdoor backdoor virus. After preliminary investigation, lsasrv. dll and netapi32.dll are normal system files.

After the file is isolated by Norton, the blue screen is displayed after the system is restarted and the message "Stop c000021a unkown hard error" is displayed.

After Norton is upgraded to version May 17, it will cause the XP system that has been patched with kb924270 to crash because Norton updated the netapi32.dll and lsasrv of kb924270. the DLL file is falsely reported as backdoor. haxdoor backdoor virus. After preliminary investigation, lsasrv. dll and netapi32.dll are normal system files.

After the file is isolated by Norton, the blue screen is displayed after the system is restarted and the message "Stop c000021a unkown hard error" is displayed.

Do not restart your computer after poisoning

Backdoor. haxdoor temporary solution

After Sav is updated to May 17

C: windowssystem32netapi32. dll and C: windowssystem32lsasrc. dll

Think of it as backdoor. haxdoor and isolate them.

After the machine is restarted, it cannot enter the system, and the security mode cannot be accessed. blue screen.

Current Emergency Measures:

From the system center --- Right-click the server --- all tasks --- Symantec AntiVirus --- virus definition manager --- click "configuration" in the upper-right corner --- after the dialog box appears, click "virus definition file" --- then select the previous Virus definition.

This prevents servers from distributing today's virus definitions.

Do not restart the computer for clients that have updated the virus definition.

Disable the Symantec AntiVirus service if netapi32.dll and lsasrc. the DLL file exists, and the modification date is not today, it indicates that it is not completely isolated (it should be partial); restore the two files from the isolation area, or copy the two files from the normal computer to C: windowssystem32.

Delete the folder 20070517 under C: Program filescommon filessymantec sharedvirusdefs.

Symantec is urgently developing an updated virus definition. After the new virus definition is available, update it to the latest version.

Solution:

2. A virus has been reported, but the machine has restarted and cannot enter the system (XP SP2). The following solutions are available:

1> connect to the optical drive, plug in the Windows installation disc, and choose to start from CDROM

2> select recover from the console and press "R ".

3> if your drive letter is "F:", run the following command:

Copy F: iw.netapi32. DL _ c: windowssystem32netapi32. dll

And

Copy F: i386lsasrv. DL _ c: windowssystem32lsasrv. dll

If you are prompted to overwrite the original file, select "yes ".

4> restart the machine and start from the hard disk to enter the system.