Symantec false report Microsoft System File Virus Event + solution _ Common Tools

Source: Internet
Author: User
Tags pack
Symantec mistakenly reported Microsoft System file virus event + solution
Symantec's LiveUpdate update definition incorrectly deletes 2 system files from Microsoft Simplified Chinese Windows XP as Backdoor.haxdoor, causing the Windows system to fail to run after a reboot based on error detection.
The impact is the Microsoft Simplified Chinese Windows XP Service Pack 2 system, which has been applied to Microsoft KB924270 security update, with Microsoft Security update KB924270. The affected file is Netapi32.dll (5.1.2600.2976 version) and Lsasrv.dll (5.1.2600.2976 version). Other language versions of Windows XP or Windows XP that did not apply Microsoft Security update KB924270 are unaffected.
Symantec issued the LiveUpdate update definition to correct this event 2:30 Beijing time May 18. These updates are defined with a version number of 20070517.071. Users who do not restart the Windows system after error detection can resolve this issue by applying the LiveUpdate update definition. Users who are affected by restarting the system can restore their systems to their previous state by using the Microsoft Recovery Console.
Symantec has taken action to provide users with updated file definitions. Symantec is very serious about the security and functionality of the solutions it offers, and recommends that affected users take the necessary steps to ensure that their systems are protected.
-----------------------------------------------------------
KB924270
A security issue has been identified that could allow an attacker to compromise the security of the Windows system and gain control over the system. You can protect your computer from violations by installing this Microsoft update. After you install this update, you may need to restart your computer.
Supported operating systems: Windows XP Service Pack 2
Release Date: 2006/11/13
Language: Simplified Chinese
-----------------------------------------------------------
5.17 Norton (Backdoor.haxdoor) manslaughter causes system crash solution
Norton upgrade to the May 17 version, will lead to the KB924270 patch of the XP system crashes, the reason is that Norton KB924270 updated Netapi32.dll and Lsasrv.dll files mistakenly reported as Backdoor.haxdoor backdoor virus. After initial investigation, Lsasrv.dll and Netapi32.dll are normal system files.
After Norton quarantine, the system reboots causing a blue screen and prompts: STOP c000021a unkown hard error.
Norton upgrade to the May 17 version, will lead to the KB924270 patch of the XP system crashes, the reason is that Norton KB924270 updated Netapi32.dll and Lsasrv.dll files mistakenly reported as Backdoor.haxdoor backdoor virus. After initial investigation, Lsasrv.dll and Netapi32.dll are normal system files.
After Norton quarantine, the system reboots causing a blue screen and prompts: STOP c000021a unkown hard error.
Please don't reboot the computer after poisoning
Backdoor.haxdoor Temporary Solution
SAV Update to May 17 after the virus is determined, will
C:windowssystem32netapi32.dll and C:windowssystem32lsasrc.dll
Think it's backdoor.haxdoor, and isolate them.
Will cause the machine can not enter the system after the restart, Safe mode can not enter the blue screen.
The current emergency response:
From the System Center---Right-click the server---All Tasks---Symantec antivirus---virus definition Manager---Click "Configuration" in the upper-right corner----The click "Virus definition File"---and then select the previous virus definition.
Make the server do not release today's virus definition.
Do not restart your computer for clients that have updated the definition of the virus.
Turn off Symantec Antivirus service, if Netapi32.dll and Lsasrc.dll files exist, and the modification date is not today, the description is not completely isolated (should be part); Recover these two files from the quarantine, Or copy these two files from the computer with no problem to c:windowssystem32.
Then put the C:Program FilesCommon Filessymantec sharedvirusdefs under the 20070517 folder deleted.
Symantec is urgently developing the updated virus definition, and after the new virus definition, please update to the latest.
Workaround that has failed to start:
2. The virus has been reported, but the machine has been restarted and unable to enter the system (XP SP2), there are the following solutions:
1>, insert such as Windows installation CD-ROM, and select start from CDROM
2> Select Restore from console, press "R" key
3> assume that your CD drive letter is "F:" and typing the following command
Copy F:i386netapi32.dl_ C:windowssystem32netapi32.dll
And
Copy F:i386lsasrv.dl_ C:windowssystem32lsasrv.dll
If you are prompted to overwrite the existing file, select Yes.
4> reboot the machine and boot from the hard drive to enter the system.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.