Symantec falsely reported Microsoft system file virus incident + solution
The LiveUpdate update definition issued by Symantec incorrectly deleted the two system files in Microsoft's Simplified Chinese Windows XP, causing the Windows system to fail to run after restarting according to error detection.
The affected are the Microsoft Simplified Chinese Windows XP Service Pack 2 system that has applied the Microsoft KB924270 security update, and the Microsoft security update KB924270 is applied. The affected files are (5.1.2600.2976 version) and (5.1.2600.2976 version). No Windows XP in other languages or Windows XP that does not apply the Microsoft security update KB924270 security update was affected.
Symantec released the LiveUpdate update definition to correct this event at 2:30 pm Beijing time on May 18. The version number of these update definitions is 20070517.071. Users who did not restart the Windows system after error detection can solve this problem by applying the LiveUpdate update definition. Users affected by restarting the system can restore their system to their previous state by using the Microsoft recovery console.
Symantec has taken action to provide users with updated file definitions. Symantec takes the security and functionality of the solutions it provides very seriously and recommends affected users to take the necessary measures to ensure their systems are protected.
-----------------------------------------------------------
KB924270
There is now a security issue that an attacker may use to endanger the security of the Windows system and gain control over the system. You can protect your computer from infringement by installing this Microsoft update program. After you install this update, you may need to restart your computer.
Supported operating systems: Windows XP Service Pack 2
Release date: 2006/11/13
Language: Simplified Chinese
-----------------------------------------------------------
5.17 Solutions to the system crash caused by Norton()'s manslaughter
After Norton upgrades to the May 17 version, it will cause the XP system that has been patched with KB924270 to crash. The reason is that Norton falsely reported the updated and files of KB924270 as backdoor viruses. After preliminary investigation, it is normal system files.
After the file was isolated in Norton, the system restart caused a blue screen and prompted: STOP c000021a Unkown hard error.
After Norton upgrades to the May 17 version, it will cause the XP system that has been patched with KB924270 to crash. The reason is that Norton falsely reported the updated and files of KB924270 as backdoor viruses. After preliminary investigation, it is normal system files.
After the file was isolated in Norton, the system restart caused a blue screen and prompted: STOP c000021a Unkown hard error.
Please do not restart the computer after being poisoned
Temporary solution
After the SAV is updated to May 17th, it will be
C: and C:
Think yes, and isolate them.
It will cause the machine to be unable to enter the system after restarting, and the safe mode will not be able to enter, and the blue screen will be available.
Current emergency countermeasures:
From the system center--right-click the server--all tasks---Symantec antivirus---Virus Definition Manager---Click "Configuration" in the upper right corner-----The dialog box appears and click "Virus Definition File"--- and then select the previous virus definition.
Make sure the server does not issue today's virus definition.
For clients that have updated their virus definitions, never restart the computer.
Turn off the symantec antivirus service. If the file exists and the modification date is not today, it means that it has not been completely isolated (it should be part); restore these two files from the quarantine area, or copy these two files from the computer without any problem to C:windowssystem32.
Then delete the 20070517 folder under C:program filescommon filesymantec sharedvirusdefs.
Symantec is speeding up the development of updated virus definitions. After the new virus is defined, please update to the latest immediately.
Solutions that can no longer be started:
2. A virus has been reported, but the machine has been restarted and cannot enter the system (XP SP2). There are the following solutions:
1> Connect the optical drive, plug in the WINDOWS installation CD, and select boot from CDROM
2> Select Recover from the console and press the "R" key
3> Suppose your optical drive letter is "F:", type in the following command
copy f:I386netapi32.dl_ c:
and
copy f:I386lsasrv.dl_ c:
If you encounter a prompt to overwrite the original file, select "Yes".
4> Restart the machine, start from the hard disk, and enter the system.
The LiveUpdate update definition issued by Symantec incorrectly deleted the two system files in Microsoft's Simplified Chinese Windows XP, causing the Windows system to fail to run after restarting according to error detection.
The affected are the Microsoft Simplified Chinese Windows XP Service Pack 2 system that has applied the Microsoft KB924270 security update, and the Microsoft security update KB924270 is applied. The affected files are (5.1.2600.2976 version) and (5.1.2600.2976 version). No Windows XP in other languages or Windows XP that does not apply the Microsoft security update KB924270 security update was affected.
Symantec released the LiveUpdate update definition to correct this event at 2:30 pm Beijing time on May 18. The version number of these update definitions is 20070517.071. Users who did not restart the Windows system after error detection can solve this problem by applying the LiveUpdate update definition. Users affected by restarting the system can restore their system to their previous state by using the Microsoft recovery console.
Symantec has taken action to provide users with updated file definitions. Symantec takes the security and functionality of the solutions it provides very seriously and recommends affected users to take the necessary measures to ensure their systems are protected.
-----------------------------------------------------------
KB924270
There is now a security issue that an attacker may use to endanger the security of the Windows system and gain control over the system. You can protect your computer from infringement by installing this Microsoft update program. After you install this update, you may need to restart your computer.
Supported operating systems: Windows XP Service Pack 2
Release date: 2006/11/13
Language: Simplified Chinese
-----------------------------------------------------------
5.17 Solutions to the system crash caused by Norton()'s manslaughter
After Norton upgrades to the May 17 version, it will cause the XP system that has been patched with KB924270 to crash. The reason is that Norton falsely reported the updated and files of KB924270 as backdoor viruses. After preliminary investigation, it is normal system files.
After the file was isolated in Norton, the system restart caused a blue screen and prompted: STOP c000021a Unkown hard error.
After Norton upgrades to the May 17 version, it will cause the XP system that has been patched with KB924270 to crash. The reason is that Norton falsely reported the updated and files of KB924270 as backdoor viruses. After preliminary investigation, it is normal system files.
After the file was isolated in Norton, the system restart caused a blue screen and prompted: STOP c000021a Unkown hard error.
Please do not restart the computer after being poisoned
Temporary solution
After the SAV is updated to May 17th, it will be
C: and C:
Think yes, and isolate them.
It will cause the machine to be unable to enter the system after restarting, and the safe mode will not be able to enter, and the blue screen will be available.
Current emergency countermeasures:
From the system center--right-click the server--all tasks---Symantec antivirus---Virus Definition Manager---Click "Configuration" in the upper right corner-----The dialog box appears and click "Virus Definition File"--- and then select the previous virus definition.
Make sure the server does not issue today's virus definition.
For clients that have updated their virus definitions, never restart the computer.
Turn off the symantec antivirus service. If the file exists and the modification date is not today, it means that it has not been completely isolated (it should be part); restore these two files from the quarantine area, or copy these two files from the computer without any problem to C:windowssystem32.
Then delete the 20070517 folder under C:program filescommon filesymantec sharedvirusdefs.
Symantec is speeding up the development of updated virus definitions. After the new virus is defined, please update to the latest immediately.
Solutions that can no longer be started:
2. A virus has been reported, but the machine has been restarted and cannot enter the system (XP SP2). There are the following solutions:
1> Connect the optical drive, plug in the WINDOWS installation CD, and select boot from CDROM
2> Select Recover from the console and press the "R" key
3> Suppose your optical drive letter is "F:", type in the following command
copy f:I386netapi32.dl_ c:
and
copy f:I386lsasrv.dl_ c:
If you encounter a prompt to overwrite the original file, select "Yes".
4> Restart the machine, start from the hard disk, and enter the system.