The Chinese Internet Security Response Team (CISRT), Symantec’s SRT group located in China, called it ‘Black Friday.’ In what should have been a routine update to the popular anti-virus software, an update issued Friday disabled several thousand computers across China. The Norton AntiVirus update caused the computers to recognize two Windows XP files as malicious and remove them. The result was the infamous BSOD (Blue Screen of Death) after a system reboot, resulting in a rather expensive paperweight.
The files removed by Norton are lsasrv.dll and netapi32.dll according to several technical reports. The security software tags the files as being a malicious backdoor named appropriately Backdoor.Haxdoor Trojan. “With these files removed, Windows XP will no longer start up, and even the system safe mode no longer functions. Only Chinese language versions of Windows appear to be affected so far,” said a report on Usenet about the issue. (alt.comp.antivirus) “The problem appears to stem from an update Microsoft released in November 2006, which contained new versions of some system files, as PCs which have not applied this update are unaffected.”
On the CISRT website, the issue was addressed and confirmed the Windows XP language version, “Only simplified Chinese Windows XP, SP2 users are affected by this false detection because they have patched Microsoft bulletins (MS06-070, KB924270). As now, Symantec has already fixed this false detection through LiveUpdate definitions (20070517, version 71). This issue has made a huge effection to Chinese people. According to Rising reports, more than 7,000 users have asked help for solving this problem to Rising. We hope this kind of issue will not happen again.”
While there was a patch released to fix the issue, the problem remains that those who rebooted are left with no option to apply it. Some reports online quote Symantec advising users to ‘use the Windows XP CD and the Recovery Console.’ This solution will work by copying the removed files to the system, using command line tools, and rebooting the PC. The problem faced by many Chinese computer users, is that most do not own a Windows XP CD. Reports link this to the growing number of pirate copies of the Microsoft operating system installed across the country.
The software is listed as Norton 360, which includes the Norton Anti-Virus software. Norton issued the warning to all customers just incase, but so far only Chinese computers are affected. Symantec offered assistance to those who need it in restoring their PCs according to a translated statement on the company website. The likely issue is those without a valid CD for Windows XP will receive little help.
Your Talkback on this Story