I feel pretty bad for those people running the Chinese version of Windows XP SP2 along with Norton Antivirus. It appears that last Friday around 1:00AM Beijing time Symantec updated Norton’s antivirus definitions which flagged two system files, netapi32.dll and lsasrv.dll, as “Backdoor.Haxdoor” trojans.
If the user restarted the computer after receiving the update they are going to have a fun time recovering those two files. After the computer restarts users will be prompted with a Blue Screen of Death (BSoD), and trying to boot into safe mode won’t do them any good. Symantec has posted instructions (translated to English) on using the Windows XP recovery console to restore those two files from the installation CD.
Those people who didn’t restart their computers after the updated definitions are much more fortunate. Symantec released a corrected version of their definitions that same day at 2:30PM Beijing time, and if you update the definitions to the latest version it should counteract the effects.
The number of computers affected has been reported to be between 7,000 and several hundred thousand. It has caused that much damage, and yet Symantec has nothing posted on their front page about the event. The only article they have regarding the situation is for the instructions (posted above) and is only in Chinese.
There is another sticky situation to be talked about now, and that is what people will do who are running pirated copies of Windows XP. They probably don’t have the installation CD anymore, which means they will look for the files online to download them. This could be extremely bad because they may end up downloading files that contain viruses themselves, which would just result in an even larger mess.
Symantec definitely took the wrong approach on this. In my opinion they should have done many things differently:
- Updated their virus definitions sooner than 13–hours later after the destructive update was released.
- Have a nice big link on their homepage so that people looking to solve the problem can easily locate the solution.
- Finally, they should offer some sort of downloadable patch that users can put on a floppy disc or CD. Then they could boot-up the utility on their computer, press a button, and it will automatically copy the two needed files over to the proper location. That way Symantec can verify that the two files being used are legitimate, and that the proper steps are being taken to correct the issue.
All I can say is…what a mess!
Source: ComputerWorld
Just another reason not to use Norton Anti Virus. The biggest being that’s it not even 90% effective at finding viruses.
I’ve been a huge fan of Avast ever since I started using it a few years ago. What antivirus do you use Cory?
I’m glad I ditched Norton for that Kapersky AOL freebie.
NOD32.
Once upon-a-time I was using Norton. One day, really strange things starting happening on my computer . I ran several virus scan but Norton reported that no viruses were found. I downloaded a [eset.com] and within a few seconds of starting a scan several viruses were found. A full system scan was completed in 15 minutes (Norton took about 90 minutes) and 8 viruses were found and removed.
I’ve been a virus-free happy user every since. I’ve installed NOD32 on all my family members computers. No one has reported an infection since.
NOD32 is undoubtedly my favorite antivirus, but I like not having to worry about paying or renewing the software. Its a nice feeling to know that I’m always covered.
NOD32’s database is comparatively weak though. It has a good heuristic engine and it is fast, but its database is weaker than Kaspersky. It generally gets defeated easily by all those AV softs using Kaspersky engine.
Forgot to mention in the last post. Even free software Avira Antivir is better than NOD32 according to some tests.
Their database may not be as extensive, but their heuristic engine normally componsates for it. Kaspersky is good, but NOD32 is still going to be my favorite because a lot of viruses that users need to worry about are the ones not yet in the databases.
How would you rate the recourse use of NOD32?
NOD32 uses the least amount of resources of any antivirus package that I’ve tested (Kaspersky, Avast, AVG, and a few others). It normally takes up 3 to 6MB of memory and doesn’t overwhelm my system when doing a scan for viruses.
Whoa whoa whoa! NOD32 costs money! So much for that.
Yes, NOD32 does cost money. I wish that it didn’t, but I guess the best software isn’t always free.