Flawed Symantec update cripples Chinese PCs

Update quarantined two critical system files in the Simplified Chinese version of Windows XP, affecting computers throughout China.
Written by Aaron Tan, Contributor
A Symantec antivirus signature update mistakenly quarantined two critical system files in the Simplified Chinese version of Windows XP last week, crippling PCs throughout China.

According to the Chinese Internet Security Response Team (CISRT), users of Norton Antivirus, Norton Internet Security 2007 and Norton 360 who installed an antivirus signature update released by Symantec on May 17 could not reboot their PCs. The update reportedly mistook two Windows system files--"netapi32.dll" and "lsasrv.dll"--as the Backdoor.Haxdoo Trojan horse. The two files were subsequently quarantined.

CISRT said the flawed Symantec update affects only users of the Simplified Chinese version of Windows XP Service Pack 2 who have been patched with a particular Microsoft software fix available since November 2006. CISRT noted that this issue has been "huge."

According to CCTV.com, which is part of China's largest national TV network, the problem has affected millions of PCs and was not completely resolved as of Wednesday.

A representative at Symantec Asia-Pacific and Japan confirmed the incident earlier this week, but declined to reveal the number of Chinese Norton customers who were affected. According to Symantec, the problem was caused when Symantec made a change to the automated process used by the company's security response team to detect malicious software.

Symantec said the false detection was immediately removed from the virus signature definitions. Symantec security experts then initiated a LiveUpdate--the company's automated software update process--posting to include the updated definitions. This LiveUpdate became publicly available on May 17, about four and a half hours after Symantec was notified of the issue.

According to Symantec China's Web site, affected customers can resolve the problem by initiating another LiveUpdate, if they have not restarted their PCs after installing the flawed update. Systems that have already been restarted can be returned to the previous state by recovering the two system files from the Windows XP disc.

Aaron Tan of ZDNet Asia reported from Singapore.

Editorial standards