|
|
发表于 2007-5-18 20:23:23| 字数 3,299| - 中国–辽宁–盘锦 联通
|
显示全部楼层
|阅读模式
我是CNPC的,是SYMANTEC的大客户,这次影响很大,蓝屏的电脑不计其数,这是截至到今天晚上赛门铁克公司给出的解决方案。
=======================================
在windows Xp sp2简体中文版打上补丁KB924270以后,SAV更新到5月17日的病毒定义以后,会把
C:\windows\system32\netapi32.dll和 C:\windows\system32\lsasrv.dll
认为是backdoor.haxdoor, 并且把他们隔离掉。
会造成重起机器后无法进入系统,安全模式也无法进入,蓝屏。
服务器立即liveupdate, 更新到最新的病毒定义库(20070517.v73).
如果liveupdate有问题,到
ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/
进入到68645或者以后的文件夹
下载后缀名是xdb的文件,放到服务器的SAV安装文件夹里面(是个共享文件夹,一般的位置是C:\program files\SAV或者C:\program files\SAV\symantec antivirus. 如果服务器内装有winzip等软件,可能会把这个XDB改成zip或者rar, 需要改回到xdb)。
客户端可以从服务器下载到更新后的病毒定义,对于无法从服务器自动更新病毒定义的客户端,
到
ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/
进入到68645或者以后的文件夹,下载****x86.exe文件,在本机运行更新病毒定义。出现过这个问题的电脑,理论上SAV下载更新的病毒定义后,会扫描隔离区,发现误报的dll文件后会自动修复并恢复到原来的位置,这些已经有很多用户确认。但是为保险起见,建议用户在工作量允许得前提下,用windows XP盘里面的i386下面的netapi32.dll和lsasvr.dll文件,替换C:\windows\system32下的这两个文件。
对于已经蓝屏的电脑:
1, 使用windows XP安装盘启动
2, 进入系统恢复控制台。
3, 使用安装盘I386目录下的netapi32.dll和lsasrv.dll文件替换系统system32下和dllcache下的文件
a. cd \windows\system32
b. expand (CD drive letter):\i386\netapi32.dl_
c. expand (CD drive letter):\i386\lsasrv.dl_
d. cd dllcache
e. expand (CD drive letter):\i386\netapi32.dl_
f. expand (CD drive letter):\i386\lsasrv.dl_
4, 重启电脑
5,更新到前面所述的新的病毒定义。
Temporary Solution for Backdoor.haxdoor
On XP SP2 (Chinese Simplified) image and apply the MS 924270 patch,
After the virus definition has been updated to the version of 2007-5-17, the following files, C:\windows\system32\netapi32.dll and C:\windows\system32\lsasrv.dll, will be treated as ‘backdoor.haxdoor’ and then be quarantined.
After rebooting the system, it couldn’t log in successfully and the same in the safe mode. It will also display the blue screen.
The current urgent solution is as the following:
For the server:
Liveupdate immediately, to virus definition version 20070517.v73.
If there is any problem on liveupdate:
1.
Go to ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/.
2.
Enter the 68638 or newer folder.
3.
Download the files with the suffix of xdb.
4.
Put it into the installation folder of SAV, which is C:\program files\SAV or C:\program files\SAV\symantec antivirus generally.
Note: If the compress software such as winzip has been installed in the server, the suffix will be changed from xdb to zip or rar. Please change it back to xdb.
For the clients:
1.
Automatically, the clients will update the new version of the virus definition from the server.
2.
For those clients that couldn’t obtain the new virus definition from the server automatically, please download ****x86.exe in the above address, then run this execute file.
3.
For the client which has met this problem, the latest virus definition will rescan the quarantine, if there is false-positived dll files, SAV will repair and restore it.
4.
For the pc displaying blue screen:
1) Locate Installation CD, put in drive and restart machine.
2) At startup, choose the option to boot from CD.
3) After the drivers load in Windows setup, choose ‘R’ for recovery console.
4) Choose the affected windows installation, and type in your administrator password
5) Type the following commands in this order (overwrite files if prompted):
a. cd \windows\system32
b. expand (CD drive letter):\i386\netapi32.dl_
c. expand (CD drive letter):\i386\lsasrv.dl_
d. cd dllcache
e. expand (CD drive letter):\i386\netapi32.dl_
f. expand (CD drive letter):\i386\lsasrv.dl_
6) Type ‘exit’ to reboot the machine
7) update to latest RR defs
|
|
狗仔卡
离线
提升卡
置顶卡
变色卡
