May 24, 2007 7:44 AM PDT

Flawed Symantec update cripples Chinese PCs

A Symantec antivirus signature update mistakenly quarantined two critical system files in the Simplified Chinese version of Windows XP last week, crippling PCs throughout China.

According to the Chinese Internet Security Response Team (CISRT), users of Norton Antivirus, Norton Internet Security 2007 and Norton 360 who installed an antivirus signature update released by Symantec on May 17 could not reboot their PCs. The update reportedly mistook two Windows system files--"netapi32.dll" and "lsasrv.dll"--as the Backdoor.Haxdoo Trojan horse. The two files were subsequently quarantined.

CISRT said the flawed Symantec update affects only users of the Simplified Chinese version of Windows XP Service Pack 2 who have been patched with a particular Microsoft software fix available since November 2006. CISRT noted that this issue has been "huge."

According to, which is part of China's largest national TV network, the problem has affected millions of PCs and was not completely resolved as of Wednesday.

A representative at Symantec Asia-Pacific and Japan confirmed the incident earlier this week, but declined to reveal the number of Chinese Norton customers who were affected. According to Symantec, the problem was caused when Symantec made a change to the automated process used by the company's security response team to detect malicious software.

Symantec said the false detection was immediately removed from the virus signature definitions. Symantec security experts then initiated a LiveUpdate--the company's automated software update process--posting to include the updated definitions. This LiveUpdate became publicly available on May 17, about four and a half hours after Symantec was notified of the issue.

According to Symantec China's Web site, affected customers can resolve the problem by initiating another LiveUpdate, if they have not restarted their PCs after installing the flawed update. Systems that have already been restarted can be returned to the previous state by recovering the two system files from the Windows XP disc.

Aaron Tan of ZDNet Asia reported from Singapore.

See more CNET content tagged:
Symantec Corp., China, Norton Co., antivirus, Microsoft Windows XP


Join the conversation!
Add your comment
One more reason...
Just one more reason for me to not use Symantec's software! This may have only affected the Simplified Chinese version of Windows XP SP2, but that doesn't mean it couldn't happen to other versions in the future.

Symantec's false positive record is too high for me!
Posted by ddesy (4336 comments )
Reply Link Flag
no kidding..
When the software didn't take up 60+ megs of system memory and all the eyecandy. I have been on the search for virus software that didn't kill the system it was protecting for a long time... Symantec needs to go back to the beginning and make the software less of a hog.
Posted by Astinsan (132 comments )
Link Flag
Stay away
Just one more reason to steer clear of Symantec garbage.

I fix too many infected PC's that became infected under the nose of Symantec (and McAfee) "protection" to give me any confidence in it. That's on top of resource hogging and irritating and unnecessary hampering of harmless processes and applications. Honestly, the freebie stuff out there is much better anyway.
Posted by law_hog (43 comments )
Reply Link Flag
Get Kaspersky For Free

1. Ignore the fact that it comes via AOL, they're actually doing something useful here.
2. Resist the offer of a toolbar during installation, it will simply nag you to spend money for something or another.

*** Do use a disposable email address to get the activation code ***
Posted by edgebert (15 comments )
Link Flag
XP disc
which of course many people dont have, cant access because windows is dead, and in most cases have no clue how to access even if they could - lets see - not even sure I would know how to get into the recovery console without looking it up. Th eadministrator password? *** is that? Die symantec die. Of course, if the stories of pirate ware in China are true, then bwaaaaahhhahhhahha serves them right
Posted by gggg sssss (2285 comments )
Reply Link Flag
what a coincidence...
its like the adobe us bill detector ware.. for finding counterfiters.. built into reader... those companys that have so much money they dont know what to do with.. and then they cave into this sicko elitist political power push.. like apple, ms, adobe and the rest.. symantec is no different.. F- em all
Posted by wone123 (32 comments )
Link Flag
So for Anti-Virus security.....
If Microsoft 'protection' doesn't trash your PC and network, then Symantec will step up and do the job.
Posted by broadband123 (1 comment )
Reply Link Flag
So what's new?
I had my first taste of Symantec's "protection" some 7 years ago, while running a small IT business, Symantec pushed out an update to their Enterprise AV product, that crashed NT4 servers.

Needless to say, they were A. unconcerned and B. slow to respond and C. could not understand the fuss.
AS I had recommended the product, my clients saw it as my problem to rebuild their servers - and I lost a couple of clients as well.

There have been a number of such disasters since - but the morons who are supposed to report this stuff, go to the lush seminars and repeat Symantecs copy.

I just avoid their product like the plague
Posted by robtheailean (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.