Symantec blunder trashes 'millions' of Chinese PCs

Millions of Chinese PCs running Symantec anti-virus software have been incapacitated by a faulty virus signature distributed last week, government media are reporting.

Share

Millions of Chinese PCs running Symantec anti-virus software have been incapacitated by a faulty virus signature distributed last week, government media are reporting.

A virus-signature update delivered automatically to users on Friday about 1:00 a.m. Beijing time to Symantec's antivirus scanning engine mistook two critical system files of the Simplified Chinese edition of Windows XP Service Pack 2 for a Trojan horse.

The two files -- netapi32.dll and lsasrv.dll -- were falsely quarantined, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen.

"The update of Norton's virus database on Friday has caused millions of PCs and computers to crash, a heavy blow to people's daily work and ongoing business," China's state-sponsored Xinhau News Agency said on 20 May.

Other reports, which cited numbers as low as 7,000 affected PCs, also circulated in Chinese technology and mainstream media reports over the weekend, with crippled systems said to be concentrated in Beijing, Shanghai and Guangzhou province.

Symantec re-released a revised signature update around 2:30 pm, Beijing time, on 18 May, but the fix was too late for any PC that had been rebooted in the intervening 13 and a half hours. Those now-worthless systems needed new copies of the two .dll files restored to the hard drive's "windows\system32" directory.

Symantec did post a support document on its Chinese-language Web site that outlined how to use the Windows XP installation CD to start the PC and use the Recovery Console, a command line-driven restore tool of last resort, to replace the quarantined netapi32.dll and lsasrv.dll with new copies.

Find your next job with computerworld UK jobs