Norton AntiVirus cripples thousands of PCs in China

May 18, 2007

A routine upgrade of anti-virus software has disabled tens of thousands of PCs in China, according to local media reports. The faulty upgrade caused Symantec's Norton AntiVirus software to remove critical Windows XP system files, the reports state.

The system files moved or deleted by the software include netapi32.dll and lsasrv.dll, according to Sohu News. The software incorrectly identifies the files as being infected with the Backdoor.Haxdoor trojan. With these files removed, Windows XP will no longer start up, and even the system safe mode no longer functions. Only Chinese-language versions of Windows appear to be affected so far.

The Norton AntiVirus application is part of Norton's 360 suite and it is pre-installed in many PCs sold in China, indicating that the problem could potentially affect millions of users.

Patched PCs vulnerable
The problem appears to stem from an update Microsoft released in November 2006, which contained new versions of some system files, as PCs which have not applied this update are unaffected.

Symantec has acknowledged the issue and is working on a solution, reports said - although there is no apparent mention of it on the company's Chinese website.

PC owners affected by the issue may be able to restore the missing files from their Windows XP installation CDs. However, since piracy of Windows XP is common in China, some users may not have access to these.