Chinese PCs running Symantec antivirus software have been incapacitated by a faulty virus signature update delivered automatically to users on Friday about 1:00 a.m. Beijing time. Symantec's antivirus scanning engine mistook two critical system files (netapi32.dll and lsasrv.dll) of the Simplified Chinese edition of Windows XP Service Pack 2 for a Trojan horse, then falsely quarantined them, which in turn crippled Windows. If an affected PC was rebooted, Windows failed on start-up and showed only a blue screen. According to China's state-sponsored Xinhau News Agency the number of PCs were in the millions while other reports cited numbers as low as 7,000 affected PCs; crippled systems were said to be concentrated in Beijing, Shanghai and Guangzhou province.
Symantec re-released a revised signature update around 2:30 p.m. Friday, Beijing time, but the fix was too late for any PC that had been rebooted in the intervening 13.5 hours. Those now-worthless systems needed new copies of the two .dll files restored to the hard drive's "windowssystem32" directory. Symantec posted a support document on its Chinese-language Web site that outlined how to use the Windows XP installation CD to start the PC and use the Recovery Console to replace the quarantined netapi32.dll and lsasrv.dll with new copies. There was no notice of the update problem or the solution on the site's front page, or on the company's English global home page. Many PC makers now forgo installation or restore CDs meaning users would have to obtain copies of the two .dll files from another working PC.
News source: InfoWorld