Thursday, October 26, 2006

False Positive from Symantec Causes Problem

Anti-virus signatures for Symantec AntiVirus were shipped that apparently triggered a false positive alert that the sfc.dll file in Windows XP and 2000 (which powers Windows File Protection) was the Infostealer.Banpaes virus. Symantec then disabled sfc.dll, and prompts you to reboot the computer. When you try to reboot, a Windows XP computer may reboot continuously, and Windows 2000 may blue screen. Symantec has posted a Knowledge Base article at http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2006102011570548 to help anyone whose computer they wrecked. The Internet Storm Center also has information at http://isc.sans.org/diary.php?storyid=1799.