docker 2007-5-20 11:32
Symantec 误报问题恢复文档
[align=center][align=center][color=#000000][b][font=SymantecSans][size=14pt][font=Times New Roman]Backdoor.haxdoor[/font][/size][/font][/b][b][font=宋体][size=14pt]解决方案[/size][/font][/b][b][font=SymantecSans][size=14pt][/size][/font][/b][/color][/align][/align][align=center][align=center][size=3][color=#000000][font=Times New Roman][b][font=SymantecSans]Version: [u]1.7[/u][/font][/b][b][font=SymantecSans][size=14pt][/size][/font][/b][/font][/color][/size][/align][/align][align=center][align=center][b][font=SymantecSans][size=14pt][font=Times New Roman][color=#000000] [/color][/font][/size][/font][/b][/align][/align][size=3][color=#000000][font=宋体]问题描述:[/font][font=SymantecSans][/font][/color][/size]
[size=3][color=#000000][font=宋体]在[/font][font=SymantecSans][font=Times New Roman]windows Xp sp2[/font][/font][font=宋体]简体中文版打上补丁[/font][/color][/size][color=#000000][font=Arial][size=10pt]KB924270[/size][/font][font=宋体][size=10pt]以后,[/size][/font][font=SymantecSans][font=Times New Roman][size=3]SAV[/size][/font][/font][font=宋体][size=3]更新到[/size][/font][font=SymantecSans][font=Times New Roman][size=3]5[/size][/font][/font][font=宋体][size=3]月[/size][/font][font=SymantecSans][font=Times New Roman][size=3]17[/size][/font][/font][font=宋体][size=3]日的病毒定义以后[/size][/font][/color][size=3][color=#003366][font=Times New Roman](LiveUpdate[/font][/color][color=#003366][font=宋体]的后病毒定义的版本是[/font][/color][color=#003366][font=Times New Roman]20070517.v18[/font][/color][color=#003366][font=宋体],[/font][/color][color=#003366][font=SymantecSans][font=Times New Roman]rapidrelease[/font][/font][/color][color=#003366][font=宋体]的病毒定义版本是[/font][/color][color=#003366][font=Arial]20070517.v16(68601)[/font][/color][color=#003366][font=宋体]至[/font][/color][color=#003366][font=Arial]20070517.v70(68637))[/font][/color][color=#000000][font=宋体]会把[/font][font=Arial][size=10pt][/size][/font][/color][/size]
[size=3][color=#000000][font=SymantecSans][font=Times New Roman]C:\windows\system32\netapi32.dll[/font][/font][font=宋体]和[/font][font=SymantecSans][font=Times New Roman] C:\windows\system32\lsasrv.dll[/font][/font][/color][/size]
[size=3][color=#000000][font=宋体]认为是[/font][font=SymantecSans][font=Times New Roman]backdoor.haxdoor, [/font][/font][font=宋体]并且试图去隔离这两个文件。[/font][font=SymantecSans][/font][/color][/size]
[size=3][color=#000000][font=宋体]重起机器后会造成无法进入系统,安全模式也无法进入,蓝屏。[/font][font=SymantecSans][/font][/color][/size]
[font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[size=3][color=black][font=SymantecSans][font=Times New Roman]Symantec[/font][/font][/color][color=black][font=宋体]已经于北京时间[/font][/color][color=black][font=SymantecSans][font=Times New Roman]5[/font][/font][/color][color=black][font=宋体]月[/font][/color][color=black][font=SymantecSans][font=Times New Roman]18[/font][/font][/color][color=black][font=宋体]日下午两点半更新病毒定([/font][/color][color=black][font=SymantecSans][font=Times New Roman]20070517.v73[/font][/font][/color][color=black][font=宋体]),[/font][/color][color=black][font=SymantecSans][/font][/color][/size]
[size=3][color=black][font=宋体]此后的病毒定义不会造成这种现象。[/font][/color][color=black][font=SymantecSans][/font][/color][/size]
[color=black][font=SymantecSans][font=Times New Roman][size=3] [/size][/font][/font][/color]
[size=3][color=black][font=宋体]解决方案:[/font][/color][color=black][font=SymantecSans][/font][/color][/size]
[size=3][color=black][font=SymantecSans][font=Times New Roman]1[/font][/font][/color][color=black][font=宋体],服务器端:[/font][/color][color=black][font=SymantecSans][/font][/color][/size]
[size=3][b][color=black][font=宋体]服务器立即[/font][/color][/b][b][color=black][font=SymantecSans][font=Times New Roman]liveupdate, [/font][/font][/color][/b][b][color=black][font=宋体]更新到最新的病毒定义库([/font][/color][/b][b][color=black][font=SymantecSans][font=Times New Roman]20070517.v73[/font][/font][/color][/b][b][color=black][font=宋体]或者更高版本)[/font][/color][/b][b][color=black][font=SymantecSans][font=Times New Roman].[/font][/font][/color][/b][/size]
[size=3][color=#000000][font=宋体]如果[/font][font=SymantecSans][font=Times New Roman]liveupdate[/font][/font][font=宋体]有问题,到[/font][font=SymantecSans][/font][/color][/size]
[font=Arial][size=10pt][url=ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/][color=#0000ff]ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/[/color][/url][/size][/font]
[size=3][color=#000000][font=宋体]进入到[/font][font=SymantecSans][font=Times New Roman]68638(22070517.v71)[/font][/font][font=宋体]或者以后的文件夹,[/font][font=SymantecSans][/font][/color][/size]
[size=3][color=#000000][font=宋体]下载后缀名是[/font][font=SymantecSans][font=Times New Roman]xdb[/font][/font][font=宋体]的文件,放到服务器的[/font][font=SymantecSans][font=Times New Roman]SAV[/font][/font][font=宋体]安装文件夹里面(是个共享文件夹,一般的位置是[/font][font=SymantecSans][font=Times New Roman]C:\program files\SAV[/font][/font][font=宋体]或者[/font][font=SymantecSans][font=Times New Roman]C:\program files\SAV\symantec antivirus. [/font][/font][font=宋体]如果服务器内装有[/font][font=SymantecSans][font=Times New Roman]winzip[/font][/font][font=宋体]等软件,可能会把这个[/font][font=SymantecSans][font=Times New Roman]XDB[/font][/font][font=宋体]改成[/font][font=SymantecSans][font=Times New Roman]zip[/font][/font][font=宋体]或者[/font][font=SymantecSans][font=Times New Roman]rar, [/font][/font][font=宋体]需要改回到[/font][font=SymantecSans][font=Times New Roman]xdb[/font][/font][font=宋体])。[/font][font=SymantecSans][/font][/color][/size]
[font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[size=3][color=#000000][font=SymantecSans][font=Times New Roman]2[/font][/font][font=宋体],正在运行的客户端:[/font][font=SymantecSans][/font][/color][/size]
[size=3][color=#000000][b][font=宋体]客户端可以从服务器下载到更新后的病毒定义,[/font][/b][font=宋体]保证病毒定义在[/font][font=SymantecSans][font=Times New Roman]20070517.v71[/font][/font][font=宋体]或者以后。[/font][font=SymantecSans][/font][/color][/size]
[size=3][color=#000000][font=宋体]对于无法从服务器自动更新病毒定义的客户端,到[/font][font=SymantecSans][/font][/color][/size]
[font=Arial][size=10pt][url=ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/][color=#0000ff]ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/[/color][/url][/size][/font]
[size=3][color=#000000][font=宋体]进入到[/font][font=SymantecSans][font=Times New Roman]68638[/font][/font][font=宋体]或者以后的文件夹,下载[/font][font=SymantecSans][font=Times New Roman]****x86.exe[/font][/font][font=宋体]文件,在本机运行更新病毒定义。[/font][font=SymantecSans][/font][/color][/size]
[size=3][color=#000000][font=SymantecSans][font=Times New Roman]1[/font][/font][font=宋体],如果[/font][font=SymantecSans][font=Times New Roman]netapi32.dll[/font][/font][font=宋体]和[/font][font=SymantecSans][font=Times New Roman]lsasrv.dll[/font][/font][font=宋体]没有被[/font][font=SymantecSans][font=Times New Roman]SAV[/font][/font][font=宋体]隔离,只需要更新病毒定义到[/font][font=SymantecSans][font=Times New Roman]20050517.v71[/font][/font][font=宋体]或者更新的版本。[/font][font=SymantecSans][/font][/color][/size]
[size=3][color=#000000][font=SymantecSans][font=Times New Roman]2,
[/font][/font][font=宋体]如果[/font][font=SymantecSans][font=Times New Roman]netapi32.dll[/font][/font][font=宋体]和[/font][font=SymantecSans][font=Times New Roman]lsasrv.dll[/font][/font][font=宋体]已经被[/font][font=SymantecSans][font=Times New Roman]SAV[/font][/font][font=宋体]隔离,然后从隔离区恢复被隔[/font][font=SymantecSans][font=Times New Roman]
[b][color=red][/color][/b][/font][/font][/color][/size]
[size=3][color=#000000][font=SymantecSans][font=Times New Roman] [/font][/font][font=宋体]离的这两个文件。[/font][font=SymantecSans][font=Times New Roman]
[/font][/font][/color][/size]
[font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[size=3][color=#000000][font=宋体]对于已经蓝屏的电脑:[/font][font=SymantecSans][/font][/color][/size]
[size=3][color=#000000][font=宋体]1, [/font][font=宋体]使用windows XP安装盘启动[/font][/color][/size]
[size=3][color=#000000][font=Arial]2[/font][font=宋体], [/font][font=宋体]进入系统恢复控制台。 [/font][/color][/size]
[size=3][color=#000000][font=Arial]3[/font][font=宋体], [/font][font=宋体]使用安装盘[/font][font=宋体]I386[/font][font=宋体]目录下的[/font][font=宋体]netapi32.dll[/font][font=宋体]和[/font][font=宋体]lsasrv.dll[/font][font=宋体]文件替换系统[/font][font=宋体]system32[/font][font=宋体]下和dllcache下的文件[/font][/color][/size]
[color=#000000][font=Arial][size=10pt]a.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]cd \windows\system32[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]b.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]expand (CD drive letter):\i386\netapi32.dl_[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]c.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]expand (CD drive letter):\i386\lsasrv.dl_[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]d.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]cd dllcache[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]e.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]expand (CD drive letter):\i386\netapi32.dl_[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]f.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]expand (CD drive letter):\i386\lsasrv.dl_[/size][/font][/color]
[size=3][color=#000000][font=Arial]4[/font][font=宋体], [/font][font=宋体]重启电脑[/font][/color][/size]
[size=3][color=#000000][font=宋体]5[/font][font=宋体],更新到前面所述的新的病毒定义。[/font][/color][/size]
[size=3][font=宋体][color=#000000]6[/color][/font][font=宋体][color=#000000],[/color][color=red]在更新病毒定义的前提下[/color][color=#000000],重新打上微软的KB924270补丁。[/color][/font][/size]
[font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[align=center][align=center][b][font=SymantecSans][size=14pt][color=#000000][font=Times New Roman]Solution for Backdoor.haxdoor[/font][/color][/size][/font][/b][/align][/align][align=center][align=center][b][font=SymantecSans][size=3][color=#000000][font=Times New Roman]Version: [u]1.7[/u][/font][/color][/size][/font][/b][/align][/align][font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]Situation:[/font][/color][/size][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]
On [/font][/color][/size][/font][font=Arial][size=10pt][color=#000000]XP SP2 (Chinese Simplified) image and apply the MS 924270 patch,
[/color][/size][/font][size=3][font=SymantecSans][font=Times New Roman][color=#000000]After the virus definition has been updated to the version of 2007-5-17[/color][color=#003366]([/color][/font][/font][color=#003366][font=Arial]The first bad Rapid Release is 20070517.016 (68601) ,the bad LiveUpdate definition is 20070517.018)[/font][/color][color=#003366][font=SymantecSans][/font][/color][/size]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]the following files, C:\windows\system32\netapi32.dll and C:\windows\system32\lsasrv.dll, will be treated as ‘backdoor.haxdoor’ and then SAV will try to quarantine the files.[/font][/color][/size][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]After rebooting the system, it couldn’t log in system successfully and the same situation in the safe mode. It will also cause the blue screen.[/font][/color][/size][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]Symantec has updated the virus definition on 2:30, 18th May(20070517.v73),[/font][/color][/size][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]This virus definition and later will not cause the problem.[/font][/color][/size][/font]
[font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]Solution:[/font][/color][/size][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]
For the server:[/font][/color][/size][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]
[b]Liveupdate immediately, to virus definition version 20070517.v73 or later[/b].[/font][/color][/size][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]If there is any problem on liveupdate:[/font][/color][/size][/font]
[font=Times New Roman][font=SymantecSans][color=#000000][size=3]1.[/size]
[/color][/font][font=SymantecSans][size=3][color=#000000]Go to [/color][/size][/font][/font][font=Arial][size=10pt][url=ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/][color=#0000ff]ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/symantec_antivirus_corp/rapidrelease/sequence/[/color][/url].[/size][/font][font=SymantecSans][/font]
[font=Times New Roman][font=SymantecSans][color=#000000][size=3]2.[/size]
[/color][/font][font=SymantecSans][size=3][color=#000000]Enter the 68638 (20070517.v71)or newer folder.[/color][/size][/font][/font]
[font=Times New Roman][font=SymantecSans][color=#000000][size=3]3.[/size]
[/color][/font][font=SymantecSans][size=3][color=#000000]Download the files with the suffix of xdb.[/color][/size][/font][/font]
[font=Times New Roman][font=SymantecSans][color=#000000][size=3]4.[/size]
[/color][/font][font=SymantecSans][size=3][color=#000000]Put it into the installation folder of SAV, which is C:\program files\SAV or C:\program files\SAV\symantec antivirus generally.[/color][/size][/font][/font]
[size=3][color=#000000][font=Times New Roman][i][font=SymantecSans]Note: If the compress software such as winzip has been installed in the server, the suffix will be changed from xdb to zip or rar. Please change it back to xdb[/font][/i][font=SymantecSans]. [/font][/font][/color][/size]
[font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]For the clients:[/font][/color][/size][/font]
[font=Times New Roman][font=SymantecSans][color=#000000][size=3]1.[/size]
[/color][/font][size=3][color=#000000][b][font=SymantecSans]Automatically, the clients will update the new version of the virus definition from the server[/font][/b][font=SymantecSans]. Confirm that the virus definition version is 20070517.v71 or later.[/font][/color][/size][/font]
[font=Times New Roman][font=SymantecSans][color=#000000][size=3]2.[/size]
[/color][/font][font=SymantecSans][size=3][color=#000000]For those clients that couldn’t obtain the new virus definition from the server automatically, please download ****x86.exe in the above address, then run this execute file.[/color][/size][/font][/font]
[color=#000000][font=Arial][size=11pt]3.
[/size][/font][font=Arial][size=11pt]Files were detected as Backdoor.Haxdoor, but were not quarantined and customer[/size][/font][/color]
[font=Arial][size=11pt][color=#000000]Has not rebooted:
[/color][/size][/font]
[font=Arial][size=11pt][color=#000000]
Customer simply needs to apply the latest LiveUpdate definitions.[/color][/size][/font]
[color=#000000][font=Arial][size=11pt]4.
[/size][/font][font=Arial][size=11pt]Files were detected as Backdoor.Haxdoor and were quarantined but customer
has not rebooted:[/size][/font][/color]
[font=Arial][size=11pt][color=#000000]
Customer should apply the latest LiveUpdate definitions and then restore
[/color][/size][/font]
[font=Arial][size=11pt][color=#000000]
The files from quarantine[/color][/size][/font]
[color=#000000][font=Times New Roman][font=SymantecSans][size=11pt]5.
For the computers[/size][/font][font=SymantecSans][size=3] displaying blue screen:[/size][/font][/font][/color]
[color=#000000][font=Arial][size=10pt]1)[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]Locate Installation CD, put in drive and restart machine.[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]2)[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]At startup, choose the option to boot from CD.[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]3)[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]After the drivers load in Windows setup, choose ‘R’ for recovery console. [/size][/font][/color]
[color=#000000][font=Arial][size=10pt]4)[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]Choose the affected windows installation, and type in your administrator password[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]5)[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]Type the following commands in this order (overwrite files if prompted):[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]a.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]cd \windows\system32[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]b.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]expand (CD drive letter):\i386\netapi32.dl_[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]c.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]expand (CD drive letter):\i386\lsasrv.dl_[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]d.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]cd dllcache[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]e.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]expand (CD drive letter):\i386\netapi32.dl_[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]f.[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]expand (CD drive letter):\i386\lsasrv.dl_[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]6)[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]Type ‘exit’ to reboot the machine[/size][/font][/color]
[color=#000000][font=Arial][size=10pt]7)[/size][/font][size=7pt][font=Times New Roman] [/font][/size][font=Arial][size=10pt]update to latest virus definition.[/size][/font][/color]
[font=Arial][size=10pt][color=#000000]8)
Re-apply Microsoft KB924270 [/color][color=red]after update to latest virus definition[/color][color=#000000].[/color][/size][/font]
[font=SymantecSans][font=Times New Roman][size=3][color=#000000] [/color][/size][/font][/font]
[font=SymantecSans][size=3][color=#000000][font=Times New Roman]Instruction by Symantec Security Response:[/font][/color][/size][/font]
[font=Arial][size=10pt]On May 17,2007, at approximately 10am PST, Symantec released LiveUpdate definitions which erroneously detected 2 systems files included on some simplified Chinese versions of Microsoft Windows XP as Backdoor.Haxdoor[/size][/font]
[font=Arial][size=10pt] [/size][/font]
[font=Arial][size=10pt]This affected the Simplified Chinese version of Windows XP Service Pack 2, which had the KB924270 patch from Microsoft applied. The files affected are netapi32.dll (version 5.1.2600.2976) and lsasrv.dll (version 5.1.2600.2976). Other language versions of Windows XP, or Windows XP versions which do not have the KB924270 patch applied, are not affected. Windows will fail to load should the machine be rebooted following the mis-detection.[/size][/font]
[font=Arial][size=10pt] [/size][/font]
[font=Arial][size=10pt]The mis-detection was introduced in Rapid Release build number 68601 (extended version 20070517.016) and corrected in Rapid Release build number 68638 (extended version 20070517.071)[/size][/font]
[font=Arial][size=10pt] [/size][/font]
[font=Arial][size=10pt]Symantec released LiveUpdate definitions on May 17, at approximately 11.30pm PST to correct this issue. Users who have not rebooted Windows following the mis-detection can apply the updated definitions through LiveUpdate to resolve the issue. Customers impacted by this issue following reboot of an affected system, can return their system(s) to the previous state through use of the Windows recovery console. (See attached file for details).[/size][/font]
[font=Arial][size=10pt] [/size][/font]
[font=Arial][size=10pt]The mistaken detections were added via an automation process that has been in use for some time to address the rapidly increasing volume of threats. One of the third party components used in the automation process has recently changed and led to the detection of the two system files, which has now been corrected.[/size][/font]
[font=Arial][size=10pt] [/size][/font]
[font=Arial][size=10pt]Symantec is putting measures in place to avoid similar incidents in future. We sincerely regret any inconvenience this may have caused our customers.[/size][/font]
[font=Arial][size=10pt] [/size][/font]
[font=Arial][size=10pt]PS:[/size][/font]
[font=Arial][size=10pt]Step by step instructions to stop blue screens:[/size][/font]
[font=Arial][size=10pt]1)
Locate Installation CD, put in drive and restart machine.[/size][/font]
[font=Arial][size=10pt]2)
At startup, choose the option to boot from CD.[/size][/font]
[font=Arial][size=10pt]3)
After the drivers load in Windows setup, choose ‘R’ for recovery console. [/size][/font]
[font=Arial][size=10pt]4)
Choose the affected windows installation, and type in your administrator password[/size][/font]
[font=Arial][size=10pt]5)
Type the following commands in this order (overwrite files if prompted):[/size][/font]
[font=Arial][size=10pt]a.
cd \windows\system32[/size][/font]
[font=Arial][size=10pt]b.
expand (cd drive letter):\i386\netapi32.dl_[/size][/font]
[font=Arial][size=10pt]c.
expand (cd drive letter):\i386\lsasrv.dl_[/size][/font]
[font=Arial][size=10pt]d.
cd dllcache[/size][/font]
[font=Arial][size=10pt]e.
expand (cd drive letter):\i386\netapi32.dl_[/size][/font]
[font=Arial][size=10pt]f.
expand (cd drive letter):\i386\lsasrv.dl_[/size][/font]
[font=Arial][size=10pt]6)
Type ‘exit’ to reboot the machine[/size][/font]
[font=Arial][size=10pt]7)
Download and update to latest RR defs[/size][/font]
[font=Arial][size=10pt]8)
Re-apply KB924270 patch.[/size][/font]
liaoronghao 2007-8-1 12:17
太复杂了,看不懂
franktian 2008-2-27 16:16
嗯,学习