Full Disclosure mailing list archives
RE: Possible Virus activity
From: <Martin_Roesler () trendmicro-europe com>
Date: Sat, 23 Apr 2005 11:19:13 +0200
Hello everybody First of all I have to apologize on behalf of Trend Micro. I understand that you faced severe problems due to a significant performance issue on PC's that have loaded the pattern file 2.594.00 Manual Solution: To fix this problem, please follow the solution #24263 (Office Scan) and #24264 (PC-cillin Internet Security Suite) http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp ?solutionId=24263 http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp ?solutionId=24264 Explanation: On April 22, 2005, starting at 3:33 pm Pacific (10:33 GMT) Trend Micro posted a pattern file (2.594.00) that had the potential to interact with certain computing configurations and cause computer performance issues for some users. This specific pattern file was only available during a 1 hour and 29 minute time window. Trend Micro removed the pattern file from our Web sites and Active Update servers at 5:02 pm (1:02 GMT), and immediately took steps to post a new pattern file. Subsequent pattern file downloads do not cause these issues. Right now Trend Micro global support team is working to fully understand the extent of the problem and provide additional solutions. Trend Micro has extended support hours especially to help those customers who had this special intersection of circumstances and were affected by this issue. Trend Micro is continuing testing in order to fully understand initial assessments and fix the issue, and endeavor to provide additional information as it becomes available. Martin Roesler Director of Global Technical Support Operations Trend Micro Deutschland GmbH Lise-Meitner-Str. 4 85716 Unterschleissheim E-Mail: Martin_Roesler () trendmicro-europe com __________________________________________________ http://www.trendmicro-europe.com -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Benjamin Krueger Sent: Samstag, 23. April 2005 05:14 To: Jonathan Grotegut Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Possible Virus activity * Jonathan Grotegut (jgrotegut () directpointe com) [050422 19:30]:
One of the things one of our techs has found is it is somehow related
to Trend Office Scan, one of our techs killed all the services on one of the computer he could, he started them up one by one. Once he started Trend Officescan service the System process spiked. Possible update today on Trend that botched it?
Jonathan Grotegut
http://kb.trendmicro.com/solutions/search/main/search/SolutionDetail.asp ?SolutionID=24263&btnSearch=GO "Windows XP Service Pack 2 machines with critical patches and OfficeScan Corporate Edition (OSCE) starts to experience high CPU utilization after updating to Pattern 594" 594 was released today, and then 596 was released immediately afterwards. It looks like the machines having problems on my network are running 594 and weren't able to successfully update to 596. Coincidence? I think not. Thanks Trend. You've ruined my Friday night. My girlfriend and I thank you... -- Benjamin Krueger "Nakedness is sinful. If God wanted us to go naked, we would have been born that way." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Possible Virus activity Jonathan Grotegut (Apr 22)
- Re: Possible Virus activity Benjamin Krueger (Apr 22)
- Re: Possible Virus activity Danny (Apr 22)
- Re: Possible Virus activity Benjamin Krueger (Apr 22)
- <Possible follow-ups>
- RE: Possible Virus activity Jonathan Grotegut (Apr 22)
- Re: Possible Virus activity Benjamin Krueger (Apr 22)
- Re: Possible Virus activity Danny (Apr 23)
- Re: Possible Virus activity Benjamin Krueger (Apr 22)
- RE: Possible Virus activity Jonathan Grotegut (Apr 22)
- RE: Possible Virus activity Martin_Roesler (Apr 23)
- Re: Possible Virus activity mcbain (Apr 23)
- Re: Possible Virus activity Danny (Apr 23)
- Re: Possible Virus activity mcbain (Apr 23)
- Re: Possible Virus activity Danny (Apr 23)
- Re: Possible Virus activity 404 (Apr 23)
- Re: Possible Virus activity class101 () HAT-SQUAD com (Apr 23)
- Re: Possible Virus activity mcbain (Apr 23)
- Re: Possible Virus activity Danny (Apr 23)
- Re: Possible Virus activity Benjamin Krueger (Apr 22)