View previous topic :: View next topic |
Author |
Message |
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 137
Location: USA
|
Posted: Mon May 31, 2004 4:54 pm Post subject: Fix for NIS/NPF 2002!!! |
|
|
See the post by sonofjay at
http://www.dslreports.com/forum/remark,10386208~mode=flat .
_________________
Regards,
Joseph V. Morris
'The man who was not there"
Last edited by jvmorris on Mon May 31, 2004 8:18 pm, edited 1 time in total |
|
Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
Posted: Mon May 31, 2004 5:51 pm Post subject: |
|
|
Hey JV...thanks for the fix to NIS 2002 slow down problem....by turning off the Privacy Control...Tried to use your link above to get over to the DSL Forum....Access Denied....Thought I let you know. Thanks, astroc |
|
Back to top |
|
|
HellBeNt
Trooper
Joined: May 30, 2004
Posts: 10
Location: USA
|
Posted: Mon May 31, 2004 7:25 pm Post subject: |
|
|
I get permission denied also. |
|
Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 137
Location: USA
|
Posted: Mon May 31, 2004 8:19 pm Post subject: |
|
|
Sheesh!!! Thanks guys, I think it's patched now. Try it again?
_________________
Regards,
Joseph V. Morris
'The man who was not there" |
|
Back to top |
|
|
HellBeNt
Trooper
Joined: May 30, 2004
Posts: 10
Location: USA
|
Posted: Mon May 31, 2004 9:48 pm Post subject: |
|
|
The URL works now jv, thank you. I read through that entire thread and I must say I am impressed! This whole NIS 2002 slowdown problem had to do with a file (symids.sys) that Live Update deleted, when it never should have been removed off our PCs. I started out with a search on Google to figure out what this SNDmon.exe file was on my computer and ended up reading through forums for 2+ hours just to understand why my web browser was running slow. Thank you for contributing your knowledge, and to think you don't even use NIS 2002. Wow! |
|
Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 137
Location: USA
|
Posted: Mon May 31, 2004 9:58 pm Post subject: |
|
|
HellBeNt wrote: |
The URL works now jv, thank you. I read through that entire thread and I must say I am impressed! This whole NIS 2002 slowdown problem had to do with a file (symids.sys) that Live Update deleted, when it never should have been removed off our PCs. |
Let me make one thing abundantly clear. If you have installed LiveUpdates since 12 May 2004, it will not suffice to simply re-install the old symids.sys/vxd (4.5.2.1); you have to install the newsymids.sys/vxd (5.3.1.54). These two files 'hook in' to NIS in radically different ways and the wrong version won't work with the post-May 12 LiveUpdates.
I realize it may be appealing to simply stick with the old (pre-May 12) versions of NIS/NPF 2002, but you should be aware that exploit code for that version is already circulating. There's not only a DoS exploit, but also a remote access exploit that would allow an attacker all the way through to the kernel of your operating system. At that point, you don't own your machine anymore, some blackhat does.
Quote: |
I started out with a search on Google to figure out what this SNDmon.exe file was on my computer and ended up reading through forums for 2+ hours just to understand why my web browser was running slow. Thank you for contributing your knowledge, and to think you don't even use NIS 2002. Wow! |
What's funny about all this is that I was just thinking about re-installing NIS 2002 FE -- and I may do so now. But I intend to be very careful about accepting future LiveUpdates.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
Posted: Tue Jun 01, 2004 1:05 pm Post subject: |
|
|
Hey Joseph, thanks for sorting it all out. Checked my system and I do have the symids.sys version 5.3.1.54 dated 5/13/04...but I do not have sysmids.vxd in my system at all. Do I need both of these files for the system to run properly?? Perhaps it is still in the 2 updates I have yet to download. Please update. Regards, astroc |
|
Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 137
Location: USA
|
Posted: Tue Jun 01, 2004 1:29 pm Post subject: |
|
|
astroc,
No, symids.sys is for Win NT/2K/XP.
Symids.vxd is for Win 98/ME.
We are STARTING to test the symids.vxd downloaded in the other thread here at Computer Cops.
No corroboration yet.
_________________
Regards,
Joseph V. Morris
'The man who was not there" |
|
Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
Posted: Tue Jun 01, 2004 3:04 pm Post subject: |
|
|
Hey Joseph, kind of figured that out after I submitted the reply...glad you are able to confirm that....about the vxd is for 98. For your info...my msvcrt.dll is version 6.1.9844.0 astroc |
|
Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 137
Location: USA
|
Posted: Tue Jun 01, 2004 3:10 pm Post subject: |
|
|
astroc wrote: |
Hey Joseph, kind of figured that out after I submitted the reply...glad you are able to confirm that....about the vxd is for 98. For your info...my msvcrt.dll is version 6.1.9844.0 astroc |
That question was asked by sonofjay; I never was sure where he was going with it and once Lurkers Anonymous confirmed having the same build, I promptly forgot about it.
Still, yours is different and that may be relevant. With luck, I think he may be home in four or five hours and that would be a good time to ask what that was about.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 137
Location: USA
|
Posted: Wed Jun 09, 2004 3:48 pm Post subject: 9 June LiveUpdate for NIS/NPF 2002? |
|
|
Has anyone received a LiveUpdate for NIS/NPF 2002 (from Symantec, of course) that corrects the problem that occurred on 12 May 2004?
I got a rather large LiveUpdate summary this morning, but it included nothing that addressed this issue. Still, that may be simply because I had already manually installed the missing file here.
It's now four weeks since the problem occurred and the solution has been well established for quite some time now and I was just curious as to whether or not Symantec has now seen fit to propagate it to its users -- not all of whom frequent this Forum.
_________________
Regards,
Joseph V. Morris
'The man who was not there" |
|
Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
Posted: Wed Jun 09, 2004 9:23 pm Post subject: |
|
|
Hey Joseph...Thanks to you and Sonofjay who pull all the info together and came up with a fix to the problem. I finally readied myself to apply Sonofjay's solution and went ahead and downloaded the offending update that caused my slow down problem in the first place. To my surprise.....no slow down symptoms at all this time. I checked my "symids.sys" file per Sonofjay's direction and it did not get deleted as before. I believe perhaps Symantec fixed the problem and due to embrassments caused by its initial Live Updates, they slipped the file back in quietly in its latest Live Updates. No fix was required and all system run smoothly. Glad this is over after almost a month of hard work from everyone involved. Regards, astroc |
|
Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 137
Location: USA
|
Posted: Thu Jun 10, 2004 8:08 am Post subject: |
|
|
From http://www.dslreports.com/forum/remark,...~start=300 , Reese Anschultz (Symantec) says
Quote: |
We are actively working on a new version of the patch that won't have this problem, and, working on a patch to fix those people that received the previous patch and are now having performance issues. Unfortunately, I don't have an ETA at this point of when we plan to release the patch. Give this most recent patch, we really want to make sure that we get it right. In the meantime, the currently suggested solution of manually putting SymIDS on the system is a safe and acceptable solution. I wish that I could offer a simpler solution, but we don't have one at this point.
When we get closer to releasing the patch, I'll provide an update. In the meantime, if anybody is interested in testing the patch before its official release, please send me an e-mail with a subject line similar to "I want to test the 2002 patch". My e-mail is .
|
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
Back to top |
|
|
astroc
Trooper
Joined: Jan 30, 2004
Posts: 24
Location: USA
|
Posted: Thu Jun 10, 2004 12:31 pm Post subject: |
|
|
Now that Reese says they are still working on a permanent fix to NIS 2002 problems...that might explain why every so often I still have IAMAPP.exe error message comes up and the system slow down....but usually after a reboot..then it is back to normal...thanks for the info JV. Regards, astroc |
|
Back to top |
|
|
jvmorris
Security Expert
Joined: Dec 10, 2002
Posts: 137
Location: USA
|
Posted: Thu Jun 10, 2004 12:44 pm Post subject: |
|
|
astroc wrote: |
Now that Reese says they are still working on a permanent fix to NIS 2002 problems...that might explain why every so often I still have IAMAPP.exe error message comes up and the system slow down....but usually after a reboot..then it is back to normal...thanks for the info JV. Regards, astroc |
This is purely speculation on my part, but ... I've noticed a slow-down on re-boot also (and also on switching accounts). I think this is likely related to the new presence of sndmon.exe or possibly sndservc.exe, both of which typically only seem to be active at re-boot or account log-on occasions.
Don't ask me what these two apps really do; I have no idea.
For example, on this old Win 98 SE box, I typically boot into the equivalent of a 'guest' account with no internet privileges whatsoever. (This is a simple-minded form of protection in the event that some visitor to the house tries to use the machine when I'm not around.) I then log-off the 'guest' account and log-on to my own user account (which is now the only User Profile actually functional here). Prior to 12 May, this was an almost instantaneous log-off/log-on procedure. However, now it takes a noticeable amount of time to accomplish. Indeed, the default 'boot' log-on to the 'guest' account seems to take at least a minute longer than it previously took.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
|
|
Back to top |
|
|
|