Remediation issue for "Adware.Agent" definition

Version 1

    LANDesk Security and Patch News</span>

    </div>

    LANDesk Security Suite

    LANDesk recently identified an issue with Security Suite Spyware remediation.

    Remediating

    the Adaware.Agent with LANDesk Spyware database version 222 on a

    Windows 2000 SP4 Machine with the Microsoft Hotfix KB908531 applied

    will delete the SHELL32.DLL file as part of the remediation

    To

    verify the version of the Spyware database open the dbrevision.txt file

    the, number listed in the file is the version. This file is located in

    \Program files\LANDesk\ManagementSuite\ldlogon\spyware directory

     

    This spyware database was only available Monday August 6, 2007, to Tuesday August 7, 2007

     

     

    Prevention Steps

    Turn off

    the autofix option for the Spyware definition "Adware.Agent" and then

    move it to the "Do Not Scan" folder. In order for changes to take

    effect on the client, a Security Scan for Spyware must be ran.

    OR

    If the version in the dbrevision.txt is 222 then the steps below will update the database file to a different version.

     

    Delete

    all *.lrd files from the \Program

    files\LANDesk\ManagementSuite\ldlogon\spyware directory and re-download

    the Spyware content.

     

     

    In order to tell if machines have

    repaired this spyware content run the following SQL statement that

    corresponds with your database.

    SQL

    SELECT DISPLAYNAME

    FROM COMPUTER WHERE COMPUTER_IDN IN(SELECT COMPUTER_IDN FROM

    PATCHHISTORY WHERE PATCH = 'ADAWARE.AGENT' AND ACTIONCODE = 7 AND

    ACTIONDATE &gt; '2007-Aug-06')

    ORACLE

    SELECT DISPLAYNAME

    FROM COMPUTER WHERE COMPUTER_IDN IN(SELECT COMPUTER_IDN FROM

    PATCHHISTORY WHERE PATCH LIKE 'Adawre.Agent' AND ACTIONCODE = 7 AND

    ACTIONDATE &gt;= '06-Aug-07')

     

    Remediation Steps

    Download the FixShell32.zip file attached to this article. Unzip the attached file. Copy the FixShell32.ini file to the ManagementSuite\Scripts directory on the core server.Go to Tools | Distribution | Manage Scripts Tool. Select “All Scripts” and Right-click “FixShell32” and choose Schedule.The Scheduled Tasks window will open. Drag affected computers to this task. Note: If non-affected computers are targeted for this task, the task will have no effect other than the machine being rebooted. The script renames the Shell32.dll.bak file to Shell32.dll and then reboots the targeted computer.