Symantec AntiVirus creates an application error in VPC32.exe and Webshell.dll

Article:TECH100581  |  Created: 2004-01-16  |  Updated: 2004-01-22  |  Article URL http://www.symantec.com/docs/TECH100581
Article Type
Technical Solution


Environment

Issue



You have installed Symantec AntiVirus Corporate Edition 8.0 build 374 and encounter a crash in application VPC32.exe, module Webshell.dll.


Solution



Symantec is currently unable to reproduce this issue. However, there have been no significant reports of this issue occurring on SAV CE 8.0 builds greater than 374. It is recommended that an affected client be upgraded to the latest build.

To determine if you should upgrade
  1. Search the file VPC32.exe.
  2. Right-click on the file and select properties.
  3. On the Version tab if the version listed is 8.0.0.9374 and you have encountered the issue, contact technical support to obtain the latest build of SAV 8.0. For Platinum customers, you can download the latest build from the Symantec Platinum Web site. If you have a later version, and have seen this issue, continue on to the next section "Other possible causes."

Other possible causes
VPC32 related errors can also be caused by klez and other worm or virus infections that damage Norton AntiVirus itself. In such a state, it can no longer detect and repair the virus. Thus, your first step should be to visit the Symantec Security Response site. Then, under Virus Definitions, select the Free Online Virus and Security Check option to scan for a viral infection. If no infected files are found, Symantec Technical Support recommends searching our knowledge base for other VPC32 related documents. If infected files are found, Symantec Technical Support recommends scanning the infected computer from a non-infected computer, or using the klez source and clean-up tools.

To scan the infected computer from a non-infected computer
  1. From a client that is not infected, create a network map to the infected client's drive.
  2. Perform a manual scan of that mapped drive.

To use the klez source and clean-up tools
  1. Download the source tool by following the instructions within the document How to determine the source of a W32.Klez virus infection.
  2. Download and run the klez fix tool.





Legacy ID



2004031612511348


Article URL http://www.symantec.com/docs/TECH100581


Terms of use for this information are found in Legal Notices