Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Update on TrendMicro Pattern 594 Issue; W2K Mainstream Support Ending June 30, 2005; My Computer Has a Rash SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Update on TrendMicro Pattern 594 Issue; W2K Mainstream Support Ending June 30, 2005; My Computer Has a Rash

Update on TrendMicro Pattern 594 Issue

If you came in to the office this morning, are running a Windows OS on your computer, your computer CPU is maxing out close to 100% utilization and you have a TrendMicro antivirus product installed, please go to the link referenced below.

As reported in the diary on
and on
, TrendMicro had a problem with their Patterm 594 update released Friday afternoon around 15:30 PDT. They have now posted an explanation of the cause and solution on their site .

Juha-Matti posted this morning and provided two links

about the impact the TrendMicro pattern update had this weekend on East Japan Railways.

Feedback from ISC Posters

Here's what some of you had to say about this issue:

Anonymous -- "So that's what happened to cause me to spend 5 hours rebuilding my home computer on Saturday!!! Just thought it had to do with a new motherboard install--- but NOOOOO!!!"

Bob - "This was a tough one to diagnose, over the past 10 years, I've just gotten used to auto deploying new signatures without thought. Of course, you don't suspect signatures to be the issue, took hours to identify, THANK YOU SANS!!!!! Packet capture after capture, systems shutdowns, switch, firewall, driver resets later, we finally reactivated our outside connectivity and of course, ISC.SANS.ORG being my HOMEPAGE, we were blessed with your ID of 594 issues. Sure as shineola,
dropping 594 AND then rebooting, voila."

Drew -- "Thank you so much for posting about that definition file! we were fighting @ the hospital for over 6 hours before we found this document, and after we realized what had happened, the network was back up in less than an hour!!"

Paul -- "I just need to vent about the trend problem. First I'd like to say thank you to SANS for posting the information. I wasted three hours of my life trying to bring my system back for a complete lockup! Once the new sigs were loaded blam my system is back to normal. What is the average user going to do? They don't know how to boot their systems up in diagnostic mode? How is their TM client going to get out to the internet to pull the new sigs if the system is pegged at 100%, I mean pegged, not even a chance. How is the average Trend customer going to find out about the problem, go on the internet and read about it? I DON'T THINK SO. They need to sent an alert out.

W2K Mainstream Support Ending June 30, 2005

Microsoft will be ending Mainstream Support for the Windows 2000 product family on June 30, 2005. Extended Support will continue for a further 5 years until June 30, 2010. One of the main differences after this date is that non-security related hotfixes will require an seperate per-incident support contract (and will probably not be available as quickly).

For more information about the Windows 2000 status change, go

My Computer Has a Rash

Brian Krebs has a nice
blog entry on what might happen if your computer visits "some of the seamier online neighborhoods" on the Internet.


78 Posts
Apr 25th 2005

Sign Up for Free or Log In to start participating in the conversation!