SYMPTOMS:
After the Symantec, Norton, etc. virus definition update labeled '12/15/2008 rev. 4' we are experiencing a known issue where our main services are not working. If you have a Symantec or Norton antivirus product, you may notice that your ADOCALC, GNR and other OPS NT services are no longer operational. If you investigate further, you will notice that your OPS SQL services are no longer running, nor are they listed in the Windows Services Manager.
UPDATE: this is also an issue for McAfee Virus Protection products as well after a similar virus definition update on 12/15/2008.
CAUSE:
This situation is caused by the virus definition update mentioned above. This update causes the OPS SQL NT Services to be falsely identified by the antivirus program as an "Infosteeler", which is a form of virus. Once labeled a virus, the services are uninstalled and the associated executables are deleted from the system.
WORK-AROUND:
We are currently working with Symantec to ensure that our NT services are not identified as a virus in the future. However, as the solution is not here yet, we have a temporary work-around that will remedy the situation for now:
 |
UPDATE: Symantec has informed us that they have removed this detection from all future virus definitions. All virus updates after 12/17/2008 will no longer include this detection and therefore the OPS Services executables will not be removed. If your files have been removed prior to this update, please fell free to proceed below or call us for assistance. Though, you should not need to change any settings in your Symantec Antivirus, you will just need to restore the executables and use the batch files to install the services again. Note: McAfee has not given such a notification and this may still be an issue if you are using their software, though we are also working with McAfee to correct the situation. |
We have developed a work-around for our clients using the affected antivirus programs. The current work-around is to go into your antivirus' settings on the system that is running the OPS SQL NT services. Once in the setting, there should be a section called "File System Auto-Protect" (shown below in the Symantec Antivirus application). In this section you can set exclusions for the auto-protect so that it does not scan for viruses in certain locations:
Now that the antivirus is no longer a threat, we need to reinstall the services. This can be done from an installation CD; however, it may be easier to have OPS assist you in this. We can help you download the executable files deleted by the antivirus and then simply run a quick batch (.bat) file that is already on your system to install each service.
NOTE: Be sure that a service has been unistalled and deleted before you attempt to restore it. (Do not restore services that have not been affected)
The executables that are deleted by this virus definition update are (assuming default C:\OPSSQL\ installation):
C:\OPSSQL\ntgnr.exe
C:\OPSSQL\AdoCalc\ntadocalc.exe
C:\OPSSQL\DbaHelper\ntdbahelper.exe
and possibly C:\OPSSQL\LiveUpdate\ntliveup.exe
Once these files are restored on the affected system, there are batch (.bat) files on your system that can quickly reinstall each service:
| Ado Calc: |
C:\OPSSQL\adocalc\service_install.bat |
| GNR Server: |
C:\OPSSQL\service_install.bat |
| DBA Helper: |
C:\OPSSQL\DbaHelper\service_install.bat |
| Live Update: |
C:\OPSSQL\LiveUpate\service_install.bat |
Once these are run, the respective service should be reinstalled on the system and listed in the Windows Services Manager. (In Windows: <Start> <Run> [Services.msc] <Ok> )
If they are listed there, they may not be running. Start each service and the problem is remedied for now. Again, we are working diligently with Symantec to find a permanent fix to this problem.
UPDATE: This situation also pertains to a similar executable used in our interfaces: ntinterface.exe in the interface installation folder. The same work-around will work for this situation.
To obtain fresh copies of the executables that are deleted or if for any reason you would like our assistance, as always, give us a call: (800) 677-0067