Symantec Antivirus DWHxxxx.tmp Bogus Trojan Horse

Recently one of my users had thousdands and thousands of files in the quarantine
All of them aparently trojan horse risks
All the files began with DWH ending with .tmp
This is infact symantec live update wizard DWHWIZRD.EXE trying to download updates available for the symantec application group rather than obtain the latest virus update list.

In doing so the real time scanner Rtvscan.exe identifies the temp file as a trojan, so depending on the rules in the risk settings will depend on what should happen when risks are found, it either deletes the file or quarantines it, and low and behold the update wizard starts to download the file again.

To resolve the issue (this time), login as an administrator of sorts be it domain or local. Locate the symantec liveupdate folder typically %system%\progam files\symantec\liveupdate and run the LUALL.exe
This will kick off the live update manually, follow the wizard steps until its complete then reboot.

This will likely happen again in the future until symantec either come up with a solution in one of the updates.

Note: this only appears to happen to users that are not part of the “local admin” group of the pc in question.

ASP.NET Custom Table and Object Caching How To

Preface
We have a very complex website, it involves recording everything that is ever rendered and some complex randomising of what we render. Our website is basically a pay per click revenue stream.

The Problem
Ok so the problem is, we rely on caching of a select number of data tables, this may sound silly to do but we are careful and we dont exceed the hardware capacity of the machine, and alas there is no other suitable method for us. The setup we have is IIS running in State Server mode using the ASP.NET state server Windows Service. Some of you will already know this is based on an XML filesystem structure to hold everything that gets placed into the cache.
Now for some reason state server started to break down and cause table and row corruption, we never managed to nail down why this was occuring since ASP.NET Datatables can be serialised and deserialised seemlessly from and to XML we concluded it was to do with asynchronous access to the objects in the cache breaking down. We needed to resolve the problem and we needed to do it now, I decided to write our own caching class that would sit in the Application Object.

The Solution
So a few basic rules here
1. The Class lives in the application object ergo when the website restarts the class disintigrates and re instantiates
2. The Class must be able to handle asynchronous access
3. The Class must offer similar features as ASP.NET cache, ie specifying lifetime of objects
4. The Class must also run maintenance on itself as a result of requirement 3
5. The Class must support Add, Get, Remove of datatables and objects

Ok so now we have some ground rules, it took me about a day to write, and the finished product should be attached to this post.

In your App_Code folder drop these three files (obviously rename them to .vb first).
ApplicationCache
itimer
SiteStart

Now heres how to use it.
1. Instantiate the class in the Global.asax file Application_Start routine (brings everything to life)
2. Attach a new timer to the maintenance event of the class _RunMaintenance (tells itself to cleanup)
3. Start the timer in a new thread .RunAsNewThread (opens the timer in a thread seperate from the application object, we like this seperation)
4. Add the class to the application object (so you can access it from anywhere in the app)

So starting in your global asax

Heres the code snippet you can use as an example of starting the class up, this can been seen inside SiteStart

OK so now the class is active how do i call it i hear you ask, well you have a choice.
If you have a base page then add this to it

If you dont then in your code behind file do this

Once you have done one of the above you can make the calls like so

Or

The reason we start a timer in a seperate thread is because we want to call the maintenance routine periodically and the only way to keep a timer allive from the application_start is to create a seperate thread, forget trying to place it in the application object or cache because it wont stay runtime, it will be deserialised into a static xml structure describing how to rebuild it.

Thats about it. You could attached a sub rountine that writes an information event to the windows event log when it runs, so you can make sure it works. You could also create a page that pulls out the current state of the class, ie how many tables its holding, what the names are etc etc.

Using EXISTS with variable tables

I ran into a need to use EXISTS with a variable table yesterday and thought it might be nice to make it available to others.

As you can see all you need to do is enclose the variable table in [ ].

TSQL Pull file into binary field

Ok so i needed a fast way to import a file from the filesystem straight into a binary database field
It couldnt be easier with OPENROWSET.
Here is how

simple as that
——————————-
Ok so I have an update to make here. In most cases the file your trying to pull up from the filesystem does exist, but wouldnt it be nice to make sure it does before you go ahead, well here’s how do it using xp_fileexist.
I’ve also left the snippet that will tidy up filename UNC’s of the ‘ character. If you tidy it before the file exist test, the test will fail since it already does this. Be sure to leave it between the exist test and the openrowset call.