McAfee update is locking users out of their systems

Dark Nova Gamer

Dark Nova Gamer

Resident OS X Expert
Guru
Local time
5:38 PM
Messages
3,639
Location
Pembroke
Neowin.net said:
Wide spread reports are hitting the web that McAfee Antivirus update is causing major issues with end users PC’s. Reports are coming in that the “update to Dat 5958” is killing SVCHOST.exe.

As reports are surfacing in our forums and across the web, the issue appears to be wide spread and u2_storm is saying that “We have received thousands of reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out”. Currently the only possible solution may be to downgrade your client to downgrading to 5957 and restoring SVChost.exe.
Click to expand...

Read the full article here.
 

My Computer

Computer Manufacturer/Model Number
Custom | Whitebox
OS
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU
Intel E6750 @ 3.80GHz
Motherboard
Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory
2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card(s)
EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card
Realtek ALC888
Monitor(s) Displays
21" VIZIO TV
Screen Resolution
1680x1050 @ 60Hz
Hard Drives
Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
PSU
Corsair 750W
Case
NZXT Nemesis Elite
Cooling
Thermaltake SpinQ
Keyboard
Logitech Wireless S520
Mouse
Logitech Wireless S520 - Microsoft Wireless Arc Mouse
Internet Speed
Download: 20mbps, Upload: 3mbps
WOW! The latest is that McAfee will have a fix today 4/21/10
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self Built
OS
Windows 10 Pro
CPU
Intel i5
Motherboard
I have a fatherboard
Memory
I'm old and lost a few chips
Graphics Card(s)
Yup
Sound Card
Yup
Monitor(s) Displays
Samsung 32" UHD
Screen Resolution
3840 x 2160
Hard Drives
Samsung 860 EVO drives
PSU
450 Watt and some fans that blow
Case
Small tower
Cooling
Yes I am cool. lol
Keyboard
Who needs a keyboard?
Mouse
Logitech Laser G7 wireless
Internet Speed
Zippy fast UP and DOWN
Antivirus
I got a shot
Browser
The new Improved EDGE 2020
Cida said:
Hmm, I recommend using: Avira, Malware Anti Bytes, and Online Armor.
Click to expand...

And I recommend using Microsoft Security Essentials, but that doesn't change much for the users of McAfee right now. :)
 

My Computer

Computer Manufacturer/Model Number
Custom | Whitebox
OS
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU
Intel E6750 @ 3.80GHz
Motherboard
Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory
2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card(s)
EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card
Realtek ALC888
Monitor(s) Displays
21" VIZIO TV
Screen Resolution
1680x1050 @ 60Hz
Hard Drives
Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
PSU
Corsair 750W
Case
NZXT Nemesis Elite
Cooling
Thermaltake SpinQ
Keyboard
Logitech Wireless S520
Mouse
Logitech Wireless S520 - Microsoft Wireless Arc Mouse
Internet Speed
Download: 20mbps, Upload: 3mbps
Buggy McAfee Update

Fortunate for Windows Vista & Windows 7 folks, this only affected Windows XP PCs:

Early reports attributed the widespread problems to a routine McAfee update that caused computers with Microsoft's Service Pack 3 installed to incorrectly identify a legitimate operating system component as containing a virus.

A McAfee representative confirmed the problem to CNET, and said the buggy update code had been removed from the company's servers and that a fixed version would be made available shortly.

"McAfee is aware that a number of customers have incurred a false-positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21" at 6 a.m. PT, the company said in a statement.
Click to expand...
Buggy McAfee update slams Windows XP PCs | Security - CNET News

ICS reported that it was a false positive which identifies a regular Windows binary, "svchost.exe", as "W32/Wecorl.a", a virus.

Recovery information at ICS: McAfee DAT 5958 Update Issues
 

My Computer

OS
Windows 7 & Windows Vista Ultimate
As I understand it, the bad update affected only Windows XP, SP3 PCs, not Windows Vista or Windows 7.

McAfee released an updated DAT file, and an "EXTRA.DAT" file to fix the problem. An EXTRA.DAT file is a patch to just fix the bad signature. McAfee's support web sites currently respond slowly and are down at times, likely due to the increased load caused by this issue.
Click to expand...
More at ICS: McAfee DAT 5958 Update Issues

McAfee Knowledgebase Article: https://kc.mcafee.com/corporate/index?page=content&id=KB68780
EXTRA.DAT file: W32/Wecorl.a | Virus Profile & Definition | McAfee Inc..
 

My Computer

OS
Windows 7 & Windows Vista Ultimate
What is happening to virus programs? Last month, it was BitDefender which caused BSOD on millions of machines. I personally was a fan of Norton but I switched to Microsoft Security Essentials. People should try it =)
 

My Computer

Computer Manufacturer/Model Number
ACER TravelMate 5720
OS
Windows 7 (32-Bits)
CPU
Intel Centrino Core 2 Duo T5670
Memory
3 GB
Graphics Card(s)
Mobile Intel 965 Express Chipset Family
Screen Resolution
1280x800
Hard Drives
250 GB
Mouse
A4 Tech
Internet Speed
1024 K/Bit

My Computer

Computer Manufacturer/Model Number
Self Built
OS
Windows 7 ultimate 64 bit / XP Home sp3
CPU
intel Core 2 Duo E8400 3.0ghz
Motherboard
Asus P5ND bios 1401
Memory
8 gigs 1066 OCZ Fata1ty
Graphics Card(s)
EVGA GTX 580 Call of Duty Black Ops Edition
Sound Card
Creative Soundblaster Audigy 2zs
Monitor(s) Displays
Asus 24in LCD's 2MS X2
Screen Resolution
1920x1080p @60Hz
Hard Drives
WD Caviar 500 Black/ WD Caviar 200 Blue
PSU
OCZ 700W GameXtreme
Case
NZXT Apollo
Cooling
Corsair H50 CPU/120mm x3 /60mm x2 /Corsair Dominator Ram
Keyboard
Logitech Bluetooth Wireless MX5000
Mouse
Logitech Bluetooth Wireless MX1000
Internet Speed
Download 19.83 Upload 0.97
Other Info
Logitech Z2300 Speakers/ Bose Noise Cancelling Headphones/Avermedia PCI-e Hybrid TV Bravo/Epson NX415 all in one/ 4 Port Powered USB Hub/ LG 10x Bluray Burner /TSST Corp DVDRW External

My Computer

Computer Manufacturer/Model Number
Custom | Whitebox
OS
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU
Intel E6750 @ 3.80GHz
Motherboard
Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory
2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card(s)
EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card
Realtek ALC888
Monitor(s) Displays
21" VIZIO TV
Screen Resolution
1680x1050 @ 60Hz
Hard Drives
Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
PSU
Corsair 750W
Case
NZXT Nemesis Elite
Cooling
Thermaltake SpinQ
Keyboard
Logitech Wireless S520
Mouse
Logitech Wireless S520 - Microsoft Wireless Arc Mouse
Internet Speed
Download: 20mbps, Upload: 3mbps

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
HP PAVILION P7-1071sc,TOSHIBA P200, HP G62
OS
win7 ultimate 64bit , win7 home premium 32bit
CPU
Intel core i5 2,90GHZ
Motherboard
Sandy Bridge 32nm Technology
Memory
12GT DDR3
Graphics Card(s)
NVIDIA GeForce GT 530 2GT
Sound Card
IDT High Definition Audio CODEC
Monitor(s) Displays
Samsung SMB2330HD (1920x1080@60Hz)
Screen Resolution
1920 X 1080
Hard Drives
WDC WD5000AJS¨22A8B0 ATA 500GB
MAXTOR EXTERNAL 320GB
Keyboard
LOGITECH CORDLESS
Mouse
LOGITECH CORDLESS
Internet Speed
24MB
Antivirus
Kaspersky Internet Security 2013
Browser
Chrome,Firefox
I work for a large local hospital, and we were hit by this screw up today. I am still working on a tool to automate the fix for our tech's at offsite locations.

If the machine pulled down the bad dat file there are two methods for fixing it.

If its domain connected, you can push a gpo to the machine to copy the extra.dat file that mcafee has distributed. Then if its not working (only a small percentage of machines) boot into winpe and copy the backup copy of svchost.exe to the system32 directory.

If the machine is not domain joined the quickest solution is to boot directly to winpe and copy both files from it.
 
Last edited:

My Computer

Computer Manufacturer/Model Number
Black_Box (homebuilt)
OS
windows 7 RTM x64
CPU
Phenom II 965 Quad Core 3.4Ghz
Motherboard
Asus M4A79T Deluxe
Memory
Mushkin Blackline 8GB (4x2gb)
Graphics Card(s)
XFX Radeon 5970 Black Edition
Sound Card
onboard
Monitor(s) Displays
Dell 2408WPF-main Dell E248WFP-secondary
Screen Resolution
1920x1200-main 1920x1200-secondary
Hard Drives
OCZ Vertex Limited Edition 100GB (OS)
x1 WD Black Edition 500GB drive (Storage)
PSU
XFX 850w Black Edition (Modular)
Case
Mountian Mods H2go
Cooling
CoolITSystems ECO A.L.C.
Keyboard
Logitech MX 5500 wireless keyboard
Mouse
Razor Copperhead
Internet Speed
16Mb down/2Mb up Wowway Cable Internet
McAfee seems to be joining the "Kill XP get Windows 7" approach...:D
 

My Computer

Computer Manufacturer/Model Number
Neo Vivid V2121
OS
Windows 7 Ultimate 32-bit Version 6.1 (build 7600.16385)
CPU
Intel Pentium Dual CPU T2390 @ 1.86GHz
Motherboard
SiS M720SR
Graphics Card(s)
SiS Mirage 3 Graphics SiS627 series
Sound Card
Built-in
Monitor(s) Displays
Generic PnP Monitor
Screen Resolution
1280x800
Hard Drives
Fujitsu MHZ2160BH G1 ATA Device 160GB
Keyboard
Standard PS/2 Keyboard
Mouse
Synaptics PS/2 Port Pointing Device

My Computer

Computer Manufacturer/Model Number
Custom | Whitebox
OS
Windows 7 Ultimate, OS X 10.7, Ubuntu 11.04
CPU
Intel E6750 @ 3.80GHz
Motherboard
Gigabyte GA-EP45-UD3L (Revision 1.1)
Memory
2x2GB & 2x1GB (6GB) OCZ Reaper 1066MHz @ 1080MHz
Graphics Card(s)
EVGA nVidia GTX 260 896mb (216 Core) FTW Edition
Sound Card
Realtek ALC888
Monitor(s) Displays
21" VIZIO TV
Screen Resolution
1680x1050 @ 60Hz
Hard Drives
Western Digital WD6401AALS - 640GB
Hitachi HDP725016GLA380 - 160GB
PSU
Corsair 750W
Case
NZXT Nemesis Elite
Cooling
Thermaltake SpinQ
Keyboard
Logitech Wireless S520
Mouse
Logitech Wireless S520 - Microsoft Wireless Arc Mouse
Internet Speed
Download: 20mbps, Upload: 3mbps
April 22nd, 2010, 08:02 GMT

A malware definitions update pushed by antivirus giant McAfee to its customers yesterday contained a buggy detection routine that caused millions of computers to go into a reboot loop. The severe system instability issue resulted from erroneous blocking of the critical svchost.exe file on computers running Windows XP SP3.

The problematic update, identified as the 5958 DAT, detected the svchost.exe file on Win XP SP3 systems as being infected with new variants in the Wecorl family of malware. According to Microsoft, svchost.exe is a vital Windows system file in charge of loading services that run from DLLs.

McAfee released a corrected update, DAT 5959, hours after the bogus definition went out. However, the fix has to be deployed to affected systems manually in Safe Mode, a nightmare for IT staff in large enterprises with thousands of computers. Additionally, if the svchost.exe file has been deleted or quarantined, it must be restored from backup locations. The procedure is described in more detail in a McAfee knowledge base article associated with this incident.
Click to expand...

Source -
McAfee Definitions Update Crashes Millions of Computers - svchost.exe tagged as malicious on Win XP SP3 systems - Softpedia
 

My Computer

Computer Manufacturer/Model Number
LAPTOP. HP Pavilion dv7-4010TX .
OS
Win 7 Ultimate 64-bit. SP1.
CPU
Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory
8 DDR 3 RAM. 1066MHZ
Graphics Card(s)
ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays
17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution
1600 x 900.
Hard Drives
640GB
Case
Laptop / notebook.
Mouse
Logitech Anywhere mouse. MX.
Internet Speed
ADSL [ but too slow ]
You must log in or register to reply here.
Back
Top