Oh dear, McAfee fouls up

Rik · Apr 23, 2010, 10:27:41

The BBC reports that:

QuoteThousands of PCs around the world have been paralysed by a security update that wrongly labelled part of Windows as a virus.

The update was sent out by security firm McAfee and made affected PCs endlessly restart.

Corporate customers of McAfee seemed to be hardest hit but some individuals reported problems too.

McAfee apologised for the mistake and released a fix to ensure PCs started working again.

The problems were caused by an update to the long list McAfee's anti-virus uses to identify which programs are malicious.

McAfee's 5958 update wrongly identified the Windows svchost.exe file as the wecorl.a virus. This worm tries to replace an existing svchost file with its own version to help it take over a machine.

The update wrongly labelled svchost as the virus and then quarantined it. This caused many PCs to crash as Windows uses many copies of the file to keep the operating system going.

Makes you feel really confident in their products, doesn't it.

Gary · Apr 23, 2010, 10:29:39

Considering it effected Intel badly that says alot it was mostly the corporate client I believe

Rik · Apr 23, 2010, 10:30:45

Intel outside?

Gary · Apr 23, 2010, 10:33:37

Quote from: Rik on Apr 23, 2010, 10:30:45

Intel outside?

Glenn · Apr 23, 2010, 11:03:16

I came to work yesterday, to find with 4 PC's with the problem. It only takes 30 minutes each to get them back up and running.

Rik · Apr 23, 2010, 11:04:03

What's the fix, Glenn, presumably it has to be done outside of Windows?

Glenn · Apr 23, 2010, 11:06:31

Here we go http://vil.nai.com/vil/5958_false.htm

Rik · Apr 23, 2010, 11:08:17

Not very tidy, is it?

Simon · Apr 23, 2010, 11:09:49

Doesn't a simple System Restore work?

Glenn · Apr 23, 2010, 11:11:01

Basically boot from a cd, replace the svchost file (must be from the same OS version), run the 5959xdat.exe file, then reboot, it should all then be working.

Glenn · Apr 23, 2010, 11:12:44

Quote from: Simon on Apr 23, 2010, 11:09:49
Doesn't a simple System Restore work?

No idea, Simon, the PC's here have system restore disabled by group policy.

Gary · Apr 23, 2010, 11:16:07

Quote from: Simon on Apr 23, 2010, 11:09:49
Doesn't a simple System Restore work?

System restore is not always the most elegant way to do things at home, so in a corporate environment I imagine its hardly ever used.

zappaDPJ · Apr 23, 2010, 12:20:07

I think McAfee should be congratulated. It's the first time I've heard of it stopping anything, including a virus

Seriously, the number of times I've had to deal with a compromised PCs that have had McAfee installed and fully up-to-date is lamentable.

Rik · Apr 23, 2010, 12:24:44

I know what you mean, Zap. I lost faith in them years ago. Curiously, back in the days of Compuserve, the sysops/wizops (mods/admins) were given free issue of both Norton and McAfee so that we could check files before they were uploaded to our libraries. Then, I preferred Norton, but I soon got over that.

zappaDPJ · Apr 23, 2010, 12:29:02