Text only | Text with Images

IDNetters Forums

Technical News & Discussion => Windows News & Discussion => Topic started by: Rik on Apr 23, 2010, 10:27:41

Title: Oh dear, McAfee fouls up
Post by: Rik on Apr 23, 2010, 10:27:41
The BBC (http://news.bbc.co.uk/1/hi/technology/8636985.stm) reports that:

QuoteThousands of PCs around the world have been paralysed by a security update that wrongly labelled part of Windows as a virus.

The update was sent out by security firm McAfee and made affected PCs endlessly restart.

Corporate customers of McAfee seemed to be hardest hit but some individuals reported problems too.

McAfee apologised for the mistake and released a fix to ensure PCs started working again.

The problems were caused by an update to the long list McAfee's anti-virus uses to identify which programs are malicious.

McAfee's 5958 update wrongly identified the Windows svchost.exe file as the wecorl.a virus. This worm tries to replace an existing svchost file with its own version to help it take over a machine.

The update wrongly labelled svchost as the virus and then quarantined it. This caused many PCs to crash as Windows uses many copies of the file to keep the operating system going.

Makes you feel really confident in their products, doesn't it.
Title: Re: Oh dear, McAfee fouls up
Post by: Gary on Apr 23, 2010, 10:29:39
Considering it effected Intel badly that says alot it was mostly the corporate client I believe :eyebrow:
Title: Re: Oh dear, McAfee fouls up
Post by: Rik on Apr 23, 2010, 10:30:45
 ;D

Intel outside? ;)
Title: Re: Oh dear, McAfee fouls up
Post by: Gary on Apr 23, 2010, 10:33:37
Quote from: Rik on Apr 23, 2010, 10:30:45
;D

Intel outside? ;)
;D
Title: Re: Oh dear, McAfee fouls up
Post by: Glenn on Apr 23, 2010, 11:03:16
I came to work yesterday, to find with 4 PC's with the problem. It only takes 30 minutes each to get them back up and running.
Title: Re: Oh dear, McAfee fouls up
Post by: Rik on Apr 23, 2010, 11:04:03
What's the fix, Glenn, presumably it has to be done outside of Windows?
Title: Re: Oh dear, McAfee fouls up
Post by: Glenn on Apr 23, 2010, 11:06:31
Here we go http://vil.nai.com/vil/5958_false.htm
Title: Re: Oh dear, McAfee fouls up
Post by: Rik on Apr 23, 2010, 11:08:17
Not very tidy, is it? :(
Title: Re: Oh dear, McAfee fouls up
Post by: Simon on Apr 23, 2010, 11:09:49
Doesn't a simple System Restore work?
Title: Re: Oh dear, McAfee fouls up
Post by: Glenn on Apr 23, 2010, 11:11:01
Basically boot from a cd, replace the svchost file (must be from the same OS version), run the 5959xdat.exe file, then reboot, it should all then be working.
Title: Re: Oh dear, McAfee fouls up
Post by: Glenn on Apr 23, 2010, 11:12:44
Quote from: Simon on Apr 23, 2010, 11:09:49
Doesn't a simple System Restore work?

No idea, Simon, the PC's here have system restore disabled by group policy.
Title: Re: Oh dear, McAfee fouls up
Post by: Gary on Apr 23, 2010, 11:16:07
Quote from: Simon on Apr 23, 2010, 11:09:49
Doesn't a simple System Restore work?
System restore is not always the most elegant way to do things at home, so in a corporate environment I imagine its hardly ever used.
Title: Re: Oh dear, McAfee fouls up
Post by: zappaDPJ on Apr 23, 2010, 12:20:07
I think McAfee should be congratulated. It's the first time I've heard of it stopping anything, including a virus  ::)

Seriously, the number of times I've had to deal with a compromised PCs that have had McAfee installed and fully up-to-date is lamentable.
Title: Re: Oh dear, McAfee fouls up
Post by: Rik on Apr 23, 2010, 12:24:44
I know what you mean, Zap. I lost faith in them years ago. Curiously, back in the days of Compuserve, the sysops/wizops (mods/admins) were given free issue of both Norton and McAfee so that we could check files before they were uploaded to our libraries. Then, I preferred Norton, but I soon got over that. ;D
Title: Re: Oh dear, McAfee fouls up
Post by: zappaDPJ on Apr 23, 2010, 12:29:02
 ;D
Text only | Text with Images