Computers in companies, hospitals and schools around the world slowed down or froze after an antivirus program identified a normal Windows file as a threat.

While the problem has now been identified, IT technicians are today having to deal with extra workloads to ensure their systems are protected. Antivirus vendor McAfee Inc confirmed that yesterday a software update had caused its antivirus program for corporate customers to target a harmless file, leading PCs to repeadedly reboot themselves.
McAfee posted a replacement update and said in a statement: 'We are not aware of significant impact on consumers.'

Read more: http://www.dailymail.co.uk/sciencetech/article-1267950/McAfee-antivirus-program-fault-causes-millions-PCs-shut-down.html


McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.


Q: 　 What does the SuperDAT Remediation Tool Do?

A: 　 The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe, if not present it will attempt a restore from %WINDOWS%\servicepackfiles\i386\svchost.exe, if not present it will attempt a restore from quarantine. After the tool is run, the machine needs to be rebooted.


Recommended Recovery SuperDAT Procedure

1. From a machine that has Internet access, locate and download the Recovery SuperDAT at http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe (http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe?elq_mid=2373&elq_cid=1458523)　and save it to portable media.
2. Take the portable media to each affected machine and run the tool. If you are not able to run the tool on the affected machine, boot in safe mode
3. Execute the Recovery SuperDAT tool
4. Reboot in normal mode
5. Use the product update to update to 5959

For additional FAQs and information, go to https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=1458523&page=content&id=KB68780 (https:/kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=1458523&page=content&id=KB68780) which will remain up to date.

Get a Mac ;)

Get a Mac ;)

Get a life. ;)

Heh I could say:


Run Linux
Don't roll out new updates before testing them

There was a similar problem with Zone Alarm a couple of years back it completely blocked Internet access.

Heh I could say:


Run Linux
Don't roll out new updates before testing them

There was a similar problem with Zone Alarm a couple of years back it completely blocked Internet access.

Linux is an excellent 2nd alternative. I ran Ubuntu for 4 years and loved it. You need to be fairly computer literate though I believe recently it has become more user friendly - but then that makes it either copying windows or Mac? I liked Linux :)

Having just had such a problem with a customers system I can confirm it is not just corporate users who have this problem, but home users too.

See here (http://service.mcafee.com/faqdocument.aspx?id=TS100969&lang=en_US&prior_tid=2&AnswerID=16777216&turl==http%3A%2F%2Fkb.mcafee.com%2Finfocenter%2Fin dex%3Fpage%3Dcontent%26id%3DTS100969%26actp%3Dsear ch) for repair details - if you run a McAfee anti-virus product and your taskbar has changed and/or you're getting connection problems or have lost connection completely (or any of the other symptoms in the link) then this could be the reason.

Unfortunately this wouldn't allow me to start in Safe Mode as McAfee suggested, so I attached the hard drive to another system, deleted the DAT folder and replaced the svchost.exe file, then reinstalled the drive back into the host PC again. When XP started up everything was back to normal, and the system simply required the anti-virus update to be done.

I really want to know what sort of corporate customer, or for that matter what sort of idiot sysadmin rolls out live updates on the day of release to a production system without any testing at all and why that guy still has a job. I can sort of understand home users.

EDIT: If the application got them automatically, then why did the admin not check that or why did he set it up that way. You should be rolling out updates from an internal master update server anyway.

I wouldn't touch McAfee with a barge pole having used it briefly years ago. ESET is much better and they have excellent technical support.

I'm one of the unfortunate ones who has McAfee and it won't work!!!

oh no...iv choost updated ma mcafee, cost me 40 kwid for 'e year :eek:

While I'm no fan of McAfee it is better than Norton. Just ensure you keep it up-to-date & I'm sure they will have resolved the problem with that particular update file by now.

That's my computer fixed now it took me nearly a day but I followed instructions found on the chat room bit on the McAfee web site and they worked. The official instructions didn't work!!! Ended up being in a technical helpline que for over 30mins before I gave up!!
I'm so happy now it's working, I'm off to take my photos off to back them and everything else up.........just in case!!

well now you've got it going
take maccy crap off
and put microsoft security essentials on

it s free and 1000;s times better,

dx

i da ken dx, i tried ivrythin includin microsoft, an it wis only when i paid for mcafee that i got rid o' ma worms....

i always like to recommend running one of the many online scanners first before relying on an 'installation' of a virus scanner to cure an existing issue.

dx

Have just carried out this procedure on another customer's PC and note that McAfee's recommendation to copy the svchost.exe file from another location (Windows\dllcache) is all very well, but on both occasions now the svchost.exe file has been completely wiped from all locations on their PC's!!!

Thankfully I've had access to another XP SP3 system and have copied the file from there into the Windows\System32 folder on the problematic PC which, on rebooting, then seems to solve it.

NOTE: Have just discovered that McAfee have posted a one-click fix on the page I linked earlier :D - much handier!