Escape Technologies
22-Apr-10, 17:10
Computers in companies, hospitals and schools around the world slowed down or froze after an antivirus program identified a normal Windows file as a threat.
While the problem has now been identified, IT technicians are today having to deal with extra workloads to ensure their systems are protected. Antivirus vendor McAfee Inc confirmed that yesterday a software update had caused its antivirus program for corporate customers to target a harmless file, leading PCs to repeadedly reboot themselves.
McAfee posted a replacement update and said in a statement: 'We are not aware of significant impact on consumers.'
Read more: http://www.dailymail.co.uk/sciencetech/article-1267950/McAfee-antivirus-program-fault-causes-millions-PCs-shut-down.html
McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.
Q: What does the SuperDAT Remediation Tool Do?
A: The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe, if not present it will attempt a restore from %WINDOWS%\servicepackfiles\i386\svchost.exe, if not present it will attempt a restore from quarantine. After the tool is run, the machine needs to be rebooted.
Recommended Recovery SuperDAT Procedure
1. From a machine that has Internet access, locate and download the Recovery SuperDAT at http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe (http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe?elq_mid=2373&elq_cid=1458523) and save it to portable media.
2. Take the portable media to each affected machine and run the tool. If you are not able to run the tool on the affected machine, boot in safe mode
3. Execute the Recovery SuperDAT tool
4. Reboot in normal mode
5. Use the product update to update to 5959
For additional FAQs and information, go to https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=1458523&page=content&id=KB68780 (https:/kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=1458523&page=content&id=KB68780) which will remain up to date.
While the problem has now been identified, IT technicians are today having to deal with extra workloads to ensure their systems are protected. Antivirus vendor McAfee Inc confirmed that yesterday a software update had caused its antivirus program for corporate customers to target a harmless file, leading PCs to repeadedly reboot themselves.
McAfee posted a replacement update and said in a statement: 'We are not aware of significant impact on consumers.'
Read more: http://www.dailymail.co.uk/sciencetech/article-1267950/McAfee-antivirus-program-fault-causes-millions-PCs-shut-down.html
McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.
Q: What does the SuperDAT Remediation Tool Do?
A: The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe, if not present it will attempt a restore from %WINDOWS%\servicepackfiles\i386\svchost.exe, if not present it will attempt a restore from quarantine. After the tool is run, the machine needs to be rebooted.
Recommended Recovery SuperDAT Procedure
1. From a machine that has Internet access, locate and download the Recovery SuperDAT at http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe (http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe?elq_mid=2373&elq_cid=1458523) and save it to portable media.
2. Take the portable media to each affected machine and run the tool. If you are not able to run the tool on the affected machine, boot in safe mode
3. Execute the Recovery SuperDAT tool
4. Reboot in normal mode
5. Use the product update to update to 5959
For additional FAQs and information, go to https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=1458523&page=content&id=KB68780 (https:/kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=1458523&page=content&id=KB68780) which will remain up to date.