Virus protection software like Norton
Antivirus and McAfee Total Protection are supposed to protect your personal
machines (along with corporate machines) -- they're not supposed to
wreak havoc on your system. Well, McAfee has quite a crisis on its
hands today and we're sure that IT admins across the globe are
probably going crazy right now.
According to the New
York Times, McAfee issued a routine software update today
(5958 DAT) which detected a false positive for the
w32/wecorl.a virus in svchost.exe. As a result, McAfee
deletes the file and systems running Windows XP SP3 began a
continuous reboot into hell.
McAfee has issued the following
statement regarding the serious problem according
to Krebs on Security:
McAfee is aware
that a number of customers have incurred a false positive error due
to incorrect malware alerts on Wednesday, April 21. The problem
occurs with the 5958 virus definition file (DAT) that was released on
April 21 at 2.00 PM GMT+1 (6am Pacific Time).
investigation indicates that the error can result in moderate to
significant performance issues on systems running Windows XP Service
update has been removed from McAfee download servers for corporate
users, preventing any further impact on those customers. We are not
aware of significant impact on consumer customers and believe we have
effectively limited such occurrence.
are working with the highest priority to support impacted customers
and plan to provide an update virus definition file shortly. McAfee
apologizes for any inconvenience to our customers.
For those that need an immediate fix
for the problem, please
visit this McAfee webpage for detailed steps to get your machine
up and running. Unfortunately for now, it appears that this fix must
be applied to each and every machine individually and cannot be
deployed from a central location – oops.