Skip to main content

Buggy McAfee update screws Windows XP machines. Here is the fix

If you are using McAfee anti-virus products on Windows XP and sincerely auto updating virus definition files every day, you might not be reading this at all. Yesterday, a buggy update released by the manufacturer early in the day brought Windows XP machines worldwide to it’s knees. Although the update was available for only four hours before distribution was halted it was enough to cause widespread damage.

A report on Cnet reads,

The University of Michigan's medical school reported that 8,000 of its 25,000 computers crashed. Police in Lexington, Ky., resorted to hand-writing reports and turned off their patrol car terminals as a precaution. Some jails cancelled visitation, and Rhode Island hospitals turned away non-trauma patients at emergency rooms and postponed some elective surgeries.

Intel was also hit by McAfee's bungled update.

The buggy update made the anti-virus detection engine falsely identify SVCHOST.EXE, a vital and legitimate Windows component as a malware known as W32/Wecorl.a. Affected machines keeps restarting itself.

mcafee-false-alert

Today McAfee published two solution to their massive goof-up and also released a fix. The first solution involves applying the fix and moving the quarantined SVCHOST.EXE file back to it’s proper location. If the SVCHOST.EXE is deleted and could not be found, McAfee proposed a second solution where users have to get the file from an unaffected Windows XP machine.

Here is a simplified version of the proposed fix

1. Start Windows, click Start > Run, type CMD and hit Enter.

2. At the Command prompt type 'shutdown -a' without the quotes to abort the shutdown.

3. Open McAfee and disable Access Protection and On-Access Scanner

4. Download EXTRA.DAT (the fix) and unzip.

5. Copy Extra DAT into c:\program files\commonfiles\mcafee\engine

6. Pull up the VSE console and open “Quarantine manager“

7. Click on SVCHOST.EXE and select “Restore“

8. If SVCHOST.EXE is not found in Quarantine manager, locate an unaffected Windows XP computer and copy the file from C:\windows\ServicePackFiles\i386\svchost.exe or c:\windows\system32\dllcache\svchost.exe

9. Copy SVCHOST.EXE to c:\windows\system32 using an external media (USB, CD etc.)

10. Reboot computer

11. Use the product update to update to 5959

12. Delete the Extra DAT file in c:\program files\commonfiles\mcafee\engine

Comments

Popular posts from this blog

69 alternatives to the default Facebook profile picture

If you have changed the default Facebook profile picture and uploaded your own, it’s fine. But if not, then why not replace that boring picture of the guy with a wisp of hair sticking out of his head with something different and funny?

How to Schedule Changes to Your Facebook Page Cover Photo

Facebook’s current layout, the so called Timeline, features a prominent, large cover photo that some people are using in a lot of different creative ways. Timeline is also available for Facebook Pages that people can use to promote their website or business or event. Although you can change the cover photo as often as you like, it’s meant to be static – something which you design and leave it for at least a few weeks or months like a redesigned website. However, there are times when you may want to change the cover photo frequently and periodically to match event dates or some special promotion that you are running or plan to run. So, here is how you can do that.

How to Record CPU and Memory Usage Over Time in Windows?

Whenever the computer is lagging or some application is taking too long to respond, we usually fire up task manager and look under the Performance tab or under Processes to check on processor utilization or the amount of free memory available. The task manager is ideal for real-time analysis of CPU and memory utilization. It even displays a short history of CPU utilization in the form of a graph. You get a small time-window, about 30 seconds or so, depending on how large the viewing area is.