McAfee's svchost.exe SNAFU

RSS

On Wednesday, millions of computers came to a dead halt when McAfee mistakenly identified a normal Windows update file (svchost.exe) as infected with the malware Wecorl.a, causing machines to either crash or enter an endless reboot cycle. This false positive affected Windows XP SP3 systems across the board, disabling computers in schools and hospitals, and even halting production lines in some industries.

McAfee quickly called the troops into action, dedicating its staff of more than 7,000 to fixing the problem. Barry McPherson, McAfee's executive vice president for customer support, said the company's staff on Wednesday was "focused on two things, in this order: First, help our customers who have been affected by this issue get back to business as usual. And second, once that is done, make sure we put the processes in place so this never happens again."

The company's official response to the false positive issue, from the McAfee website, is as follows:

  • McAfee is aware that a number of customers have incurred a false positive error due to the release of the 5958 virus definition file at 2:00 p.m. GMT+1 (6 a.m. PDT) on Wednesday, April 21.
  • Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3. If you are one of those impacted, we understand that this is a significant event for you and we’re very sorry.
  • McAfee is taking every measure to prevent this from reoccurring.
  • McAfee employees are working with the highest priority to support impacted customers. We have released updated virus definition files that do not contain the problem (DAT 5959 and higher) and are providing customers with detailed guidance on how to repair impacted systems.

Hackers of course quickly jumped on the bandwagon, putting up websites that claimed to help you solve the problem but instead led straight to malicious links. If you fell victim to McAfee's false positive issue this week, go directly to McAfee's website for information and help.

Please or Register to post comments.

What's Security Blog?

Security news, views, product reviews, and solutions for Microsoft Windows IT professionals.

Blog Archive