FYI - here's the posting referred to on the CNet website:
McAfee's popular antivirus software broke down on Wednesday, causing Windows XP computers to have networking problems or repeatedly reboot.
By midday Wednesday, reports began to indicate just how widespread and damaging the McAfee update was.
The University of Michigan's medical school reported that 8,000 of its 25,000 computers crashed. Police in Lexington, Ky., resorted to hand-writing reports, and turned off their patrol terminals as a precaution. Some jails cancelled visitation.
Early reports attributed the widespread problems to a routine McAfee update that caused computers with Microsoft's Service Pack 3 installed to incorrectly identify a legitimate operating system component as containing a virus.
The update effectively confused the PC's immune system, causing it to attack legitimate operating system processes in the same way that some diseases can cause the human immune system to turn inward.
A McAfee representative confirmed the problem to CNET, and said the buggy update code had been removed from the company's servers and that a fixed version would be made available shortly.
"McAfee is aware that a number of customers have incurred a false-positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21" at 6 a.m. PT, the company said in a statement.
A report at the Internet Storm Center said the McAfee update registered a false positive and flagged the Windows file svchost.exe as a virus.
The update did not seem to cripple computers running Windows Vista or Windows 7.
Compounding what seems to be a day of snafus for the Santa Clara, Calif.-based company was that it initially directed affected users to download a file from its support site. But after tens of thousands of irate users flooded into the forums, the site abruptly went offline, and began to return an error message.
McAfee has posted a Web page on a separate site with detailed instructions on how to fix XP computers that have been crashing because of Wednesday's update. It recommends manually downloading and installing an "EXTRA.DAT" file, and then restore files that have been incorrectly quarantined.
But that option requires a least a modest amount of technical ability, and as of 1 p.m. PDT, the company had not offered a better way. "McAfee is continuing to work on an automated solution," the page said. (In the meantime, click here for our guide on how to fix it.)
Updated at 1 p.m. PDT and 2:45 p.m. PDT with additional details.
Wow, Major setback for McAfee. lets use some random numbers here. Let's say that the University of Michigan has 100 IT techs that each take care of 250 computers.
But, since only 8,000 Computers are affected, SO FAR, each tech will have to fix 80 Computers. Now say it takes 30 minutes to get to and fix each of those 80 computers, now you are looking at 40 hours PER tech. Now multiply that times the 10 techs and you have the salaries of 10 techs for a full week, just for one compoany/School alone. Now multiply that times all the thousands of companies affected by McAfee.
I sure hope McAfee has a BIG check book to re-imburse these Companies.
OUCH! Can you say " Major Screw Up"?
Can i please ask to which particular update are you all referring to that has disabled your computers, this is frightening, well to me it is I am not that computer literate.
i have been posting on this thread as i do have the problems with the shutdown and the scan not working at the time it should.
But this update you are referring, i am not at all sure if I have received this update, and if I have, how can I tell this. When did the update occur please.
It was dat update 5958. The current 5959 is fine. What the issue was that the 58 dat falsely detected svchost.exe as a virus and deleted it. Of course this stopped XP booting etc. The issue seemed to be XP only.
This was at 6am ish US time. So update safe now.
Plenty news items re it around.Message was edited by: Peacekeeper on 23/04/10 8:27:39 AM
Total Protection indeed!! Last night I tried to run a scan, due to all the problems, and immediately after starting, the program shut itself down, said there was a virus and re-booted. I have not been able to get back in ever since (I'm at work now). I had to bring my PC to a technician and that will cost me probably twice what this useless program costs. I have been a MacAfee user for 3 years, but no more. I am awaiting a phone call from the techie to tell me how much damage was caused by MacAfee program and hope my programs/data can be salvaged. One more thing, next year when it is time to re-new and I refuse, i will need to keep an eye on the auto renewal settings. Even though mine was set to "no" a year ago, for some reason it was automatically changed to "yes" just before renewal date...pretty sneaky trick if you ask me. Horrible program and even worse technical help.
I had 2 machines go down at around 7pm UK time and jumped up and down for hours wondering what the heck had happened... at around 4am UK time I found the McAfee Threat Center post http://vil.nai.com/vil/5958_false.htm (dated 21 April - not the current one) which I couldn't follow as the folders mentioned didn't exist on my system... possibly the enterprise edition fix? Anyway, after being pointed to this thread via Ehapi's post I followed the steps given by and both machines now work..... phew! No sleep but at least I can work today!!!
My (non-corporate) desktop running XP Media Centre Edition SP3 did the same with this false positive I think (noted a supposedly detected Artemis! trojan at about 7.15pm) and did the whole constant restart everytime I tried a scan. Since then however it has gotten stranger, in that like one or two people it appears to have destroyed that machines internet connection, and somewhat altered the theme being used in XP.
Using the SuperDat .exe in the provided (but admittedly corporate) fix has restored svchost.exe and given some fuctionality back to McAfee Security Centre, but with the internet connection still missing, I can't replace the dat via uninstalling or updating, and the only \Engine folder I have under McAfee is in Program Files\McAfee\VirusScan\Engine which has two sub-folders. I noted the 5958 dat is in the DAT folder that sits at the same level as the Engine folder in the VirusScan directory. Not clear then whether I ought to be trying to add in the fixed DAT file and then look at the internet connection, or remove McAfee, fix the internet connection and then download an updated version.
Apologies if this isn't the right place to be posting this, but I've no idea where is exactly.
Hmmm, ok, internet connection came back up and an update has been installed saving me the trouble (but I'm still going to remove and replace with a newer version I ordered a while back mistakenly). Allthat fuss over one little file...Message was edited by: All-a-Mort on 4/22/10 6:21:07 AM CDT
Yes, the Enterprise fixes don't work for mere mortals using the home versions unfortunately. We've suggested that the two be more aligned so that could occur.
Try this. Go to C:\Program Files\McAfee\VirusScan\DAT and delete the contents of that folder. You may have to do it in Safe Mode, it's been a while since I tried it.
Reboot and right-click the McAfee icon and update it. Actually it should go straight into update mode anyway.
DAT 5959 cures the previous bad DAT.
Whoops, thought I shouldn't tried it. Oh well, the enterprise fix did sort of work, but now I have 9 svchost processes running simultaneously, 3 each of Local Service, Network Service and System. Doesn't sound right to me, but I've no idea what to do about it.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: