This has been reported as being a False Positive. The interpretation to me is that it thinks that something was infected, in this case the “svchost.exe” and deleted it. This is what I was getting on the blogs.

First of all when I received the computer for repair I was not able to use the mouse or keyboard.  After reading the blogs about the “svchost.exe” file being missing I went to the C: drive via an external Linux program.  Replaced the missing “svchost.exe” file into C:\Windows\System32 and into C:\Windows\System32\dllcahce, even thou non of my WinXP computers have this file in such a folder.

Rebooted the computer into native WinXP Pro and I now had mouse and keyboard control but within about three minutes a “System Shutdown” message popped up.  I stopped the shutdown with the following command, “shutdown –a”.  All well and good to a point and that point being that very few commands will work. Functions like copy, install, networking devices, computer management services, install and many others did not function.

Discovered that even thou I was able to get into windows the “svchost.exe” file was gone out of C:\Windows\System32.

To make a long story short, I discovered that the McAfee dat files were the virus.  It was the dat files that were deleting the “svchost.exe” file.  I would consider this the virus and not a false positive.

Deleted the dat file while in safe mode but was not able copy “svchost.exe” even from the cmd window.

Rebooted back into the Linux remote and copied the “svchost.exe” into C:\Windows\System32.  Rebooted back into WinXP pro with normal results and no “System Shutdown” message.

My conclusion is:

The McAfee dat folder needs be deleted first then replenish the deleted “svchost.exe” from outside of the Windows operating system.  This could be done with the Repair Console.  I very ware use such anymore now that I have the remote Linux boot option.

Hope this have at least helped one person.

TWS

HAPPY PC COMPUTING

Add me to the list.

Running XP SP3, Windows and McAfee all up to date, etc. System uses Mirrored Raid setup.

System is running fine, then ...bang! ...  DCOM blue screen. From there, nothing worked the way it should and it looked like a nasty trojan or rootkit had taken over (little did I know).

I didn't find out about the bad DAT file until days later while using a different computer. At that point I was already deep into testing and it's hard to tell how much more damage was done due to all of the BSODs I had.

I won't go into all of the details since everyone has already mentioned them, but let's just say that I took every step I could to find the "problem" and fix my system:

- tested RAM (Dell sent me replacement RAM (4GB) and a video card to try because of how screwed up everything was and nothing could be nailed down as a cause)

- ran every possible rootkit scanner / online scanner / utility I could (both safe and normal modes) - no errors found.

- ran Dell's diagnostics for 2-1/2 days solid - no errors found

- as a last resort, pulled one of my raid drives, put it in a USB enclosure and ran every test possible from another computer - no problems found on the drive and nothing changed.

- transferred documents from system drive to an external drive; scanned that drive with every utility I have - no problems found.

- put system drive back in, booted ... crash

- booted from second system drive ... crash

- did system restore from Dell's partition

Maybe I'm just one of the "lucky" ones to have had as many problems as I did, but I can say that it has been one of the longest, most stressful weeks I've had in a long time. I can't even imagine what someone would have charged me to do everything I tried.

My subscription runs out in about 10 days. Maybe that's a good thing.