Switchfast Blog: The Future of IT
McAfee Glitch Shutting Down Corporate Computers Worldwide
Thursday, April 22, 2010 by Bryan Anderson
Yesterday, a rotten McAfee update was discovered creating severe
problems in the corporate IT world. A glitch in the update was
causing Windows XP users to shut down and start on a continuous
reboot cycle. The number of affected corporate users may end up in
the millions, but for now it is being reported that consumers
shouldn't be affected.
Engadget has a timeline of updates starting from the moment
the security concern was registered. According to engadget.com,
"DAT update 5958 deletes the svchost.exe file, which then triggers
a false-positive in McAfee itself and sets off a chain of
uncontrolled restarts and loss of networking functionality." This
is specifically affecting Windows XP Service Pack 3.
This blog post reveals more details regarding the
activity. It explains that "roughly 800,000 PCs randomly
distributed across the world automatically received the virus scan
update and are now experiencing repetitive reboots." The author
points out that "the computer DOES NOT have a virus, but McAfee
VirusScan incorrectly believes it does."
He also notes the amount of people affected, pointing out that
PricewaterhouseCoopers seemed to have a company-wide computer
outage in New York and several universities including University of
Illinois, Southern Illinois, Ithaca, and LSU.
McAfee has quickly jumped on the issue, sending this statement
McAfee is aware that a number of customers have incurred a
false positive error due to incorrect malware alerts on Wednesday,
April 21. The problem occurs with the 5958 virus definition file
(DAT) that was released on April 21 at 2.00 PM GMT+1 (6am Pacific
Our initial investigation indicates that the error can result in
moderate to significant performance issues on systems running
Windows XP Service Pack 3.
The faulty update has been removed from McAfee download servers
for corporate users, preventing any further impact on those
customers. We are not aware of significant impact on consumer
customers and believe we have effectively limited such
McAfee teams are working with the highest priority to support
impacted customers and plan to provide an update virus definition
file shortly. McAfee apologizes for any inconvenience to our
From Internet Storm Center, several readers are
reporting that this procedure worked to recover:
1 - Boot the system in "Safe Mode"
2 - copy extra.dat in c:/program files/common
3 - reboot.
If your computer is affected, please check out these sources for
ISC Update Issues
McAfee Knowledge Base
Until next time -
Chicago IT Support &
IT Support & Consulting