Yesterday, a rotten McAfee update was discovered creating severe problems in the corporate IT world. A glitch in the update was causing Windows XP users to shut down and start on a continuous reboot cycle. The number of affected corporate users may end up in the millions, but for now it is being reported that consumers shouldn't be affected.
Engadget has a timeline of updates starting from the moment the security concern was registered. According to engadget.com, "DAT update 5958 deletes the svchost.exe file, which then triggers a false-positive in McAfee itself and sets off a chain of uncontrolled restarts and loss of networking functionality." This is specifically affecting Windows XP Service Pack 3.
This blog post reveals more details regarding the activity. It explains that "roughly 800,000 PCs randomly distributed across the world automatically received the virus scan update and are now experiencing repetitive reboots." The author points out that "the computer DOES NOT have a virus, but McAfee VirusScan incorrectly believes it does."
He also notes the amount of people affected, pointing out that PricewaterhouseCoopers seemed to have a company-wide computer outage in New York and several universities including University of Illinois, Southern Illinois, Ithaca, and LSU.
McAfee has quickly jumped on the issue, sending this statement to Engadget:
McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2.00 PM GMT+1 (6am Pacific Time).
Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.
The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers. We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.
McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. McAfee apologizes for any inconvenience to our customers.
From Internet Storm Center, several readers are reporting that this procedure worked to recover:
1 - Boot the system in "Safe Mode"
2 - copy extra.dat in c:/program files/common files/mcafee/engine
3 - reboot.
If your computer is affected, please check out these sources for collective information:
ISC Update Issues
McAfee Knowledge Base
Until next time -
Chicago IT Support & Consulting
Rochester IT Support & Consulting