Mcafee virus definition not updating
As I commented on Twitter earlier today, I'm not sure any virus writer has ever developed a piece of malware that shut down as many machines as quickly as Mc Afee did today.Here's how the SANS Internet Storm Center describes the screw-up: Mc Afee's "DAT" file version 5958 is causing widespread problems with Windows XP SP3.It can not be used to undo this bad signature because affected system will lose network connectivity.The problem is a false positive which identifies a regular Windows binary, "svchost.exe", as "W32/Wecorl.a", a virus.The good folks at Bleeping have published a tutorial that explains the process. company (see full text at end of this post) says that multiple files in addition to mght be affected and claims that simply replacing might not be enough to repair the damage. Now, it is hard to imagine picking a more crucial file to torpedo.Third party recovery tools also provide access to the file system from command-line environments.) This sort of repair is not a job for end users, certainly, and generally requires a skilled support professional. is one of the most crucial of all Windows system files.We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence. Corporate customers are likely to tally up the one-day cost of fixing this damage (or multiple days, if Engadget's report of tens of thousands of affected PCs within single companies is accurate), and they're likely conclude that it's time to find a new supplier of security software.
Back in 2009, when the Conficker worm was making the rounds, I took a close look at how Mc Afee was handling its response to the new threat and was appalled at the sloppy, error-ridden documents they published for consumers and IT professionals.Mc Afee says it has already replaced the faulty virus definitions with an updated set, so if you update your definitions using the most recent set you will not encounter this issue.The company's official recommendation for repairing the damage involves copying from a working system and manually copying it to an affected system.One correspondent says he just fixed over 300 PCs: "Looked so much like Blaster from way back. Moving clients to something with more centralized control ASAP." This issue affected a large number of users and is not resolved by simply replacing Unfortunately, using this method, you have no way to determine if some of the files you are restoring are vital system files or virus files.You must boot to safe mode, then installl the extra.dat, then manually run the vscan console.