Windows XP users, be warned. If you are using McAfee Antivirus, then do not apply DAT update 5958. Apparently, this update causes McAfee to delete svchost.exe, which in turn sets off a chain of events that ends up messing up Windows XP installations. Affected systems will display the following error message and automatically initiate a system restart.
If you have already installed DAT update 5958, then it is best to perform a rollback (from Tools–>Rollback DAT). In the meantime, exercise caution if you get any alerts related to the detection of W32/Wecorl.a. In all likelihood, it is a false positive that can brick your system. If case your system has already been affected, you can stop the infinite restart loop by entering shutdown a in the Run command box (Win+R).
Bungled McAfee updates are nothing new. However, this is obviously a big screw up. At the moment, McAfee is undoubtedly working behind the scenes to rush through a fix. However, even that may be too late, as possibly thousands of perplexed users worldwide have already been affected by this glitch.
image courtesey: ChevyGuys.com
Update: The update has now been pulled from McAfee’s servers. Here is the statement McAfee issued to Engadget:
McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2.00 PM GMT+1 (6am Pacific Time).
Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.
The faulty update has been removed from McAfee download servers for corporate users, preventing any further impact on those customers. We are not aware of significant impact on consumer customers and believe we have effectively limited such occurrence.
McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. McAfee apologizes for any inconvenience to our customers
According to early speculation, the number of affected system should be in hundreds of thousands. At the moment, the very least McAfee can do is acknowledge the gravity of their mistake. Bricking a system is not equivalent to causing moderate to significant performance issues.