Help - Search - Members - Calendar
Full Version: Mcafee update causes Windows to crash
The CD Forum > The CD Forum > Windows2000/XP/Vista/Windows7 CDs/DvDs
Ben_Mott
this is where Bart PE comes handy

Hello again ,
this is from BBC :
Security update hits Windows PCs

Windows uses lots of copies of the svchost file


Thousands of PCs around the world have been paralysed by a security update that wrongly labelled part of Windows as a virus.

The update was sent out by security firm McAfee and made affected PCs endlessly restart.

Corporate customers of McAfee seemed to be hardest hit but some individuals reported problems too.

McAfee apologised for the mistake and released a fix to ensure PCs started working again.

Thousands hit

The problems were caused by an update to the long list McAfee's anti-virus uses to identify which programs are malicious.

McAfee's 5958 update wrongly identified the Windows svchost.exe file as the wecorl.a virus. This worm tries to replace an existing svchost file with its own version to help it take over a machine.

The update wrongly labelled svchost as the virus and then quarantined it. This caused many PCs to crash as Windows uses many copies of the file to keep the operating system going.

Computers inside businesses running Windows XP with service pack 3 applied were the hardest hit according to reports. The University of Michigan said 8,000 of its 25,000 computers were hit by the faulty update.

The SANS Internet Storm Center said the update was causing "widespread problems" and said it received reports about "networks with thousands of down machines and organizations who had to shut down for business until this is fixed."

Analyst Rob Enderle said the update "pretty much took Intel down today". Mr Enderle was at the chip giant's HQ for a meeting when the widespread crash started to hit the computers of the people with whom he sat.

"We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally," said a statement from McAfee, adding that an even smaller percentage of its consumer customers were hit.

It said it removed the update "within hours" and released an updated file free of the mistake. It also issued a "sincere apology" for the inconvenience caused.
===================================================
aparently Mcafee got a fix on their web site

but I would try to fix it with bart PE if it is XP
chkdsk /R C:
or win PE2 or 3 if it is vista or 7

others might have other ideas.
http://radified.com/cgi-bin/yabb2/YaBB.pl?num=1272090819
===================================
here is a new ready made PE but is expensive:
http://www.ntfs.com/boot-disk.htm

Active@ Boot Disk (Win Edition) is a bootable CD/DVD/USB disk that allows you to boot up your computer and fix most startup and PC configuration problems.

Active@ Boot Disk based on lightweight Windows VISTA (WinPE 2.1) operating environment and contains disk image, data recovery, partition management, password resetting, data erasure, network access tools and system utilities.
PS
I can not undrestand how they can sell windows Vista PE ???

++++++++++++++++++++++

Regards Ben
jaclaz
I cannot see how you can fix a missing system file by running checkdisk. hmm.gif
All you have to do is to restore the svchost.exe file.
You can use DOS (with NTFS4DOS if needed) or Linux as well, but also safe mode should be enough:
http://www.911cd.net/forums//index.php?sho...=23822&st=2
http://isc.sans.org/diary.html?storyid=8656
(and the link on radified you posted).

jaclaz
blendwithme
QUOTE (jaclaz @ Apr 25 2010, 07:35 AM) *
I cannot see how you can fix a missing system file by running checkdisk. hmm.gif
All you have to do is to restore the svchost.exe file.
You can use DOS (with NTFS4DOS if needed) or Linux as well, but also safe mode should be enough:
http://www.911cd.net/forums//index.php?sho...=23822&st=2
http://isc.sans.org/diary.html?storyid=8656
(and the link on radified you posted).

jaclaz


Correct, you need to use a boot disk for restoration, or simply press F8 if im right. . . then restore your system to your desired date.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.