Prev: McAfee 5958 DAT update may cause WinXP continuous reboots
Next: Security update hits Window PCs
From: Newell White on 23 Apr 2010 04:59

"David H. Lipman" wrote:

> From: "FromTheRafters" <erratic @nomail.afraid.org>
>
> | Could this be a symptom of svchost.exe being quarantined or deleted by
> | McAfee?
>
> Could very well be as SVCHOST is the Sefver Daemon of NT Services and thus the OS is hosed
> if he had used the affected 5598 DAT file.
>
>
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
> .
You are so right.

Fortunately we do not use epo (resource hog and potential single point
failure). Our machines contact McAfee at random times. Any which did so
between 13:30 and 18:00 British Summer Time got hit.

This worked as a cure:

1) Exclude C:\Windows from on-access and start-up scans in McAfee (roll back
updates doesn't work without svchost.exe).

2) Use DOS copy command to restore system32\svchost from
ServicePackFiles\i386.

3) Restart and roll back the 5958 update in McAfee.

I suspect many more McAfee clients were screwed, but have not yet been able
to get on the web and squeal, as with epo all their hosts will be locked out
from LAN and Internet!

--
Regards,
Newell White
From: "FromTheRafters" erratic on 23 Apr 2010 07:07
"Newell White" <NewellWhite(a)discussions.microsoft.com> wrote in message
news:5155E3D8-28D4-49B0-ACF8-13D12825778E(a)microsoft.com...
>
> "David H. Lipman" wrote:
>
>> From: "FromTheRafters" <erratic @nomail.afraid.org>
>>
>> | Could this be a symptom of svchost.exe being quarantined or deleted
>> by
>> | McAfee?
>>
>> Could very well be as SVCHOST is the Sefver Daemon of NT Services and
>> thus the OS is hosed
>> if he had used the affected 5598 DAT file.
>>
>>
>>
>>
>>
>> --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>> .
> You are so right.
>
> Fortunately we do not use epo (resource hog and potential single point
> failure). Our machines contact McAfee at random times. Any which did
> so
> between 13:30 and 18:00 British Summer Time got hit.
>
> This worked as a cure:
>
> 1) Exclude C:\Windows from on-access and start-up scans in McAfee
> (roll back
> updates doesn't work without svchost.exe).
>
> 2) Use DOS copy command to restore system32\svchost from
> ServicePackFiles\i386.
>
> 3) Restart and roll back the 5958 update in McAfee.
>
> I suspect many more McAfee clients were screwed, but have not yet been
> able
> to get on the web and squeal, as with epo all their hosts will be
> locked out
> from LAN and Internet!

True, and the symptoms may be fairly widely variable depending upon
individual system configurations.


First  |  Prev  | 
Pages: 1 2
Prev: McAfee 5958 DAT update may cause WinXP continuous reboots
Next: Security update hits Window PCs