u2_storm Posted April 21, 2010 Share Posted April 21, 2010 McAfee Virus Scan Killing SVCHOST.exe If you have updated to Dat 5958 today your computer will reboot and you may not be able to use your computer. We have thousands of computers affected and a team are working to get it fixed by downgrading to 5957 and restoring SVChost.exe Is anyone having issues with mcafee virusscan enterprise 8.7i? Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 Anyone at all? This is getting fairly big! Link to comment Share on other sites More sharing options...
Phenom II Posted April 21, 2010 Share Posted April 21, 2010 When you say shutting down, do you mean Mcafee is shutting them down ? Have you checked the machines Event Logs ? Link to comment Share on other sites More sharing options...
Stup0t Posted April 21, 2010 Share Posted April 21, 2010 Anyone at all? This is getting fairly big! Yes basically, what ever you do do not reboot yours system if you managed to do the shutdown -a command to stop it as its kills ye pc and network. Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 http://www.google.co.uk/search?q=mcafee&hl=en&tbo=1&tbs=rltm:1&ei=JhvPS9r4N5SCOIHziPsP&sa=X&oi=tool&resnum=1&ct=tlink&ved=0CB0QpwU VirusScan dat file 5958 It seems to kill SVCHOST.exe Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 If anyone had Mcafee EPO running shut it down.... Anyone else any updates? Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 We have received thousands of reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out. Any fixes anyone? One fix is that we change the dat, no update yet. Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 sorry to bump but this is affecting all Mcafee av's for our clients. Link to comment Share on other sites More sharing options...
YaZoR Posted April 21, 2010 Share Posted April 21, 2010 I've had many sites affected by this. Windows XP SP3 McAfee VirusScan Enterprise 8.5 & 8.7 Taskbar disappears, no start button, no network connections. Unable to view events in event viewer also. I hear McAfee are rolling a new update very soon.... but how to remotely update a PC which has had it's network b0rked? Nice. Can't wait for work tomorrow! Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 If anyone can stop there McAfee from updating do so otherwise your SVChost.exe file will be 0KB Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 @YaZoR We are working on a fix here for our clients. but it may be replacing SVHost on tons of machines... Link to comment Share on other sites More sharing options...
Panacik Posted April 21, 2010 Share Posted April 21, 2010 How about starting the machine in safe mode? Does that work? If so, can you have them remove the latest DAT file? If not, can you ahve them remove the antivirus and then talk them through re-installing? Last known config? Does that restore the dat to the old version? Have you tried speaking to Mcaffee about this at all? Are they working on a DAT update or patch? If so, when its released, can you boot to safe mode and install it? If the machine starts and simply starts shutting down, have the user run the command "shutdown -a" as mentioned above. Does that stop it from restarting? Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 It's too late for most people to do the shutdown -a We are having sucess with installing an old superdat will keep you updated. Link to comment Share on other sites More sharing options...
1337ish Posted April 21, 2010 Share Posted April 21, 2010 I take it from all this that the lastest defintions mark the svchost.exe as a virus and try to quarantine it? Link to comment Share on other sites More sharing options...
Panacik Posted April 21, 2010 Share Posted April 21, 2010 I really dont understand what U2_Storm was posting so much for? I thought he wanted help, but now i think he is trying to give us advise? I use Sophos here, so it doesnt effect me... I used to use McAffee in another company though... Both products seem to fail in their own way to be honest. Link to comment Share on other sites More sharing options...
bdsams Veteran Posted April 21, 2010 Veteran Share Posted April 21, 2010 thanks for the tip going front page with this! Link to comment Share on other sites More sharing options...
mak123 Posted April 21, 2010 Share Posted April 21, 2010 McAfee is also one of best antivirus. but i always suggest for my friends to use antivirus- KASPERSKY or Avira antivir. this antivirus only provide realtime security and safety. try manual update for mcafee. Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 I really dont understand what U2_Storm was posting so much for? I thought he wanted help, but now i think he is trying to give us advise? I use Sophos here, so it doesnt effect me... I used to use McAffee in another company though... Both products seem to fail in their own way to be honest. I do want your help but at the same time I am trying to fix it and organise how to fix computers remotely, I am also trying to warn people NOT to update McAfee. The process we are trying to replacing the Engine folder and replacing SVChost.exe from a good machine via PE. Link to comment Share on other sites More sharing options...
bdsams Veteran Posted April 21, 2010 Veteran Share Posted April 21, 2010 sent to digg http://digg.com/tools/diggthis/share?storyId=20754816 Link to comment Share on other sites More sharing options...
Glorious Posted April 21, 2010 Share Posted April 21, 2010 I noticed that we got an e-mail regarding this at work just before I finished for the day. I'd better make sure with the guy that manages the EPO it isn't updating the XP workstations with 5958. Link to comment Share on other sites More sharing options...
itzwolf Posted April 21, 2010 Share Posted April 21, 2010 Thanks for the notice! Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 Hello! We have just put up a page on our website @ http://mycentrality.com We are currently testing a PXE boot system to fix this issue remotely for our clients if anyone wants the scripts PM me. U2_stormy Link to comment Share on other sites More sharing options...
bane7378 Posted April 21, 2010 Share Posted April 21, 2010 Hello! We have just put up a page on our website @ http://mycentrality.com We are currently testing a PXE boot system to fix this issue remotely for our clients if anyone wants the scripts PM me. U2_stormy Thanks for posting this information u2_storm. It was very helpful and has worked for at least one of our systems so far. Just wanted you to know that your sharing of information is very much appreciated. :) Link to comment Share on other sites More sharing options...
u2_storm Posted April 21, 2010 Author Share Posted April 21, 2010 Great :) We have an automated system to do this via PXE if you can boot PXE & and WAIK installed let me know and I will send you all the files to fix this. Link to comment Share on other sites More sharing options...
bane7378 Posted April 21, 2010 Share Posted April 21, 2010 That would be great u2. I'm pretty sure in most cases WAIK shouldn't be a problem as we don't lock down the systems too horribly. Anyone we want to lock down gets a thin client. I'll PM you my email address. Thanks again. Link to comment Share on other sites More sharing options...
Recommended Posts