McAfee : svchost.exe falso positivo w32/wecorl.a, computer bloccato

McAfee : svchost.exe falso positivo w32/wecorl.a, computer bloccato

98
0
SHARE

Come anni fa AVG oggi tocca a McAfee ; Per errore un aggiornamento cancella dei files vitali di windows  e blocca i computer degli utenti .

altre informazioni : http://www.megalab.it/5986/mcafee-blocca-il-pc-degli-utenti

soluzione: http://vil.nai.com/vil/5958_false.htm?elq_mid=2363&elq_cid=277011

Sintomi

potrebbero presentarsi questi sintomi:

  • tema di windows 2000
  • barra della applicazioni (quella con START per capirci) non visibile
  • copia ed incolla dei files disabilitato (l’incolla in realtà è disabilitato)
  • errore all’avvio di skype : “server RPC non disponibile”
  • nessuna scheda di rete presente sul PC
  • impossibilità di utilizzare un “punto di ripristino”

Aggiornamento (ore 11.15) – mail arrivata da McAfee :

McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.

Q:   What does the SuperDAT Remediation Tool Do?

A:   The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe, if not present it will attempt a restore from %WINDOWS%\servicepackfiles\i386\svchost.exe, if not present it will attempt a restore from quarantine. After the tool is run, the machine needs to be rebooted.

Recommended Recovery SuperDAT Procedure

1.     From a machine that has Internet access, locate and download the Recovery SuperDAT at http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe and save it to portable media.
2.     Take the portable media to each affected machine and run the tool. If you are not able to run the tool on the affected machine, boot in safe mode
3.     Execute the Recovery SuperDAT tool
4.     Reboot in normal mode
5.     Use the product update to update to 5959

For additional FAQs and information, go to https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=277011&page=content&id=KB68780 which will remain up to date.

================================
UPDATE #4  (7:38pm US/CDT)

McAfee has published recovery procedures for the following two scenarios:

  • Recommended Manual Recovery Procedure using the Extra DAT where DAT 5958 is currently installed
  • Alternate Manual Recovery Procedure using DAT 5959 where DAT 5958 is currently installed

This information has been posted on http://vil.nai.com/vil/5958_false.htm and will be continuously updated as more information and procedures become available.

================================
UPDATE #3 (2:55pm US/CDT)

Emergency DAT 5959 has been posted and is available at http://www.mcafee.com/apps/downloads/security_updates/dat.asp. This file is available in English and is replicating in other languages. For MORE information, go to the 5958 DAT Report on http://vil.nai.com/vil/5958_false.htm.

================================
UPDATE #2 (12:47pm US/CDT)

McAfee is aware that a number of corporate customers have incurred a false positive error due to incorrect malware alerts. Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

The 5958 DAT has been removed from McAfee download servers, preventing any further impact to corporate customers. McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. You can view information at https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=277011&page=content&id=KB68780 (NOTE: system is currently slow) or the McAfee Community at http://community.mcafee.com/docs/DOC-1374/

We will notify you of an emergency update when available, or in 90 minutes.

================================

ORIGINAL EMAIL (11:06am US/CDT)

McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file April 21 at  2:00pm (GMT +1). McAfee advises NOT to download this DAT. Please disable pull tasks and update tasks.

Information updates will be sent every 90 minutes to keep you advised.


McAfee Support Notification Service (SNS) provides valuable information to help you maximize the functionality and protection capabilities of your McAfee products.

To manage your SNS email preferences, please go to the SNS Subscription Center at http://my.mcafee.com/content/SNS_Subscription_Center
(
NOTE: This URL ensures your previous preferences are populated for your review).
For Support issues, contact your Support Account Manager (SAM), or go to https://mysupport.mcafee.com.
For McAfee Security Quickstart services, go to http://www.mcafeequickstart.com.
For other questions, go to http://www.mcafee.com/us/about/contact/index.html and select the appropriate contact link.

McAfee, Inc. | 3965 Freedom Circle | Santa Clara, CA | 95054 | 888.847.8766 | www.mcafee.com

McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. or its affiliates in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2010 McAfee, Inc. All rights reserved.

Condividi:

NO COMMENTS

LEAVE A REPLY

Time limit is exhausted. Please reload the CAPTCHA.