McAfee False Positive Brings Down XP Machines

We recently had a computer come into the shop with what appeared to be some pesky malware.¬† It wouldn’t let you drag icons, the taskbar was minimized and unresponsive, and it kept auto-initiating shutdowns due to DCOM errors and the RPC Service stopping unexpectedly. These services required svchost.exe (along with a hundred other things in Windows) to be usable and located in the system32 directory.¬† It was missing, and after replacing just that file with a copy of the good one, it would still disappear after a minute or so! After searching in vain for some rogue process that might be causing this, it became clear that this machine was hit by a pretty disastrous false positive due to a McAfee Antivirus update! Basically, the latest update (April 21st, 2010) was downloaded by the machine, and after scanning it thought it had found an instance of the w32/wecorl.a virus (which apparently hasn’t been around since 2003), and proceeded to remove and quarantine svchost.exe, bringing Windows XP to its knees. This little bug has effected¬† millions of machines worldwide in the last 48 hours! (and, this isn’t the first time a McAfee update has done something like this. This is yet another testament to antivirus programs doing more harm that good for most users. -Chris

Comments Closed.

Subscribe to our newsletter
GoogleSidebar Office365Sidebar DellSidebar MicrosoftSidebar auth