Slashdot Mirror

← Back to Stories (view on slashdot.org)

McAfee Kills SVCHost.exe, Sets Off Reboot Loops For Win XP, Win 2000

Posted by timothy on from the hope-you-were-using-antiantivirus-too dept.

Kohenkatz writes "A McAfee Update today (DAT 5958) incorrectly identifies svchost.exe, a critical Windows executable, as a virus and tries to remove it, causing endless reboot loops." Reader jswackh adds this terse description: "So far the fixes are sneakernet only. An IT person will have to touch all affected PCs. Reports say that it quarantines SVCHOST. [Affected computers] have no network access, and missing are taskbar/icons/etc. Basically non-functioning. Windows 7 seems to be unaffected." Updated 20100421 20:08 GMT by timothy: An anonymous reader points out this easy-to-follow fix for the McAfee flub.

5 of 472 comments (clear)

  1. Re:Black Wednesday by ircmaxell · · Score: 4, Interesting

    True, but business needs dictate software requirements. So that decision is out of my hands (but believe me, I'd LOVE to run an office full of Linux computers)...

    --
    If a man isn't willing to take some risk for his opinions, either his opinions are no good or he's no good
  2. Re:Double ouch. by Jeng · · Score: 4, Interesting

    My big question is why is Norton and McAfee still so popular in the corporate world?

    I understand that the OEM's preload McAfee or Norton because they are paid to, but the corporate world is paying big money for these out-dated anti-virus programs.

    There are much better anti-virus providers out there such as Avast, Kaspersky, Nod32 and others.

    --
    Don't know something? Look it up. Still don't know? Then ask.
  3. Re:For a program so hard to turn off by jimicus · · Score: 3, Interesting

    It seems to be very willing to take the whole machine down.

    Speaking of which, did anyone at McAfee even bother to test this dat on a Windows XP machine?

    I'm sure they did but the real question is not "did McAfee test it against Windows XP?". It's "did they test it against Windows XP with every single version of svchost.exe that Microsoft have ever released?" - the original version and every updated version in every patch and service pack to date?

  4. Re:Guess what I've been doing all morning? by steveg · · Score: 3, Interesting

    Me too. I just handle my department, thank the gods. I've got two labs that are native Windows -- one with 7 machines and one 15 machine lab. These are hardware oriented labs that have vendor provided software that won't run under emulation.

    The other 4 labs run Ubuntu, with VMWare, non-persistent VMs for any activities that absolutely require Windows.

    My Windows only labs are in a constant reboot cycle (well, before I shut them down), the rest don't even realize there's anything going on. :) Since tomorrow is Lab day for those two labs, I'm hoping McAfee gets the problem fixed before then. If not, I'll disable boot scan until they do.

    --
    Ignorance killed the cat. Curiosity was framed.
  5. Re:For a program so hard to turn off by mcmonkey · · Score: 3, Interesting

    I put this on my corporate IT.

    We have a corporate standard for XP on the desktop and Win 2003 for servers. Should only be those 2 versions of svchost.exe to test against.

    Right now my employer is losing $millions as systems are down proactively until the issue is resolved. Manufacturing and labeling systems run on Windows :)

    I know we test patches from Microsoft against the standard OS as well as the individual apps. As an application owner, I test the monthly patches from MS before applying in production.

    Virus definition updates are not provided for testing prior to release.

    Given how widespread this issue is, I think it would have been picked up in testing.