Welcome, Guest
Please Login or Register.    Lost Password?

Remediation tool for McAfee SVCHOST.EXE issue
(1 viewing) (1) Guest
High level security related questions and answers
Go to bottomPage: 1
TOPIC: Remediation tool for McAfee SVCHOST.EXE issue
#40
Remediation tool for McAfee SVCHOST.EXE issue 10 Years, 10 Months ago Karma: 2
Here is a posting with information on how to fix the McAfee error which they posted via email. Wanted to make sure it was here
for folks searching the web for solutions.

McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.

Q: What does the SuperDAT Remediation Tool Do?

A: The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe, if not present it will attempt a restore from %WINDOWS%\servicepackfiles\i386\svchost.exe, if not present it will attempt a restore from quarantine. After the tool is run, the machine needs to be rebooted.


Recommended Recovery SuperDAT Procedure

1. From a machine that has Internet access, locate and download the Recovery SuperDAT at download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe and save it to portable media.

2. Take the portable media to each affected machine and run the tool. If you are not able to run the tool on the affected machine, boot in safe mode

3. Execute the Recovery SuperDAT tool

4. Reboot in normal mode

5. Use the product update to update to 5959



For additional FAQs and information, go to kc.mcafee.com/corporate/index?elq_mid=23...ntent&id=KB68780 which will remain up to date.


================================
UPDATE #4 (7:38pm US/CDT)

McAfee has published recovery procedures for the following two scenarios:

* Recommended Manual Recovery Procedure using the Extra DAT where DAT 5958 is currently installed
* Alternate Manual Recovery Procedure using DAT 5959 where DAT 5958 is currently installed

This information has been posted on vil.nai.com/vil/5958_false.htm and will be continuously updated as more information and procedures become available.


================================
UPDATE #3 (2:55pm US/CDT)

Emergency DAT 5959 has been posted and is available at www.mcafee.com/apps/downloads/security_updates/dat.asp. This file is available in English and is replicating in other languages. For MORE information, go to the 5958 DAT Report on vil.nai.com/vil/5958_false.htm.


================================
UPDATE #2 (12:47pm US/CDT)

McAfee is aware that a number of corporate customers have incurred a false positive error due to incorrect malware alerts. Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

The 5958 DAT has been removed from McAfee download servers, preventing any further impact to corporate customers. McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. You can view information at kc.mcafee.com/corporate/index?elq_mid=23...ntent&id=KB68780 (NOTE: system is currently slow) or the McAfee Community at community.mcafee.com/docs/DOC-1374/

We will notify you of an emergency update when available, or in 90 minutes.



================================
ORIGINAL EMAIL (11:06am US/CDT)




McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file April 21 at 2:00pm (GMT +1). McAfee advises NOT to download this DAT. Please disable pull tasks and update tasks.



Information updates will be sent every 90 minutes to keep you advised.

McAfee Support Notification Service (SNS) provides valuable information to help you maximize the functionality and protection capabilities of your McAfee products.
The administrator has disabled public write access.
 
Go to topPage: 1
Moderators: halls
get the latest posts directly to your desktop