Bad McAfee Update Affects Windows XP

If you’re a McAfee user and are running Windows XP, make sure you update to the latest version of the DAT file (5959) if you want to avoid any issues, some of which could be severe. Yesterday, or late Monday night, McAfee released its 5958 DAT file which effectively borked some XP installations, leaving the user with nothing more than a major headache.

The reason is due to a false positive in detecting scvhost.exe, which is imperative to Windows’ operation. Whenever you fiddle with that file (normally -many- scvhost.exe’s are open at a time), it could cause a timed shutdown of 1 minute. Because McAfee handles scvhost.exe as a trojan, it’s obvious to see the problem here. So what do you do if you are affected?

If you can’t get inside of Windows properly, you can boot into Safe Mode and install a program that the company has put together that fixes the issue. Another option is to update to the latest DAT file if at all possible, as that also contains a fix. Both can be done in Safe Mode, but if you’re using XP and haven’t had any issues, you could do it in your regular environment (and it’s recommended you do update, since you don’t want to end up triggering the issue).

It’s understandable that from time to time, a virus scanner could pick up a false positive, but it’s rather ridiculous that an update gets released to the public that can actually wreck your Windows installation. For knowledgeable users, fixing the issue isn’t that difficult, but the majority of McAfee users aren’t tech-heads, but rather regular users. I’d hate to imagine how many people are just going to reformat because they can’t figure out the problem!

April 21, 2010: Urgent Alert: McAfee is aware of a W32/Wecorl.a false-positive detection with the 5958 DAT file, dated April 21 at 2:00pm (GMT +1), which is affecting numerous customers. Watch for updates on this issue, which will be sent on a timely basis. McAfee has released the 5959 DAT files early to address this issue.