McAfee issues manual fix for faulty antivirus definition (atleast a Condom)

Posted: April 22, 2010 in Uncategorized
Tags:

If your PC has been affected by the erroneous McAfee antivirus update ( Read Baby XP been raped by Nanny McAfee), here’s how you can fix the problem.
McAfee has outlined the recovery steps at this website, http://vil.nai.com/vil/5958_false.htm. But here’s a quick rundown of the first thing you need to do if your PC is experiencing problems due to the update:
1. If your PC is automatically shutting down, you can abort the shutdown process by clicking on the Start button, then clicking on Run and then type “cmd” (without quotation marks) and hitting Enter to open a command prompt.
2. This should open up a command prompt window and in this window, type in “shutdown -a” (without quotation marks). This should stop any shutdown command.
3. Next, click on Start–>Programs–>McAfee and then go to the VirusScan Console.
4. Right-click on “Access Protection” and then select disable.
The next few recovery steps outlined by McAfee are only for experienced PC users and require the user to first find a machine with Internet access to download a file called EXTRA.ZIP (at http://bit.ly/aDIPnx) and then rebooting the PC in Safe mode.
An automated fix is being worked on, but as at press time, only manual recovery options are available.
We have reproduced the McAfee recommended recovery steps here:
Recommended Manual Recovery Procedure using the Extra DAT where DAT 5958 is currently installed
1. Locate EXTRA.ZIP from the site and unzip;
2. Boot in safe mode (by hitting the F8 key repeatedly as the PC boots up) with “Network Option” enabled;
3. Copy Extra.DAT into c:\program files\commonfiles\mcafee\engine;
4. If svchost.exe exists in (c:\windows\system32) and is not a “0“ byte file, skip to Step 7;
5. If svchost.exe is deleted, pull up the VSE console and open “Quarantine manager.” Click on the detection option and select “Restore”; If the VSE console does not come up, then go to C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone. This will pull up the VSE console. Click on the detection and select “Restore.”
6. If the above does not work, or if svchost.exe is “0“ bytes:
a) When possible, copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present, get from c:\windows\system32\dllcache\svchost.exe;
b) Copy svchost.exe from an unaffected system to c:\windows\system32 directory (if same operating system) from external media (such as a USB, CD, etc);
If “paste“ is grayed out, use the following commands:
Start -> run -> cmd
Run the following command “copy from [source\filename] to [destination\folder]” Example: copy x:\svchost.exe c:\windows\system32
7. Reboot in normal mode
8. Use the product update to update to 5959
9. Delete the Extra.DAT file in c:\program files\commonfiles\mcafee\engine
Alternate Manual Recovery Procedure using DAT 5959 where DAT 5958 is currently installed
1. Boot in safe mode (by hitting the F8 key repeatedly as the machine boots up) with “Network Option” enabled;
2. If svchost.exe is not deleted (look in c:\windows\system32\svchost.exe) and is not 0 bytes in size then network connection should be possible — Skip to Step 6;
3. If svchost.exe deleted or if it is “0” bytes, then network connection may not be possible;
4. If svchost.exe deleted, pull up the VSE console and open “Quarantine manager” and click on the detection option; select “Restore.” If the VSE console does not come up, then go to C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone
This will pull up the VSE console.
5. If the above steps do not work or if svchost.exe is “0“ bytes:
a) When possible, copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present, get from c:\windows\system32\dllcache\svchost.exe
b) Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same operating system) from external media (such as USB, CD, etc)
If “paste“ is grayed out, use the following commands:
Start -> run -> cmd
Run the following command “copy from [source\filename] to [destination\folder]” (without the quotation marks). Example: copy x:\svchost.exe c:\windows\system32
6. Download the 5959 SuperDAT from http://download.nai.com/products/licensed/superdat/english/intel/5959xdat.exe
7. Run the SuperDAT program
8. Reboot in normal mode

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s