McAfee Anti-Virus update leaves Windows XP SP3 PCs stuck in a reboot loop

 

Gallery

Posted on 22 Apr 2010 at 11:30

McAfee's April 21st update for its anti-virus software is reported to have caused systems to become stuck in an infinite reboot cycle. The issue affects PCs running Windows XP SP3, on which the McAfee detects the C:/WINDOWS/system32/svchost.exe system file as containing a virus.

A notice on McAfee's website informs users that "McAfee is aware of a W32/Wecorl.a false-positive detection with the 5958 DAT file, dated April 21 at 2:00pm (GMT +1), which is affecting numerous customers. Watch for updates on this issue, which will be sent on a timely basis. McAfee has released the 5959 DAT files early to address this issue."

The latest update is free of the problem, so it's safe to re-enabled the program's auto-update features if you had disabled it to protect your PC. If you think you might have downloaded the affected update, it's important not to reboot your PC and to follow McAfee's remediation instructions.

This isn't the first recent incident of anti-virus updates capable of bringing down their users' PCs. Most recently, Bullguard and BitDefender put out updates last month that rendered some Windows installations unbootable, while an update last December for Alwil's Avast! resulted in false positive identification and quarantining of vital software and drivers.

Rival firms are taking advantage of this dent in the anti-malware giant's reputation; Sunbelt Software is offering six months' free maintenance on its VIPRE Enterprise suite to all McAfee Enterprise Customers, noting that "based on recent events, we are seeing record numbers of McAfee enterprise customers looking for an alternative solution for endpoint security".

McAfee has contacted us with a statement describing the circumstances of the faulty update and apologising to its users. The statement explains that McAfee identified a new threat that that "attacks critical Windows system executables and buries itself deep into a computer's memory".

The update was designed to address this threat. According to McAfee, "the remediation passed our quality testing and was released with the 5958 virus definition file at 2.00 PM GMT+1 (6am Pacific Time) on Wednesday, April 21."

Unfortunately, it was this update that caused "moderate to significant issues on systems running Windows XP Service Pack 3". McAfee believes that less than one half of one percent of its enterprise accounts and a smaller fraction of consumer customers have been affected by this false positive error, and the faulty update was removed from all McAfee download servers within hours, preventing any further impact on customers.

McAfee is now working to support affected customers by providing detailed guidance on how to repair any impacted systems and is "investigating how the incorrect detection made it into our DAT files and will take measures to prevent this from reoccurring."

A McAfee representative also told us that the company was currently deciding on how it will handle compensating enterprise customers whose business may have been disrupted by damage caused by the update.

Author: Kat Orphanides