McAfee Kills Thousands of Windows XP & Intel Computers with SVCHOST.EXE Mistake

McAfee to Blame for Bad Software Update

JC Torpey
JC Torpey, Yahoo! Contributor Network
Apr 21, 2010 "Share your voice on Yahoo! websites. Start Here."
In what may go down in history as one of the biggest "Opps!" in computer history, the McAfee Corporation, makers of one of the most popular Anti-Virus software programs available to users, released a routine, daily update at 6:00am PST. That is where the routine update ended.

Mistaken Identity
This particular update data set included an specific update to the software's virus definitions, which are the descriptions of viruses that the software uses to compare users' downloaded files with to determine whether its infected or not. However, the update included a virus definition that caused the anti-virus package to "recognize" SVCHOST.EXE as a known virus threat called W32/Wecorl.a, or a Trojan. The problem with this recognition is SVCHOST.EXE is a vital and necessary Windows XP system process file needed to run the computer.

In the process of "protecting" the host PC system from the malware "threat," it killed the computers. The even bigger problem is the fact that every Windows XP computer uses the SVCHOST.exe process to run so in effect, every Windows XP computer user who uses McAfee's antivirus and antimalware program has a dead system right now and is probably not reading this.

How Many Affected?
Reports from various sources, including CNet.com state that tens of thousands, and possibly even many more computers running the MacAfee Anti-Virus software downloaded the update, for the most part while their owners slept through the automatic scheduling of the virus update and scan. This in turn promptly crashed the affected systems. The result is that the affected systems, those with Windows XP, will crash, or stop working and go into a repeated reboot cycle. This means that the system is dead, useless, gonzo.

The University of Michigan's reported that over 8000 of its Medical School PC's had been crashed because of this bad McAfee update. In Lexington KY, the police department lost all of their computer services and were forced to hand-write reports and lost all of their in-vehicle, or in-dash computer systems.

All across the United States, prisons canceled visitation days as a security measure and hospitals cancelled all but the most vital services and procedures as system after system went down. The computer giant Intel was hit badly. According to one source inside the technology leader's plant, all of its computers running inside the US had crashed. Yes, that is ALL of Intel's computer systems. What is the world coming to?

What Does McAfee Say?
So far, what is known is that the killer update is primarily affecting computers running Windows XP with Service Pack 3 installed. The "Killer Update" was available for several hours after its initial release, which was prior to the error being found. Once it was found, however, the site was taken offline to prevent further damage. A statement, issued by MacAfee at 2 PM PST, stated that while they apologize for the inconvenience they are aware of "no major impact to users." Uh, Huh? Really? I can imagine that hackers the world over are laughing themselves silly about now.

Half Baked Fix
Beyond their statement, the company has posted a "fix" on another website but do not expect much from it. The fix is a manual work-around that involves downloading and installing an additional .DAT or data file. There was no clear instructions on what to download the update with, as the affected computers are "dead" and cannot download anything. There are also no instructions on exactly how to implement the fix. Apparently, they expect consumers to download and fix the problem without their help. The computers will not stay on long enough to boot the fix even if they could download it somehow. There is a note on the page to the effect that MacAfee is working on an "automatic fix" but as of the end of business today and at the time of this publishing, there was nothing.

Better Fix Option & Instructions
CNet posted an article with instructions on how to work around the problem and repair damaged systems The information is located at "How to fix your McAfee-crippled computer", and detailed instructions on how to raise your system from the grave are included.

AnnArbor: Software Update Shuts Down Thousands of U of Michigan Medical Health System Medical School System Computers
CNet: How to Fix your McAfee Crippled Computer
CNet: Buggy McAfee Update Whaks Windows XP PCs
McAfee: W32/Wecorl.a, or a Trojan
McAfee: "Fix"
McAfee: Downloads Security Update

Published by JC Torpey - Featured Contributor in Technology

JC Torpey started writing at a young age and is affiliated with many online publishing websites. JC's expertise includes network security, PC health and the Internet. Her specialized writing areas include we...  View profile

  • McAfee update deployed mistakenly noted vital Windows XP file as virus and crashed all XP PCs.
  • McAfee released half hearted "fix" that fixes nothing because it cannot be deployed.
  • CNet.com released a better fix with instructions on how to use it.
McAfee states they know of no problems with their update and also states that they do not think any consumers are affected. Nevertheless, this update killed all of Intel's PCs along with thousands more.

10 Comments

Post a Comment
  • JC Torpey4/26/2010

    Scott: Thank your for the input. I suppose I should have stated that not every fix will work for every computer, as should the vendors who posted the fixes. That was my fault for not mentioning it. Every computer is different, configurations, file locations and such. I am glad something worked for you and happy to hear you are up and running again! If anyone else has any other suggestions, or something that worked in your case, feel free to post your suggestions here! BTW, I use Avira now and have had no problems since I installed it in February. Thanks everyone! ~JC Torpey

  • Scott A. Guthrie4/26/2010

    I tried the fixes posted, they did not work, however I did manage to fix 2 PC's with different versions of McAfee using the following procedure:

    1. Go into Windows Safe Mode (F8 on boot)
    2. Do a search for mcshield.exe.
    3. Rename mcshield.exe to mcshield.exe.test
    4. Do a Command Line Search (c:>dir/s svchost.*) Note: The svchost file was located elsewhere on the drive in my case.
    5. Copy the svchost (@14k in size in my case) to c:windowssystem32.
    6. Reboot
    7. Uninstall anything McAfee
    8. Install Avast
    9. Enjoy

    Scott A. Guthrie CEO
    A Computer Store, Inc.

  • Tony Payne4/23/2010

    I used to use them years ago, now I use AVG Free and it works very nicely. Good piece of reporting.

  • JC Torpey4/23/2010

    I used McAfee once then after a few days of a trial that was supposed to be for a month, they stopped updating because they claimed my trial was over when I still had 20 days left. I promptly uninstalled it and never touched their services again. So, because I use XP on one of my computers I am glad I switched to Avira! MC Afee is still claiming the problems are minimal however reports are stating hundreds of thousands of computers have been affected. Good Grief! Thanks for the comments everyone! ~JC Torpey

  • leroy coffie4/23/2010

    I hate their service

  • Mike Powers4/22/2010

    Good report, JC... I'm glad I have never used McAfee products.

  • Kathleen Dougherty4/22/2010

    wow...glad I don't use it

  • Andrew Sutton4/22/2010

    Oh boy, can you say class action lawsuit?

  • Stephanie M. Lucas4/21/2010

    Wow! They'll have hell to pay for that mistake!

  • Jaipi Sixbear4/21/2010

    Oh boy, so glad I use Avast

Displaying Comments

To comment, please sign in to your Yahoo! account, or sign up for a new account.