McAfee Kills SVCHost.exe, Sets Off Reboot Loops For Win XP, Win 2000 472
Kohenkatz writes "A McAfee Update today (DAT 5958) incorrectly identifies svchost.exe, a critical Windows executable, as a virus and tries to remove it, causing endless reboot loops."
Reader jswackh adds this terse description: "So far the fixes are sneakernet only. An IT person will have to touch all affected PCs. Reports say that it quarantines SVCHOST. [Affected computers] have no network access, and missing are taskbar/icons/etc. Basically non-functioning. Windows 7 seems to be unaffected."
Updated 20100421 20:08 GMT by timothy: An anonymous reader points out this easy-to-follow fix for the McAfee flub.
Re:Black Wednesday (Score:5, Interesting)
Also unaffected (Score:1, Interesting)
Some are running a version of Windows 7 called Windows Vista, and it's also unaffected. Which is not surprising because it's pretty much the same thing with greenish wallpaper.
Re:Double ouch. (Score:5, Interesting)
My big question is why is Norton and McAfee still so popular in the corporate world?
I understand that the OEM's preload McAfee or Norton because they are paid to, but the corporate world is paying big money for these out-dated anti-virus programs.
There are much better anti-virus providers out there such as Avast, Kaspersky, Nod32 and others.
Doesn't McAfee Do Testing On Releases? (Score:3, Interesting)
-Todd
McAfee recently screwed me over (Score:3, Interesting)
Sure maybe I got unlucky for the first time in like 3 years. Maybe someone used my computer while I was on holiday but I suspect not. I suspect it's related to this.
Re:virus scanners are the devil (Score:3, Interesting)
To be honest 2, 4 and 5 are perfectly adequate for a knowledgeable user and the rest provide little if any advantage. And they also happen to apply to all OS's and all versions of those OS's.
Re:For a program so hard to turn off (Score:4, Interesting)
It seems to be very willing to take the whole machine down.
Speaking of which, did anyone at McAfee even bother to test this dat on a Windows XP machine?
I'm sure they did but the real question is not "did McAfee test it against Windows XP?". It's "did they test it against Windows XP with every single version of svchost.exe that Microsoft have ever released?" - the original version and every updated version in every patch and service pack to date?
Re:Double ouch. (Score:3, Interesting)
A quick google on the subject brings up many other testing that ranks norton below the ones I mentioned.
So it would all boil down to whom you believe, who is the least beholden to their advertisers?
And Norton and McAfe spend TONS on advertising.
Re:Guess what I've been doing all morning? (Score:4, Interesting)
Me too. I just handle my department, thank the gods. I've got two labs that are native Windows -- one with 7 machines and one 15 machine lab. These are hardware oriented labs that have vendor provided software that won't run under emulation.
The other 4 labs run Ubuntu, with VMWare, non-persistent VMs for any activities that absolutely require Windows.
My Windows only labs are in a constant reboot cycle (well, before I shut them down), the rest don't even realize there's anything going on. :) Since tomorrow is Lab day for those two labs, I'm hoping McAfee gets the problem fixed before then. If not, I'll disable boot scan until they do.
Re:For a program so hard to turn off (Score:4, Interesting)
I put this on my corporate IT.
We have a corporate standard for XP on the desktop and Win 2003 for servers. Should only be those 2 versions of svchost.exe to test against.
Right now my employer is losing $millions as systems are down proactively until the issue is resolved. Manufacturing and labeling systems run on Windows :)
I know we test patches from Microsoft against the standard OS as well as the individual apps. As an application owner, I test the monthly patches from MS before applying in production.
Virus definition updates are not provided for testing prior to release.
Given how widespread this issue is, I think it would have been picked up in testing.
Re:virus scanners are the devil (Score:2, Interesting)
Re:For a program so hard to turn off (Score:2, Interesting)
But if a virus is (wrongly) detected in the EXE, what are you gonna do? Kill/block it, of course. So all the DLLs come tumbling down too.
If a virus is detected in a DLL, you can typically prevent the DLL from being loaded if you get there early enough. But some programs crash if a DLL they need can't be loaded. And forcibly unloading a DLL is, as far as I know, nearly impossible to do safely and without executing any more code in the DLL.
Re:Guess what I've been doing all morning? (Score:3, Interesting)
I always get a kick when somebody says something stupid like that. I've recently heard that in a meeting with management: "Yeah, but if Microsoft's solution doesn't work, we can call them for help and they are liable for the problems with their product". As ANYONE that ever called Microsoft knows, they're not helpful at all and if you spent too much time on their support lines they will come off with something like: well, we don't support customizations, we can't fix that, read the support contract. Under customizations they understand (not kidding): Modifying your SharePoint site to put content on it, installing updates in Windows.
Re:For a program so hard to turn off (Score:3, Interesting)
Svchost has been around forever. It basically encapsulates other applications. Svchost handles many things from DCHP client to Windows Themes. The problem is that McAfee doesn't seem to ...
Encapsulation? No doubt that's a valid comment and one that's just as valid to describe, in a more general sense, how Microsoft designs things. On the other hand, I consider a weasel word that describes something that lacks transparency, isn't understandable, and is unnecessarily complex.
If you think that's an over-the-top opinion, run `netstab -ab'. See how long it takes for the command to complete. And then see how long it takes for you to parse the output before making sense of it.