US-CERT Current Activity
McAfee DAT 5958 Issues
Original release date: April 21, 2010 at 3:04 pm
Last revised: April 22, 2010 at 7:10 pm
US-CERT is aware of public reports indicating that McAfee DAT release
5958 is incorrectly identifying the valid system file,
C:\Windows\system32\svchost.exe, as containing malicious code. Reports
indicate that a false positive detection occurs on Windows XP Service
Pack 3 systems. Symptoms include a denial-of-service condition when
the McAfee software attempts to clean the file.
US-CERT encourages users and administrators to review the McAfee Virus
Profile: W32/Wecorl.a and apply the "extra.dat" and additional updates
provided by McAfee as necessary to mitigate this issue. Users should
ensure that they have installed DAT 5959 or greater before running any
on-demand scans.
Corporate users and administrators are encouraged to review the McAfee
Corporate Knowledgebase Article KB68780, while home users are
encouraged to review the McAfee FAQ Document TS100969.
Relevant Url(s):
<http://service.mcafee.com/FAQDocument.aspx?lc=&id=TS100969>
<https://kc.mcafee.com/corporate/index?page=content&id=KB68780&pmv=print>
<http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=265240#none>
====
This entry is available at
http://www.us-cert.gov/current/index.ht ... 958_issues