McAfee Zero Hour False Positive - DFWstangs Forums
LinkBack Thread Tools Display Modes
post #1 of 11 (permalink) Old 04-21-2010, 02:27 PM Thread Starter
<Insert Title Here>
IHaveAMustang's Avatar
Join Date: Apr 2007
Location: Grand Prairie, TX
Posts: 2,040
McAfee Zero Hour False Positive

If you are running McAfee 8.5i or above and have 5958 definitions, ROLL THEM BACK.

It is falsely identifying that the svchost.exe is infected and either quarantining it or deleting it.

It got 6 of our machines before we stopped our EPO server from pushing it out.

Right now, we have been on hold for 1 hr and 10 min for a solution (supposedly they are making a DAT to suppress the issue), just thought I would share this.

Good luck.

IHaveAMustang is offline  
Sponsored Links
post #2 of 11 (permalink) Old 04-21-2010, 04:54 PM
BLKGT's Avatar
Join Date: Feb 2004
Location: Odessa, TX
Posts: 1,254
my wife's job went crazy today because of this lol

94 Triple black GT auto w/shift kit, 3:55 gears and pulleys
Trolls Needed
BLKGT is offline  
post #3 of 11 (permalink) Old 04-21-2010, 05:19 PM
Time Served
Join Date: Mar 2006
Location: Frisco
Posts: 494
Our desktop team is also scrambling. So far, so quiet on the server side of the house. - Enterprise-grade web hosting (full DR, efficient virtualization, hardware firewalls)
DLinkOZ is offline  
post #4 of 11 (permalink) Old 04-21-2010, 06:03 PM Thread Starter
<Insert Title Here>
IHaveAMustang's Avatar
Join Date: Apr 2007
Location: Grand Prairie, TX
Posts: 2,040
Originally Posted by DLinkOZ View Post
Our desktop team is also scrambling. So far, so quiet on the server side of the house.

Luckily we only lost 1 fire engine's MDC because of it. Everything else was low-level importance workstations that we quickly pushed the fix out to.

Yahoo news did a report on it...thanks to McAfee places like Kentucky State Police and a 1/3 of hospitals in Rhode Island lost all computer access...even rumors that Intel got taken out...not bad what a day.

IHaveAMustang is offline  
post #5 of 11 (permalink) Old 04-21-2010, 11:28 PM
line-em-up's Avatar
Join Date: Mar 2003
Location: Somewhere south of here.
Posts: 5,810

Now, this was a big clusterFuck. There goes McAfee's credibility.
Hospitals, schools, company computers around the world affected by error staff and news service reports
updated 5:26 p.m. CT, Wed., April 21, 2010
NEW YORK - Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an antivirus program identified a normal Windows file as a virus.

McAfee confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download.

McAfee could not say how many computers were affected, but judging by online postings, the number was at least in the thousands and possibly in the hundreds of thousands.

McAfee said it did not appear that consumer versions of its software caused similar problems. It is investigating how the error happened "and will take measures" to prevent it from recurring, the company said in a statement.

The computer problem forced about a third of the hospitals in Rhode Island to postpone elective surgeries and stop treating patients without traumas in emergency rooms, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital. Jean said patients who required treatment for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms.

Deborah Montanaro of North Kingstown, R.I., told The Providence Journal her son was turned away by the hospital and not given the spinal radiation therapy he needed to treat his leukemia.

"It is impacting patient care," she told the newspaper. "They have no Plan B. I am very upset."

The hospital's computers came back online around 4:30 ET, Jean told the newspaper.

In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Virginia also lost computer access.

Intel appeared to be among the victims, according to employee posts on Twitter.

"For PCs that have been affected and are in a state of reboot, Intel IT is still working on how to get the deleted files back on the operating system, which will allow PCs to boot normally again," spokesman Bill MacKenzie told The Oregonian.

"We do have instructions out that are working for some people and not for others. We are continuing to work the issue."

Peter Juvinall, systems administrator at Illinois State University, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone.

"I originally thought it was a virus," he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get the machines working again.

In many offices, personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery.

It's not uncommon for antivirus programs to misidentify legitimate files as viruses. Last month, antivirus software from Bitdefender locked up PCs running several different versions of Windows.

However, the scale of this outage was unusual, said Mike Rothman, president of computer security firm Securosis.

"It looks to be a train wreck," Rothman said.

In Utah, at least 700 of Utah Valley University's 5,000 computers on campus were affected, but university spokesman Chris Taylor said all computers were back up and running by noon Wednesday, as IT officials "were right on top of it."

In Sarasota County, Fla., school district officials said about 800 computers experienced the problem, and power was pulled quickly on the PCs. Officials said they were able to get computer systems up in running again in a little more than half an hour.
line-em-up is offline  
post #6 of 11 (permalink) Old 04-22-2010, 12:12 AM
Blue5spd's Avatar
Join Date: May 2002
Location: Breaking up happy homes!
Posts: 3,381
Another reason why I do not use McAfee
Blue5spd is offline  
post #7 of 11 (permalink) Old 04-22-2010, 12:19 AM
f0ur sixer's Avatar
Join Date: Sep 2002
Location: Garland/Tucson
Posts: 4,617

Screw them. They decided for me that I wanted to renew my subscription with them.(2 years down the road from initial purchase)There was no warning, no email sent, no nothing. Just a withdraw on my bank account. Charged me $70 which I didn't get back til 2 weeks down the road.

03 Oxford White Cobra.
f0ur sixer is offline  
post #8 of 11 (permalink) Old 04-22-2010, 12:30 AM
#4 Best QB Ever
That_Is_My_El_Camino's Avatar
Join Date: Apr 2004
Location: Land of the Free
Posts: 29,339
I'll bet this guy was behind it...

Originally Posted by DON SVO View Post
Women: vaginal life support.
That_Is_My_El_Camino is offline  
post #9 of 11 (permalink) Old 04-22-2010, 04:51 PM
El Camino
Stang2be's Avatar
Join Date: Sep 2003
Location: in front of the keyboard
Posts: 3,432
Being a former McAfee employee I laughed hard about this one

2007 Taurus SEL - daily driver
1974 El Camino SS - 400sb

Originally Posted by purrrfectstang
Umm.. what is the ID-10T settings?
Stang2be is offline  
post #10 of 11 (permalink) Old 04-22-2010, 05:16 PM
Time Served
Join Date: Mar 2006
Location: Frisco
Posts: 494
Now that's funny - Enterprise-grade web hosting (full DR, efficient virtualization, hardware firewalls)
DLinkOZ is offline  
post #11 of 11 (permalink) Old 04-22-2010, 06:09 PM
Neiladin's Avatar
Join Date: Sep 2004
Location: OKC
Posts: 12,120
Originally Posted by That_Is_My_El_Camino View Post
I'll bet this guy was behind it...

Mess with the best, die like the rest. Fucker.
Neiladin is offline  
Sponsored Links


Quick Reply

Register Now

In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Please enter a password for your user account. Note that passwords are case-sensitive.


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:


Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

For the best viewing experience please update your browser to Google Chrome