Uncategorized

McAfee Response To Current False Positive Issue

418
By on Apr 21, 2010

In the past 24 hours, McAfee identified a new threat that impacts Windows PCs. Our researchers worked to address this threat that attacks critical Windows system executables and buries itself deep into a computer’s memory.

The research team created detection and removal to address this threat. The remediation passed our quality testing and was released with the 5958 virus definition file at 2.00 PM GMT+1 (6am Pacific Time) on Wednesday, April 21.

McAfee is aware that a number of customers have incurred a false positive error due to this release. We believe that this incident has impacted a small percentage of our enterprise accounts globally and a fraction of our consumer base–home users of products such as McAfee VirusScan Plus, McAfee Internet Security Suite and McAfee Total Protection. That said, if you’re one of those impacted, this is a significant event for you, we understand that and we’re very sorry.

Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3.The immediate impact on corporate users was lessened for corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, though those customers could also be impacted when running a scan.

The faulty update was removed from all McAfee download servers within hours, preventing any further impact on customers.

McAfee teams are working with the highest priority to support impacted customers. We have also worked swiftly and released an updated virus definition file (5959) within a few hours and are providing customers detailed guidance on how to repair any impacted systems.

Corporate Customers
- This entry in our virus information library provides workarounds
- Our knowledge base has two articles, one specific for VirusScan Enterprise users and one for Total Protection Service users
- Customers are discussing the issue in our online support community
- More details on this topic are available in an FAQ.

Consumers
- This support page provides information for impacted consumers
- Consumers are also discussing the topic in the online community

To contact McAfee by phone in your region, go to the “Contact Us” page on our Web site and select your country for the correct number.

Early morning on Thursday night (at around 1 AM PT) we published a SuperDAT Remediation Tool to help customers fix affected systems. The tool suppresses the driver causing the false positive by applying an Extra.dat file in folder. It then restores the “svchost.exe” Windows file. The tool has been successful at remediating the problem caused by the faulty DAT update for multiple customers. The tool itself and more details on how it works are available in our knowledge base.

We are investigating how the incorrect detection made it into our DAT files and will take measures to prevent this from reoccurring.

We sincerely apologize for the inconvenience this has caused our customers and will update this blog posting as more details become available.

Barry

PS: I just published another blog in response to some of your comments below.


(Updated at 3.35 PM PT to include statement on number of customers impacted.)
(Updated at 3.50 PM PT with a link to details for consumers who were impacted.)
(Updated at 5.13 PM PT with link to knowledge base.)
(Updated at 5.44 PM PT to correct the number of impacted consumers.)
(Updated at 8.20 PM PT removing detail on 5959 DAT capabilities.)
(Updated at 9.27 PM PT to provide additional detail on customer impact added link to new blog post.)
(Updated at 10.01 PM PT to add a link to the support community.)
(Updated at 11.58 AM PT on Thursday to add additional KB article links.)
(Updated at 1.10 PM PT on Thursday to add mention of remediation tool.)
(Updated at 2.45 PM PT on Thursday to restate number of customers impacted.)
(Updated at 12.53 PM PT on Friday to add a link to the FAQ.)

418 Comments

  • I have taken my computers to the same shop for over 10 years now, i have even worked there in the past, only 1 person there works on mine an we have taught each other some things – i stay more informed than she does on some things.
    So its not like taking it to a stranger or doing it remotely, its a built up relationship thats been formed over years.

  • Allistair

    Ok I have two computers running McAffe. It has taken me a week to get sorted as I didn’t have ready access to an internet machine. Four hours of fiddling and one machine is now sorted.

    I had the additional problem that I could not copy or paste, or move the repair files from a pen drive to the machine. Solved it in the end by zipping the files then choosing unzip to location and saving onto desktop.

    Sadly this isn’t working on the second machine and after another four/ five hours its not working. How much is IT support an hour? Where do I send the bill for my time?

  • RCometa

    I must agree Andrew[UK].

    Yeah, McAfee most certainly made a huge negative impact on businesses…
    Yeah, a lot of computers dived…
    Yeah, a lot of labour and thumbs twiddled…
    Yeah, IT depts have spent many hours…
    But this is technology mass produced like cell phones… anyone had a cell phone breakdown?
    LG’s cell phone division had a recall early 2009 for a particular model which was more powerful than it was created for; but they found a solution and delivered, it took some time but a solution was still provided.

    Point is that mistakes happen… by everyone. EVERYONE has made it known that McAfee goofed up and McAfee has also admitted recognizes their mistake, you may not beleive that they understand the extent of the impact only because we’re too angry at them to read inbetween the lines.

    Let McAfee handle the programming codes stuff.

    To McAfee, you do have a great challenge, a lot of angry consumers. I know you know that. Good luck !

    Cheers!

  • Colby

    I’m a freelance PC repairman and I’ve worked with dozens of people on this issue. Consumers are pissed. Large Enterprises are pissed. Drop “McCrappy” like a hot potato. Not only does their product perform poorly against malware but, they DO NOT care about their customers. In this case, they are lying about the “0.5%” of people affected.

    Obvious lies are obvious.

    I urge McCrappy users to switch to another AV product. Companies like Kaspersky, F-Secure, ESET, Sunbelt, Symantec, etc, actually care.

  • anna merrick

    I use Vista. My computer has been crippled since Friday morning. Firstly, McAfee don’t call me back within the time limit they give me. Now I’m waiting for Engineering to ring me because Technical support are unable to fix my computer. What a SHAMBLES ! I will NEVER EVER use McAfee products again and I would advise anyone else not to go near them.

  • joe

    Wow, I am glad that I dumped the big mac 2 months ago. They (macafees) as a service to me withdrew money from my account for the current suscription fee. The main problem is that I never gave them authorization or anyone authorization to tap my account. After a phone call to their service dept. they refunded the money that they took from me. I had to go to my bank and request a stop payment which was to late of course. Things must be rough for the big mac that they have to resort to this kind of action. I had been a customer for about 7 years. Gee they didn’t even kiss me.

  • Stefan

    Im still not running, everybody is not compter geeks, last thing to do is re format the stupid computer, thanks to McAfee….

    Never ever going to use McAfee again

  • Mr A

    Hi, I’m also one of the many victims that came across this headache of a problem. Eventually i fixed it (in a matter of speaking) by googleing for the solution. Found the solution and my machine started working again. However my systems mcaffee was reseted back to the factory defaults that come with my CD. After the 4th automatic update the problem occured again!! Why is the fault still being downloaded after update?? VERY SUSPICIOUS!! Uninstalled mcaffee and allowed one update for virus definition then prompted it to notify me of any new updates. I prefer a little control during these hard times … wouldn’t you?

  • Graeme

    Dear All,
    I share your pain – and after having tried to use the McAfee ‘fix’ it copied via a hack computer from their website I had stopped the rot, but hadn’t got my functionality or internet back.

    What finally seemed to have fixed it was copying the svchost.exe copied using cmd line! – see D Slinger’s item.

    (Thought the McAfee extra.dat and superdat was supposed to have done that)

    A happy man, I\’m off to walk the dog !

  • Andrew [UK]

    Well, I run a McAfee ePo solution which has the McAfee AV software deployed to ~1500 Windows Computers, ~1000 of these Windows XP.

    About ~1300 computers in the estate had the rouge DAT file installed, yet I was able to update to the subsequent DAT’s without issue.

    Hopefully, for some that puts into perspective McAfee’s claims that a small percentage of computers were affected. As an example, if you take my ~1500 computers and add it to 20 companies which each have 5 computers (100) where 4 out of 5 are affected before the ‘global’ figures for systems affected are 5% (i.e. 80 computers = 5% of 1500+100).

    So in summary, although the figures may be worse than McAfee are admitting, people who put comments like ‘I have an office with 20 computers and 100% were affected so McAfee’s figures are wrong’ need to take a step back. I think a number of people posting here need to get a sense of perspective – the person that wrote ‘I wouldn’t want McAfee to crash a computer running life support systems in a hospital’ needs to step back and think. Why would you have a presumably ‘networked’ Windows XP computer (that can maybe even access the Internet) to provide life support. I’m pretty sure that life support(ing) systems run bespoke software and hardware that can’t multitask running a ventilator, drip and Solitaire for example.

    I also think the person that wrote that the McAfee issues feels like the equivalent to hiring a security guard and then he turns round and shoots you in the face. Wouldn’t it be better to equate it to the said security guard detecting you as Osama Bin Laden, shooting you in the face, but then upon realising his mistake gives you some anti-bullet medicine that makes you well again. I haven’t read all the comments as I have to take breaks to get my laughing fits out the way.

    I do feel for those that have spent money having a computer repaired, or for companies who lost resources (peoiple-time, money, services) whereby the issue was caused by McAfee, and if the said users could prove it, I think that McAfee should reimberse for the cost and inconvenience.

    I also think there is a lot of scaremongering going on with many comments saying things like ‘I’m going to uninstall McAfee right away’ or ‘I’m going to boycott McAfee’ etc etc. I can’t count the number of times that my Microsoft-OS’d computer has crashed to the point of rebuild because of inherently poor underlying code in the operating system, which lets not forget is the reason we need AV software in the first place – because the OS is inherently unsafe – and I’m sure many of you reading this have experienced the same – yet how many of you are saying you’re going to ditch Microsoft Windows etc etc?? – yet I bet a good percentage of users reading this are currently doing so in an out of date or non-fully-patched version of Internet Explorer and underpatched version of XP – with a underconfigured firewall and no web filtering software. I would even wager that quite a few of you probably visit websites that have malicious code in them that gets stopped at the door by your McAfee AV software.

    I’m not pro-McAfee, but the majority of posters need to get real, and get a sense of perspective. If you’re still alive and your business hasn’t folded and you haven’t lost millions of pounds/dollars, maybe you should just count your lucky stars and find something else to moan about.

  • Andy Shipley

    It is very kind of you to offer to resolve these issues over the phone especially as you are only going to charge £1 per minute per the privilege!
    Talk to your technical support and tell them to support this issue for FREE!

  • Rob

    Why don’t you use plain English. This sounds like a law suit protected script to me. I think you (Barry) need to learn a more positive approach to you clients. We screwed up, your computer system will fail due to our update and this is how you fix it. This should be plastered on the front page of the website. Can we bill our lost time and costs to McAfee?

  • Joe

    Thanks to McAfee Total Protection I’ve spent a total of 17hrs since Wednesday to try and repair my pc.
    Out of sheer desperation I wiped everything and installed a new OS.

    And to think I nearly recommended McAfee to friends..

  • Kamran Masood

    I am running Windows Vista. My Real-Time scanning of McAfee has gone OFF and doesn’t turn ON. My internet has stopped working. Consequently, no McAfee updates can be downloaded. The system has crippled. I am afraid that I will have to format my hard drive and restore my system to factory defaults of SONY VAIO.
    Will you be hasty enough to provide remedies or Simply want your customers to move onto some better options.

  • Suggestion to everyone is to switch to Avast and Comodo

  • Jayson Kurfis

    When this problem came up, I immediately called Mcafee technical support. I paid $90 to your tech support group and was told that it was not a virus problem. The tech said that I should contact Dell because he didn’t know what was happening with my system and stated that my credit card would be refunded (at this time no refund has been given). I called Dell and they asked whether or not I had recently updated my Mcafee virus file. Unfortunately, I had.

    This process took six hours and cost $250. Since you stated this problem only affected a small portion of your customer base, I would expect that you would have no problem providing restitution for the cost of repair and the promised refund to the credit card.

  • Luke

    Cant even open up to a single game without the thing being quarantined

  • TechGuy

    It just comes to show that you can never be too prepared, I have been googling backup software and came across Genie Timeline it looks perfect for my backup needs, but im not sure if the software does what it says it does, has anyone heard of this company?

  • Stuart

    Major disaster for me in UK. No internet access, so know way of knowing what the problem was.
    Lucky I had backed up using Genie Pro 8.
    Restored winxp pro in 40 minutes but lost important email.
    Spent remainder of day rebuilding CAD software on PC. Self employed so no one pays me for this.
    Mcafee I suggest you tell the *truth* not waffle.
    We engineers have to.

  • tom hartsell

    my personal computer was destroyed by this virus and I am a Mcafee customer. I have talked to numerous McAfee employees and all don’t seem to know what to do or we are unable to communicate and they don’t seem to understand my problem. (I asked to speak to their supervisor but this did not happen. So, what is one to do?)

    As a result of this, and trying to get my computer fixed I somehow was connected to another company that corrected the problem, but I had to pay for the fix now I want my money back from McAfee. If I do not get satisfactory results, I will drop McAfee as my security supplier. Too, I hope someone will initiate a class action law suit against McAfee.

    That is all I have to say at ths time.

  • UNBELIEVABLE!!!!! I have used Avast for many years without any problems. It was suggested I use McAfee. I switched over – what a mistake. I had to pay $10.00 when I called in to get help just so I could talk to someone. I was told, that everything was fine. I have just spent the last three days on the phone with India….I had to erase everything and reformat. It still isn’t working right. I don’t have time for this. I had to pay Dell $200.00 to help me. I will be taking this to small claims to be reibursed. How about a class action suit? Include me in. I’m going back to Avast. Mcapee owes me money and an apology!

  • Swedish user (if compensated!)

    I have a suggestion to McAfee to save face and reputation – offer us all a whole year free antivirussubscription. I mean, it wouldn’t mean much to McAfee, would it? We misfortunate are only half a percent of the McAfee business, right? If I don’t get some compensation I will switch to something else!

  • cwaters

    The only way I could fix mine, to get access to the task bar and ‘start’ button was to use the Windows distribution disk to repair the operating system (DON’T choose the first ‘R’ option – you’ll get another chance to ‘Repair’). You’ll need to boot off the distribution disk, maybe needing to change the boot order in the BIOS as I did. NOW you’re working, but probably with SP1 or SP2, depending on how old you computer is, so plan on spending hours to let Windows upgrade back to SP3. Hope you can find the Windows re-install distribution disk, or created a rescue disk when you bought your computer!

  • Ellen Dublo

    After 2 days and $250 that a retiree can ill afford, I find that McAfee caused its own problem. As I was unable to access the internet, I was unable to correct5 the problem with the published “fix”, hence the $250 charge – Our security suite is due to be updated in May, and you can bet it will NOT be with McAfee unless they do something to reimburse me!

  • Laura Gallagher

    First of all I had to pay $10 to talk to someone to get help because their posted fixes did not work on my computer. After spending $125 to get my computer fixed by a professional I called McAfee to cancel my subscription which expires in October. They cannot even give me a partial refund of my balance. Even in a major publicity crises you would think that some good PR for those affected would be a olive branch. They just lost a customer permanently.

  • Drew McKeen

    I’m running Vista and downloaded an extremely problematic update from McAfee yesterday FRIDAY, APRIL 23. Immediately following the McAfee update my machine began behaving strangely: keyboard and/or mouse not working, system locking up, applications freezing while opening. I have used MS system restore to return to pre-McAfee update status and still have these update-related issues. Whatever this McAfee update did the screw up my system–it has done so royally. So, I am not at all convinced that of McAfee’s assertion that this is an XP-related bug only. The fact that there is still no admission of this-let alone a fix- is really distressing.

    Oh, and p.s. as another Vista/McAfee user pointed out, I am very, very familiar with discovering that my McAfee firewall has somehow been disabled -for God knows how long- and needs to be manually restarted. I am very, very close to dumping McAfee–for good.

  • Rocky

    I’m removing McAfee after reading these comments.

  • Floyd Elliot

    I have a year left on my subscription, and I am still switching to Norton 360. Your apology is every bit as good as your software.

  • Floyd Elliot

    I just spent eight hours I could have wasted having a life dealing with this nonsense; it’s so lovely that you’re very sorry. I have a year left on my McAfee sub, but I am switching to Norton 360.

    Your company, Mr. McPherson, gives incompetent twits hope: as long as you exist, they know that they are not the least functional people on earth.

  • I cannot do a system restore, or even open up the McAfee to check the DAT version and i think that it affected my Windows XP because I have lost my local area connection and cannot even access the internet to get the upgrade for the DAT.

  • Brian

    The wanted to charge me 90 bucks to fix their error. WTF???

  • One thing I have recommended to friends, family, and anyone else that would listen is to never buy a package or use the same anti-virus program for all the computers in the SAME home because one incorrect security patch could disable all the computers and prevent them from saving money to search for the online help on their own. I use Free Avast Home and MS Security Essentials instead of McAfee even though COX cable offers it for free (a $69.99 value they tell me, ROFLMAO!) as a home security suite. Unlike others on this site I intend to go back to it after this fiasco (had it on the Windows Home Server in the past but removed it due to slowdown), because now McAfee will be on pins and needles having to watch their Ps and Qs. After this PR nightmare I expect your company can not afford two within a short window of tolerance.

    I keep a few versions bootable Linux by CD and pendrives (Knoppix, Ubuntu, and Puppy) as well for troubleshooting, maybe you should offer something similar as a company. A downloadable bootable image that would allow the users to get online and download self-installing patches would go a long way to restore faith in many of your customers. I know AVG offers this option though it does have the limitation of needing a wired connection. On my two main machines I also have set them up as a dual boot system in the event of this nature, Ubuntu makes it easy with wubi and will allow people to get online, search for solutions, download files, and even apply them to the drive but nothing states that you can not offer your customers the same.

    I think it is foolish to only have one machine without an external backup, backup plan from a different OS, or other means to save important data and don not feel sorry for anyone who lost information or business over this because you should never rely just on one solution. I also don not feel sorry for those businesses that only used or deployed one antivirus solution for their corporate network. I don not even own a business and have multiple contingencies in place of this nature and wishes to know which businesses did fail due to this and would name themselves so I may avoid them all in the future. Computer information can be lost in so many ways such as user error, malicious intent to damage it, theft, natural disasters, and hardware failure but worst of all by those who seem to trust in too few to do so much for them.

    Harsh? Of course it is, but one of the harsh realities of life is that a customer does not have to buy into the excuse of the business whether it is McAfee or those that only used one antivirus program for their corporate solution. If I lost a family member in the hospital due to this error I would not just blame McAfee, but the hospital as well for deploying this in the field without their own proper testing on their end, as well or to have a backup in the event the main item failed. While I don not think this absolves McAfee, who should take a majority of the blame, it should also make all IT departments speak out to the bean counters that putting all of their egg in one basket is rarely a good idea.

    McAfee can provide us with the real numbers, after all they should know exactly how many machines have this installed, what OS is on them, what version of the OS, and how many percent of those downloaded the patch because this would tell us exactly how many machines could have crashed. I would like McAfee to be a little more more precise because they can.

  • Why are you people using McAfee?

    Why the hell did anyone ever install McAfee on computers anyway? I have never heard anything good about McAfee, I have always avoided it like the plague. This problem right here is why I am glad that I have Symantec. It may not be the best, but at least it does not crash all of my computers. If you dont want to use Symantec, there is always SOPHOS. I would recommend switching as soon as you can.

  • Never use McAfee

    Why the hell did anyone ever install McAfee on computers anyway? I have never heard anything good about McAfee, I have always avoided it like the plague. This problem right here is why I am glad that I have Symantec. It may not be the best, but at least it does not crash all of my computers. If you dont want to use Symantec, there is always SOPHOS. I would recommend switching as soon as you can. Sorry about your computers.

  • I cannot get my PC to do ANYTHING! McAfee is responsible, McAfee needs to pay to have my PC repaired!

  • pat devoy

    man up and admit your stupid mistake. forget the excuses. I work for intel and you caused great havoc here. your product sucks and so does your customer service.

  • javier gutierres

    This man has not idea what he is talking about, in my company affected more than 10000 computers, mcafee sucks, And for MR BRENT maybe he is a home user , this man must be from mcafee too, they just do not accept what they did..period

  • Dutch Mcafee IS user

    Great, my Mcafee Internet Security is often reporting that the firewall has been shut down and i need to turn it on manually myself…

    What is this????
    Is this the result of the faulty update or another problem with Mcafee IS 2010 on Vista?!

  • Eddie

    It’s such a relief that McAfee determined this problem affected only a small percentage of users.

    That means it should not cost that much for McAfee to reimburse those “small percentage” of users for all their downtime and lost business affected by their lack of oversight.

    McAfee, can you please provide all of us “small percentage of users” a billing address so we can send you our bill to pay the IT folks to fix YOUR problem?

  • Shirley

    My laptop, like many others, lost the taskbar and everything else with it. I’ve had to completely reformat my hard drive. After years with McAfee, I’M DONE!!! I’ve lost days of work and as a small business owner I cannot afford to do this. I’m glad McAfee is so big that they consider this to not be such a big problem.

  • RUM

    Since we are company that has offices at Cancun, Riviera Maya, Merida and the Caribbean Islands this fault affected around 400 workstations, at this moment we are still repairing some of them, basically we had to spreaded our technical support team in those locations; this little mistake affect POS and stoped the operations literally so an excuse is not enough i expect sincerely at least the condonation of the annual maintenance if you want to keep us as a client.

  • hughJ

    There’s really no room for even the slightest amount of spin in emergency situations like this, even in a blog post.

  • Rong W.

    The apology is too late, too little, and not sincere. They still claim that only a small portion of their customers were impact. Will McAfee pay back the lost productivity and lost data for their customers? That is the only way to have a sincere apology.

  • Lisa

    My father’s computer is completely screwed up with many, many important system files missing. Most programs won’t open and the network card seems to be missing, so no internet. No system disk because Dell didn’t send them out with the computers at that time and it won’t do a system restore (it is enabled).

  • Volunteer Help Desk

    I’ve been getting calls from family members about this for the past 2 days, and have been incredibly frustrated while trying to fix my father in laws XP SP3 machine.

    Here are the problems that I’ve run into with McAfees solutions/commentary.

    at first they said it affected enterprise customers only…but it does affect home users.

    Here is where the recovery steps fail:
    1. Go online…can’t be done due to the situation that McAfee has put the computer in.
    2. Disable items in the McAfee console…can’t be done due to the situation that McAfee has put the computer in.
    3. Use a USB drive to copy files from a working computer. The USB drive shows up as a USB item, but does not show up in My Computer
    4. The DAT file cannot be deleted
    5. The last resort windows /svc restore step also fails

    Any more suggestions?

  • Just a small comment, in my company we use McAfee as the central security system for all our computer equipment in all our facilities throughout the world, not yet finished repairing “this little mistake,” one thing is certain now, McAfee is not an option for us.

  • Nima

    People, you have the power, not them. Boycott them.
    Stop buying their products, there are other competitors. Boycott them until they apologize and beg you to buy their products and correct their act. If you do this, you will change the way businesses work in US. Even the competitors will learn a lesson from this and make sure they don’t make mistakes like this.

  • colin cave

    I was shocked and extremely disappointed with this failure.
    I have been trying to persuade all other computer users to use macafee but not anymore
    Yes i was able to fix it , so who do I charge for my time and the lost income when my main computer was down !!
    I will be changing from this system as soon I can
    NEVER AGAIN

  • Alan S

    Unfortunately I have gone through 2 days of pain due to McAfee’s poor QA process. Thanks to PC House call and a $150.00 bill, I’m now again back up and running.

    What a bunch of BS for McAfee to state “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base.”

    How about spending more on your staff and quit turning good people so you don’t have to impact your users with poor QA. Your bad release has cost a lot of you users a lot of money and waisted thousands of man hours in companies worldwide.

  • Thomas Van Den Beldt

    I experienced the same difficulty that others did in that I lost my computer taskbar, WiFi, and more all because McAfee released a poor update that eliminated my svchost.exe. Where is the customer compensation for all the lost hours? Perhaps, an extension of the service by 1-2 years and a refund would be nice? Where is the weblink where we can plug in our customer details and product number for an automatic reimbursement? This is a larger problem than what McAfee is admitting to. Your customers will not purchase this product in the future unless integrity, quality, and commitment are the priority.

  • We should start a forum on a non McAfee site to see how many people this actually affected. This may not be the right place, but this hit 1068 PC’s in my mid sized company and we had to “sneaker net” around to replace the SVChost.exe and manually copy over a new DAT file, then reboot the PC and test. This took us 8 hours to fix. Then we had to call in consultants to fix our remote sites. I do feel sorry for the home users and small business’ without a dedicated IT department. Anyone have a place we can start an unmoderated BLOG?

  • Eddie

    I am quite happy and relieved to say that in the past two months, I have been removing McAfee installations from all of my clients’ PC’s, cancelled the subscriptions and went with a different solution.

    It’s so unfortunate to read the amount of frustrated users spending their hard-earned money to fix a problem that McAfee has caused. What’s even worse the see seemingly demeaning nature that McAfee has used to imply that problem is smaller than it is and placing blame partly on the customer.

    My clients are breathing easily knowing they can continue running their business. McAfee will not ever see another dime from us. This hugely ridiculous fiasco merely cemented my belief that we made the right decision.

    I value my time and that of my clients. It’s unfortunate that McAfee does not feel the same way.

  • Chris

    I work for the IT department in a school division in Canada and we’ve had hundreds of machines affected at dozens of seperate sites. Windows XP SP3 is the most common OS version in the wild right now and downplaying the damage won’t change that. We’ve been deluged with support requests 2 of us have spent several days sorting out the damage.

    I could ask where to send the bill, but what it comes down to is basically this; we gave you a trusted pipe straight from your programmer’s compiler to all our PC’s desktops. You abused that trust, and now we are closing that pipe and switching to another AV solution. Management won’t be so understanding if we blame another incident like this on the vendor a second time.

  • Nil

    When I setup my new PC, I removed McAfee and am so glad that I did.

  • Director IT

    We should start a forum on a non mcafee site to see how many people this actually affected. This may not be the right place, but this hit 1068 PC’s in my mid sized company and we had to “sneaker net” around to replace the SVChost.exe and manually copy over a new DAT file, then reboot the PC and test. I do feel sorry for the home users and small business’ without a dedicated IT department. Anyone have a place we can start an unmoderated BLOG?

  • Thomas Van Den Beldt

    I experienced the same difficulty that others did in that I lost my computer taskbar disappeared, WiFi, and more all because McAfee released a poor update that eliminated my svchost.exe. Where is the customer compensation for all the lost hours? Perhaps, an extension of the service by 1-2 years and a refund would be nice? Where is the weblink where we can plug in our customer details and product number for an automatic reimbursement? This is a larger problem than what McAfee is admitting to. Your customers won’t purchase this product in the future unless integrity, quality, and commitment are the priority.

  • Kamiel Foskey

    I have not used McAfee in almost 10 years and not missed it. I however recently told my father, who is mostly computer illiterate, that of the handful of Anti-Virus he was considering that McAfee was his best bet. I also suggested an option not on his list at all, but I’m guessing he stuck with McAfee. Thankfully, he’s not on an XP system, but that doesn’t change the fact that I will now be telling him to ditch McAfee.. Only takes one screw up in the digital world to completely lose all trust in the consumer market and this was one hell of a screw up. From this point forward, McAfee is on my stay away from list when folks are coming to me for such consultations. Congrats on streamlining your QA department to the point of no longer working.

  • Bill

    I’m using Win 7 and the same thing happened to me so its not just limited to what your saying. It wasn’t that hard to fix the problem but now after I updated there are other problems.

  • Angie

    Get it fixed? There shouldn’t be a dam thing wrong with it. I would have a good working computer if it wasn’t for this F*** UP!

  • Jerry

    MaCafee will never be on any comp. I have again. This will cost me time and money. But Im sure MaCafee is concerned about my problem.

  • Liz Lockhart

    It was not just XP. I am running System 7!

    The difference, perhaps, is that I was able to do a RESTORE to get back to an earlier state before 5958, but I had to figure that out on my own. That was a short-term fix, though, because McAfee would update itself within minutes. Even though I refused to reboot when prompted, McAfee would then shut off my network access–hence, internet access, email, ability to print.

    If the computer works today (I am currently on a laptop that has not been affected), I will still have to spend time reinstalling Microsoft Critical Updates and Java updates that were blown away by the numerous system restores I did while trying to isolate the problem.

    SYSTEM 7, not just XP, was affected.

  • I want to know why this acknowledgement of the problem is buried on a blog and is not FRONT AND CENTER on the main web site. This is the biggest corporate dodge I have ever seen. You kill hundreds (if not thousands) of your customers compters, make us spend days fixing them, and label the problem as a small false positive error.

  • Doug in Toronto

    One thing I get from reading the comments here is that many in the computing community has come to expect perfection as a bare minimum. As an IT-er of many years’ standing, I know that perfection is impossible, but the effort to improve must always continue. The important things to take away from this ‘adventure’ are: (1) accidents happen, (2) Quality and product integrity are your number 1 priorities, (3) products need testing, but the QA process itself also needs testing, and (4) some people will use any excuse to flame you or walk way, so get in front of a problem as soon as you can. I’d consider it a friendly gesture if you published a detailed post-mortem document, outlining what happened, how it happened and (most importantly) what you’re doing to ensure it doesn’t happen again.

  • Bridget Lambert

    I am reliant on my home computer. I am a competent user. However, I stress the word user. I know nothing about how computers work and I know I’m not the only person in this situation. Your error means that I will have to pay someone to sort it out. Are you going to compensate me and all the other people affected?

  • toxicdav3

    Things happen, big woop…

  • Dick (UK)

    Hi Folks, like most of you I had the dreaded DCOM error, then the RPC error and the pc rebooting over and over. It then progressively lost funtionality until network connectivity, the start bar etc was gone. What I found was that if you still have a running PC, hit F8 and get it into safe mode, I installed the fix from another PC, (friend over the street with Vista), from the Mcafee site, and followed the instructions. I actually was able to run the SDAT5958 EM application from my memory stick as I could no longer copy anything in Explorer.Then I followed the instructions on their web site, as a home user its GOOGLE) Document ID TS100969, to delete the relevant folder, reboot, download the latest updates from mcafee and my PC came back to life! Lost a days work but as I was about to re-install windows from scratch Im sure pleased I found the fix in time. It worked for me, so good luck.

  • Filipe

    How is it possible?

    I Have 280 Computers down on Wednesday!!
    I have to fix(rollback) one by one with a pendrive!

    ridicule!

  • BesT

    Well, if you value your business you probably got a backup. even on your home pc.
    You can restore the file immediatly if you have a backup, dual-boot, or just download a Hiren Boot CD and boot it up with a copy of the files affected on a usb-stick.
    If you are from the tech you know what i’m talking about: pc hell repair… the old fashion way

  • stickykev

    As part of a multinational multi billion tunover company with a huge IT infrastructure we are were totally floored by this utter incompetence. This affected critical operations worldwide on tens of thousands of machines. This will have cost us millions and millions in corrective costs and lost time.

    I just feel really sorry for small companies and individuals that have had to deal with the fallout from your utter disregard for QC without the resources we have.

    You ‘understated’ comments and press releases playing down the problem are an insult to your customers.

  • Eric

    I am a french customer and even here in France we are impacted by the problem. I have a second hand PC with no XP disk or Office disk. I hope I don’t need it !!! solutions proposed do not work.
    Number of impacted PC is probably underestimated.

  • John Paul VS

    Please explain this sentence:
    We recently made a change to our QA environment that resulted in a faulty DAT making its way out of our test environment
    I have been to your labs to see your quality control. You have racks of servers containing PC and server software to test every patch on. How did this dat not get tested against them!? What was the procedure change?
    Also an estimate of the number of people effected would be good, you indicate .5% what’s this in numbers and how did you estimate this?
    Lastly your initial press statements indicated it slowed down machines. Most people, myself included, experienced machines shutting down and being inoperable. Please be honest about this otherwise you will lose customer confidence!

  • Richard N

    I am an ex-McAfee tech support agent (I feel sorry for the callcenter guys now), and also a home user who was knocked offline for 2 days by this fault.

    In the home user fix for the fault there is an error:
    http://service.mcafee.com/FAQDocument.aspx?id=TS100969

    Step 3. “Copy the SDAT5958_EM.EXE file to your desktop.”

    You will not be able to copy the file to desktop from a usb stick as copy is not working. Just run the file direct from the usb stick and it should work ok. Good luck.
    Remember you can restart a pc using CTRL-ALT-DEL even if the taskbar is hidden (right click on the sliver of taskbar at bottom of screen and add for example Quick Lauch to make it visible again).

  • George

    I have lost one day of work for this issue. This is a very big mistake and I had to spend a lot of money contracting an expert for solving it. Will Mcafee reward me for this mess? I need an answer, please!!!

  • Gary

    This is a major disaster where McAfee has ruined thousands of XP computers. I saw McAfee updating on my taskbar and then everything on the computer quit working: the network connection, internet connection, most programs; no cd drives, no usb connections, no media card (sd) drives work at all. You can see your important files but can not retrieve them off the XP.

    Your computer is ruined and McAfee Support has not been successful in restoring my computer. Every answer from their support department is pat answers that will never clear up the problem or you waste countless hours getting nowhere.

    OUR CONCLUSION SHOULD BE THAT YOURS AND MY XP COMPUTERS ARE SHOT. ONLY A PROFESSIONAL COMPUTER TECH CAN FIX IT AT A HIGH COST OR ELSE SPEND HOURS UPON HOURS ON THE INTERNET SEARCHING FOR A SOLUTION. A TRUSTED VENDOR ATE UP OUR COMPUTERS JUST LIKE IF IT WAS A VIRUS OR TROJAN MALWARE SO GIVE UP AND RESTORE YOUR HARD DRIVE.

    McAfee Security will never admit that this is a disaster for everyday non-tech consumers like me that have very little technical knowledge or skill to fix the operating system where my XP will run again with all my important files. If McAfee would own up to the problem and allow us to go to Geek Squad and pay them to restore our XP’s, that would be my solution?

  • Quite reading the blogs and just have it fixed before tomarrow morning. Thats right what does it accomplish by waistng more time. The comments don’t matter at this point anyway.Each one says the same thing, that they are going to sue your company so what. Just fix it.
    Sincerely Lue

  • Brent

    The company is trying to fix the solution and all most of you can do is complain…it took me xx hours to fix the problem, “oh my” and some of you are supposed to be in charge! Quit complaining because you are temporarily unable to use your computer and get your hands dirty doing your work the old way with “pen and paper”.

  • Tommy Glisson

    Our small business only has one computer and it got it just like everybody else. Unable to get online and was not able until I got home to find out what was happening. After spending the wasted day calling people to find out what to do. I thought our computer was to blame for the problem and was going to buy a new one. Now I just to fix what we have. How do you fix it if you can get online for the download? This has me worried about the 3 computer we have McAfee on at home.

  • Rob

    I quit McAfee years ago. Go to Microsoft Security Essentials and be rid of your problems. It\’s free! Of course, that is after you get your systems to work again. Goodluck one and all.

  • Rob

    I quit McAfee years ago. Go to Microsoft Security Essentials and be rid of your problems. It’s free! Of course, that is after you get your systems to work again. Goodluck one and all.

  • Ana Coelho

    My netbook is in a deplorable state with no taskbar at the bottom of the screen, and no Internet access. It does not have a CD slot to help to reinstall Windows. I haven’t found in your page any explanation about svchost.exe. It is clear you’re trying to cover this thing up. What is it a false positive? Talk clearly.

  • Ana Coelho

    My netbook is in a deplorable state with no taskbar at the bottom of the screen, and no Internet access. It does not have a CD slot to help to reinstall Windows. I haven’t found in your page any explanation about svchost.exe. It is clear you’re trying to cover this thing up. What is it a false positive? Talk clearly.

  • K. Murthy

    False Postive! Is this a joke? After 8 hours gave up. Very frustrating. Will have to call a friend rather than Mcafee to fix it if there’s a fix.

  • syskim01

    My company of 2000 employees was down for 4 hours due to this issue that should have been caught duing a simple qa test. To say that this only impacted 1% of users is an outrage. Our company is going elsewhere for virusscan software.

  • George Kimball

    My company of 2000 employees was down for 4 hours due to this issue that should have been caught duing a simple qa test. To say that this only impacted 1% of users is an outrage. Our company is going elsewhere for virusscan software.

  • Joe Guo

    I am deeply concerned about McAFee product quality.
    How such big issue escape from QA test to the field.

    I has been a terrible experience with McAFee. Will try to avoid it in the future.

    You have destroyed your reputation.

  • Chad Trapp

    I used a solution on my home system that goes around trying to update software. I inserted my XP disk and botted from it. Using the built in software MS has hidden on the disk (think Dos interface) to do a chkdsk and determine my HD was unaffected I performed a recovery install. This installs windows fresh, but doesn’t overwrite any data on your system. Nothing I am working on is lost, but windows is solid. If I had a working connection, I might have tried the presented solution. As it is, the solution and the way it has been presented is a joke. I would say there is a VP of Quality Assurance needing to be fired here, along with a majority of his staff.

  • After getting my computer to run in safe mode and run system restore to an earlier point in time, I deleted all of my McAfee files. I am currently using Microsoft Security Essentials for protection. I have had problems with McAfee in the past, as well as using and having problems with Norton. I am not sure what the answer is, but am sure it is not McAfee for me.

  • Mark London

    This the is 2nd blog I am writing as the first did not post – must have been another software error. One – the solution should have been put on the front page of the website (McAfee.com) – rather than making people search for it. Not everybody is a techie. Two – simply copying the svchost.exe downloaded to a floppy and pasting it (via a DOS bootup) to the windows/system32 folder worked. Three – I agree that if corporate officers had any honor they would resign. Honest mistakes happen. But this caused your customers a lot of grief and some of them lost business. Based on my experience with McAfee at work, I will not have McAfee on any of my personal computers. Voting with my feet.

  • k smith

    Well here is another wrinkle. supposedly this affected pcs running 87 and sp3 on windows xp. today we found pcs running 85 crashing during on access scans. we exempted svchost from the scan. so we are still not out of the woods. we had to manually remediate 2500 pcs over 11 states

  • Mark London

    First you should post a copy of svchost.exe so people can copy it quickly. Then give them instructions how to boot up an XP w/ SP3 computer in “dos” mode. Copy the svchost.exe file (in my case from my 3.5″ floppy — yup my non-profit still has them) to the windows/system32 folder. Voila! It worked for me! You should put that on your front page – mcafee.com – of your website rather than making people hunt for the solution. The good news – the solution is there. The bad news – not everyone wants to take the time to find it. They shouldn’t have to. Most have skills in other areas that I don’t have (or never will). You should make it easy for them to find the solution. They shouldn’t have to wait for tech support. If there is any honor, someone in charge at McAfee should resign. Other than that – thanks McAfee – my non-profit decided to order new computers for us.

  • richard

    It looks like we have no impact on these because all our xp computers are based on SP2.

    however, at home i am using the mcafee total protection and i always have problem just to do a simple installation can you imagine my license going to end in less than 5 months time and now after so many phone calls then i manage to get it install on my windows 7, previously i was using windows xp and having the same issue too.

    so i guess you guys can imagine how easy to install mcafee products lol.. going to change soon to other brands, my final opinion, it just simply sucks dead!!@!

  • RFitz

    Fix that worked!
    Downloaded the Sdat fix file to a usb drive.
    The desktop never fully came up in
    safemode so couldn’t do the copy to desktop.
    Used ctrl/alt/delete to bring up task manager.
    Then used file, NewTask(run) and then browse to usb drive. Ran sdat from there, worked completely.

  • Sparky

    Francisco Sanchez,

    Reboot in safe mode. At a command prompt, type this:

    dir svchost.exe /s

    Somewhere, maybe the i386 directory, there will be a svchost.exe that’s not 0 kb. Copy that one into c:\windows\system32\.

    You’re also going to need the extra.dat that fixes the 5958 .dat. Get it from the McAfee site. Copy that into c:\program files\common files\mcafee\engine.

    If you can’t do that, you might try uninstalling McAfee in safe mode. But that’s extreme.

    Then reboot.

  • mmmh, yeah, anyone can have a bad day but geez am I glad I don’t use mcafee.

    I equally don’t use norton, grisoft, comodo and a raft of others due to either their policies or demonstrated incompetence.

    I’d tell you who I’m using but the majority would say I just work for them or somehow benefit from telling you all the only one I trust lately.

    In plain fact, the provider of my current AV solution has dropped a couple of balls but their false positives don’t wipe vital windows files – amongst other things, it shows the user the problem file and offers actions rather than just deleting stuff ad-hock.

    In plainer fact – Ubuntu developers, Canonical, drop the ball from time to time too but their flavor of Linux is very tasty and strongly supported.

  • Martin

    As a small business owner, I don’t have the luxury of IT people fixing my computer, and McAfee was of no help whatsoever. Their inconspicuously published “fixes” didn’t work. After more than 10 hours of checking various blogs and forums, I managed to restore my computer to previous date. Waiting for the restore to complete were the longest three minutes of my life – followed by the happiest moment when I removed McAfee’s “software” from my computer. I will cancel my McAfee subscription immediately.

  • Valerie

    Unless you have computer problem solving and can crack into your computer with knowledge of how to fix this problem, you will have to do just as I did today.. cose me a days pay to have the pc doctor come out, 20 minutes of his time andcost me $75 from my families dinner table.

  • tikki

    Thank I never used you guys.If people wont something better you don’t have about your computer crashing again get avg I been using it for 4 years now not once I had any problems with them.So if any of get computers back up working download avg anti-virus not this bulls***

  • JF Strouf - France

    Paris, the 23 April 2010,

    I have lost 1 working day and I can’t restore my computer. Where are the explanations for french speaking people?

    Why the so-called “article TS1000969 for home user” doesn’t appear on your knowledge base?

    Who will pay for the professional damages?

  • BR-yoohoo : )

    I am glad that this did not affect either of my PC’s, one being a WinXP Pro SP3 and the other WinVista SP2.

    Although I was not affected by this issue, I am sure that I would have been highly upset, as were many users and companies across the globe.

    That being said, I still trust McAfee for my AV needs. The company is a good one;I have used their services for protection for several years and am satisfied with their helpfulness and support throughout.

    They have indeed apologized for their claimed mistake,and I accept that openly. I appreciate them taking responsibility for this issue as well.

    This was obviously a mistake, and one that presumably could have happened via a “new guy” on the team. Even if that isn’t likely the case, I must concede that,as a human, I realise that we all make mistakes, no one individual being perfect, nor one company especially.

    In closing, I would like to say thank you to McAfee and Mr. Barry McPherson for taking serious action regarding this matter,and in representing what McAfee really stands for – Trust.

    You continue to have my support!

  • N. Cognito

    “Less than one half of one percent…”

    Which, coincidentally, will be McAfee’s share of the market when all is said and done.

  • Orlando

    I think you should have a testing before release a new Update, and face it, you fail! Im sorry to write this here but thanks I have Kaspersky IS I didn’t crash, but I can’t say that for the almost 60% of the network pcs that I support.

    Shame on you.

  • Paul T

    What an awful post.

    Not taking responsibility. Passing blame onto customers. Marginalising the mistake.

  • Isma'il

    What a way to say, “Screw you,” to the customer. While you’re pointing fingers at the customer, I’ll bet those who are able are downloading FREE alternatives to your product. I hear that Microsoft Security Essentials is a great product….oh, did I mention that it’s FREE?

    Idiot!

  • michael sunday

    The following solution did not work. I had to use cmd prompt to do the copying after finding it needed to be in “c:\documents and settings\all users\desktop”. Then ran from run on start bar.

    Solution
    From a working computer, download http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe and save it to a removable media (eg: Thumb Drive, CDROM).
    Start the affected computer in Safe Mode (When booting, press F8 and choose Safe Mode).
    Copy the SDAT5958_EM.EXE file to your desktop.
    Run the SDAT5958_EM.EXE tool.
    Open My Computer and navigate to C:\Program Files\McAfee\VirusScan.
    Delete the DAT folder.
    Restart the computer normally.
    After the computer restarts, right-click the M icon and manually check for an update to get the new DAT files.

    If you are unable to get access to a working computer to download the tool above, you can manually replace the svchost.exe file using the steps in FAQ article TS100970.

  • Al

    Mistakes happen. But the spin that McAfee has put on this leaves a very bad taste. “one half of one percent of our enterprise accounts globally” – I don’t think so.
    The only thing protecting McAfee is that most organisations affected don’t want to see their name in the press about the impact.
    They way McAfee has handled this is the reason we will be looking for a new AV solution (I can forgive a mistake, but not the way McAfee has responded).

  • SysAdmin

    humans make mistakes, I’m not even out for the blood of the programmer.

    But where’s the test environment prior to deployment? Where’s the QA? HOW did a “whoops” THIS BIG make it anywhere NEAR production servers before SOMEONE at McAfee running XPSP3 was like, “hey, wait a minute…”?

    and not to join the ignorant masses, but you’re saying 99.5% of all McAfee users were completely unaffected by this? smells like bs to me. and you’re just pissing people off to acknowledge that the DAT “causes issues.” call a spade a spade – it turns their machine into a paperweight.

  • This is so funny.. it is sad.. I feel really sorry for all the users that updated..lol.. to quarantine svchost ..this is not only negligent..but scary.. one test would have shown it a bad dat file..lol

    people.. I dumpped McAfee and norton in 2002 went to AVAST.. its free and is the best .. no virus in 8 years.. If it were my company.. I would have half the fron page of the site saying we are so sorry.. and free updates.. for years.. this is so funny.. where is the guys that tests the update dat files..???.. simple ..they dont test you are the testers..lol..
    Hope you all learned somthing.. jeez.. lol..

  • Large Enterprise Customer

    “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally.”

    I work for a very large enterprise-level multi-national corporation. Literally TENS OF THOUSANDS of our employees worldwide were severely impacted by this fiasco.

  • Sheri

    Ok, my computer signed itself off due to some error, by some miraculous I was able to get back on and I can access the internet, I’m scared to allow updates now. HOWEVER, my Aunt (bless her heart at 86 is good at the computer) computer lost it’s task bar and she can’t get on the internet. I copied the instructions to go into safe mode and remove the file and copy the line “system%/…) well I did that 3 times, I got “invalid line” something like that. I did get her task bar back, it’s white, but she can use it, but she still can’t access the internet. I can’t use the go back feature. Does anyone know if we delete Mcafee off the computer, will that solve the problem? To everyone out there, it’s rough, I know. But let’s also blame Microsoft for not telling the companies, like Mcafee, Norton, etc. that they are releasing new programs and not to treat it as a virus. I’m not happy, but I had bad luck with Norton some years ago. I guess this is what we get for having a computerized world.

  • if WE cannot fix the problem.
    How can we uninstall the Security suite??? WITH OUT COMPLETLY MESSING UP WINDOWS AND ALL THE OTHER PROGRAMS??…

  • Richard Humphries

    I am sorry to say that I consider your statement a poor attempt to brush of your companies failing yesterday – failings both in quality control and providing rapid, clear, remedial support.

    I don’t believe your claim of only 0.5% of McAfee customers when we experienced approx 50% of our 400 users who were impacted. We were then misled by information from the McAfee support site that implied DAT 5959 would remedy those machines infected. When the actual fix for affected PC’s was to manually reboot each PC into Windows Safe mode and repair files which involved many hours of support time at our own expense.

    We further take offense at your companies description of the effects as moderate. What is so moderate about sending out a trusted software update that crashes a system and leaves it permanently unusable until a reasonably technical recovery action can be performed to repair it.

    Mistakes can happen but it is your response which will lead me not to recommend or consider using your software products in the future.

  • Fred

    Thank You McAfee you screwed up my system it keeps crashing thank you so much. i guess have to revert to AVG again!!!!

  • Ewen Cunningham

    Spent 4 hours and over GBP100 (not counting their premium rate phone line) with Dell support – who eventually said to reinstall everything. I’m still working on sorting this out and reconfiguring everything. That’s 10.5 hours so far. I’ve submitted a detailed account to McAfee separately and asked for reimbursement for the trouble they’ve caused. Hopefully, they will do the decent thing, or they could potentially loose a sizeable percentage of their customer base.

  • Ron

    I’m the ITO for a medium-sized field office of a large organization (our Enterprise license covers 18,500+ nodes). Technically, we only lost 3% of the Windows system, but only because I powered-down the entire network! I was working with the first user, whose system rebooted and task bar disappeared, when someone two cubicles over said, “Hey my taskbar’s disappear”. Someone else seconded the motion, so we immediately shut it down and called our regional ITO.

    Then I went to McAfee’s webpage to see if there was virus/worm making the rounds. But there was NO MENTION OF ANY PROBLEMS After spending about 30 minutes searching and trying to call tech support, I found the explanation on PC Magazine, MSNBC etc.

    Okay–so these things happen. After all Windows XP Service Pack 2 changed the default firewall setting, and stopped a lot of systems. And then there was the time McAfee, deleted the VNC software. But…

    YOU NEEDED TO PUT AN EMERGENCY BANNER MESSAGE ON THE HOMEPAGE, THEN UPDATE IT THROUGH THE DAY

    Even a day later, I’m have trouble finding your fix. I did find TS100969 for home users, but I could not find it a second time.

  • Matt haynes

    He has not the faintest clue what he is talking about. We discovered issues with 4 laptops and watched the issue explode.

    First off, updatin to 5959 will not fix the issue. The SuperDAT will recreate the svchost.exe in the windows system32 folder and SUPRESS the bad detection.

    Here’s how to fix it :
    Put the SuperDAT ona thumb drive.
    Reboot your PC.
    Press and keep pressing F8 until you get to a option screen to be able to boot in Safe Mode.
    Run the SuperDAT from the thumbdrive.
    Restart the machine.
    If the system is asking for a driver for the USB External, just next it until Windows Finds a generic driver.

    The biggest deal with the file they detected incorreclty is NO services will run right. In lamans terms, you can’t get on the internet or any network!

    Here’s the services I noticed failed (there was more but this was enough) :
    DHCP Client
    DNS Client
    Workstation
    Browser
    and much more

    This is a tragic, unexecusable mistake that Mcafee will pay for, for a long time. This could really have been a Terminator Movie, Thank God it didn’t affect Servers! Otherwise, it would have been one.

    Shame on you Mcafee. You QC has displayed enough wekanesses to have me move away from your services.

  • Charles F. Crocker

    So ironically Mcafee’s anti virus software did more damage than many viruses.

    Sorry but your credibility is now totally shot, I will be advising all I know to switch to a better organisation with better quality control measures.

    ALso, where do I submit my bill to at Mcafee, or does anyone fancy joining a class action lawsuit?

  • Joan Casas

    YOU have ruined my NeTbook. Among other nasty effects (for instance, the impossibility to have internet access) the worst was that I was able to “see” data files, but not to copy or move to an external HD. I had to disasemble the netbook, to remove the hard disk to be able to read it using a second laptop. That took big precious time, just to save crucial data (result of many working hours). I had a horrible day thanks to YOU. YOU put my work in a very high risk. I will change to KASPERSKY Anti-Virus. I will never trust YOU again.

  • You’d think they’d test it first. Perhaps it’s related to Bush’s recession.

  • Roger

    I have used your products for many years despite hearing severe criticism from computer experts. With this crash, I had to completely reformat a my hard drive, lost two full days of productivity, much data was destroyed and your suggestions for fixes were absolutely lame and unhelpful. I am out many thousands of dollars because of your introduction of a problem that we hired you to prevent others from doing to us. What are you going to do to reimburse people who trusted you and have paid you their good money over time?? I am a lawyer and this lost time cannot be recaptured.

  • Laszlo

    All it would haveve taken is one of your QA guys run your DAT file…. Bunch of idiot amateurs… Bet you write a large %age of the viruses to boost your profits as this is your business model.

  • Angry Rob

    Absolutely the biggest shambles I have ever come across. Who the heck is meant to handle this?! This problem hit me on the 22nd April at 8am & it took me over 9 hours to work around. This is one of the biggest ironies I have ever seen; McAfee had crippled my PC while its job was to prevent such lunacy. Ridiculous, distressing and very irritating.
    Your so called work around solutions were not clear or helpful to amateurs let alone professionals. The order you tell us to carry out procedures and the locations of folders were simply not relevant to the problem you caused. To fix the problem is very difficult, but it went something like this:
    In short, you need to replace svchost.exe, run the tool McAfee provided, put in the EXTRA.DAT file in the Engine folder and delete the entire DAT folder. All this while battling to keep you system stable.
    The main overall goal is to delete the entire ‘DAT folder’ located in C:\ Program Files\McAfee\VirusScan and put the file EXTRA.DAT in the Engine folder to prevent the error and erase the fault. Not only that, but you need to get to the C:\WINDOWS\System32\ folder to replace the svchost.exe file with an unaffected version. Obviously as everyone has found out, this is near to impossible as all the functions like explorer, copy & paste and even right click are broken – by this update. You need a clean & compatible version of svchost.exe however, else you’ll get nowhere.
    One McAfee file provided in the work around helps however; SDAT5859_EM.exe is needed. Run this in safe mode asap. If it doesn’t work, I found trial and error got the job done, switching between safe/normal etc. Also I vitally ran cmd to copy the required .exe file (you can access this via Ctrl+Alt+Delete if your really lucky) and replaced the svchost.exe in the folder with a clean one using the command:
    copy from C:\windows\ServicePackFiles\i386\svchost.exe to C:\WINDOWS\system32
    Then Hit Enter, Restart the PC, make sure svchost.exe and EXTRA.DAT files are in place, DAT folder is deleted and you ran that tool and the command. Somewhere through this information and order, my system is alive again – luckily for McAfee. Stupid waste of my time and effort.
    I hope this helps at least one person and spares them the infuriating madness I have endured. Your technicians and response was typically dull and uncaring. Your mess – you should have fixed it asap, without getting us to undo your own mistake. I am boycotting the software permanently and so are three others I know affected by this abomination. Compensate your customers somehow; this may be your only saving grace. Oh and my formal complaint is on the way McAfee. I pray you mine and all the others…

  • Robert

    After looping repeatedly My computer shut down and would not turn on

  • Utilities Expert

    McAfee is a crap buy Nod32 (the best AV software at the market). Stopped using it for years. McAfee is a buggy bloatware.

  • Janet

    have downloaded this update but have not restarted to install. what do I do now? Your attitude really sucks. If I treated my customers like this, I’d be long gone.

  • Mr. Roboto

    Half of one-percent?!

    Do you think we as IT professionals are stupid?! We all know the true numbers is in the millions of computers, so rather than doing the right thing and apologizing for your mistake you spin and lie about it.

    I suppose this is to be expected since you outsourced Q&A to India. Time to buy your stock and short sell it.

  • Don Armstrong

    McAfee has screwed up my system one too many times. It is unbelievable how many problems I have had with your software…and this response is the last straw.

    For those former McAfee customers who are switching to Norton or some other *reliable* tool, you can use this link:

    http://www.pchell.com/virus/uninstallmcafee.shtml

  • Jim Younk

    I know people make mistakes, however you say that the dat was removed within hours. You did not tell the public what was going on in timely manner. I hit your website many times starting at 8am Pacific and nothing was posted at all We knew your update caused the issue. A 3rd party sight had the info and nai.com still nothing. The best PR is to say we screwed up and move on. Don’t blame IT professionals for your lack of testing.
    Also your fix is not user friendly. Try just creating some batch files and running the svchost fix and the Extra dat at the same time and all is fixed in one boot to safe mode and one final restart. Simple is better for the end user.
    I spent most of the day fixing the issues with our computers that were caused by your update so don’t act like no one was affected by your mistake. What is affected is your reputation because you’re not recognizing this was an issue and the consumer (IT Professionals) are not swayed by your PR persons spin on the issue.

  • Bart Hengeveld

    Sir,

    I am surprised at the ease with which you try to minimize the severity of the harm done. I tried all the instruction you published with no result. I am still stuck with a nachine that refuses to function. The McAfee helpdesk is virtually non-reachable. And in addition to that your dutch subsidiary ask an unheard of large amount telephone costs of €0,80 per minute and that just for hearing some music.
    All this is a very big shame. The chat help desk is not any better help as it can not be reached either.
    We, the helpless consumer customer is very much left in the cold.
    It may interest you that not only apparently the svchost file has been damaged, but from the erroneous reacting of the machine the harm done is far deeper in the windows system.
    I invite you to come up with a proper solution.
    And while at it you can perhaps take steps to make the Dutch McAfee site more helpfull and to provide a toll-free number.

    Bart Hengeveld

  • Etaoin Shrdlu

    Congratulations on having produced what may be the world’s first computer autoimmune disease. Russian and Chinese hackers must be sick with envy at the power of American ingenuity.

    Seriously, though, your incompetence brought half the computers in our university to a halt. Given our limited IT staff, it’s going to take weeks to get everything running again. This is unforgivable. From now on, it’s Avast or Microsoft Security Essentials.

  • Well as informative answers and taking responsibility for making a huge mistakes your comment rates ZERO! All company PCs down and no help available from you. Got a local IT crew to fix it and the first thing I did was to buy us a Norton license instead. Not that the loss of our small business affects your profits but it may be the first of many

  • JacoH

    I had the same problems as described above but finally and very late last night (NL) I used the hard way, which did work when all other advice failed: (Probably McAfee doesn;t want to advocate the McAfee removal tool for obvious reasons..)

    1. Start in Safe Mode F8

    2. Copy the McAfee removal tool: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe on a Mem Stick and add a copy of svchost.exe from another XP SP3 PC and plug it in your PC.

    3. (As you cannot simply copy – paste) In Safe Mode: Go to the command screen (CTRL_ALT_DEL: File – Run – CMD)

    4. Copy the MCPR.exe to c: with DOS commands and run it. Then use the DOS commands to copy svchost.exe to c:windows – system32

    5. Reinstall McAfee, or when fed up something better….

    Hope it helps

  • RYan Robyck

    While I was at work conducting research for a quality review proposal involving several VPN clients, my laptop received the buggy .DAT update, which completely hosed the OS to the point that Safe mode option was unavailable. Among other things, the network connection was lost, the task bar disappeared, and I could not copy file to a USB drive, although the laptop would recognize the device. I agree that the SVCHOST.EXE once disabled killed several 32-bit components from running successfully. Anyways, I reformatted the laptop, restored my profile and was back up in a few hrs. It’s just sad that this happened. Fixes wouldn’t have worked given whats been mentioned above. 1out

  • Leif

    I use Windows XP pro, and I couldn’t access the web and couldn’t access the McAfee program. I tried what was recommended on the MacAfee website, but it didn’t work.

    After having deleted the MacAfee DAT directory, I copyed the SVCHOST.EXE file (which is the file that the McAfee updated karateened)from another computer running the same operating system to a USB stick and copyed it to the windows system32 directory. I rebooted, and voila… things were running normal again. Now, I could access the McAfee file and update the dat file.

    To do this, you need to have acces to another computer running the same operating system, from where you can copy the file.

    Phew! Darn you, McAfee!!! Don’t do that again ever.

  • Ryan

    While I was at workconducting research for a quality review proposal involving several VPN clients, my laptop received the buggy .DAT update, which completely hosed the OS to the point that Safe mode option was unavailable. Among other things, the network connection was lost, the taskbar disappeared, and I could not copy file to a USB drive, although the laptop would recognize the device. I agree that the SVCHOST.EXE once disabled killed serveral 32-bit components from running successfully. Anyways, I reformatted the laptop, restored my profile and was back up in a few hrs. It’s just sad that this happened. Fixes wouldnt have worked given whats been mentioned above. 1out

  • Gotty Enders

    I support a number of friends and relatives remotely (by phone) and have spent just about every waking hour today and yesterday on the phone trying to resolve this issue with one of them.

    At first it was looking like a corrupted registry (with several features simply not working), and we spent a total of about 20 man-hours trying to get things resolved.

    In the last few hours I have had five others contact me, which is what made me look at a common-mode failure rather than a local one.

    This update was clearly not properly tested and McAfee must surely take full responsibility for such a massive screw-up (wouldn’t it be nice if they paid us for the time and phone calls we wasted, but at least a one-year free extension on the subscription would go a part of the way, or let’s see what class-action suit gets brought as a result of this).

    I still have yet to get these machines sorted because it is going to take a long time to talk these individual through what needs to be done. I would normally do it via a remote desktop, but obviously cannot because McAfee has cut them off from the Internet.

    How many thousands/millions of users will simply not know that their computer\’s failure is due to McAfee (and McAfee can have no idea that these people are having problems so can’t possibly give any realistic figure of how many people are affected). What is worse, they have no way of discovering because they have been cut off from the world.

  • Bob

    If this issue “has impacted less than one half of one percent of our enterprise accounts globally”, Rhode Island must be the most unlucky place in the world. It’s largest hospital network and largest public university were both impacted:

    “The problem forced the Lifespan hospitals to postpone some elective surgery, delayed routine x-rays and CT scans, and prompted them to turn away all emergency room visitors, except for high-level trauma cases such as car accidents, stabbings or gunshot wounds.”

    “As many as 1,000 of the 6,000 personal computers at the University of Rhode Island were also affected by the botched attempt by McAfee to update its list of legitimate viruses”

    Both of these quotes are directly from this article in the Providence Journal:

    http://www.projo.com/news/content/MCAFEE_UPDATE_04-22-10_1II71M4_v9.36e3873.html

  • Kristie

    We have been working on this issue ALL DAY LONG and still are no closer to a solution. Your fixes are not working, we are lost, have no clue what we are going to do.

  • Francisco Sanchez

    I have tried both of the published solutions and none worked. The tool fails to finish the automated procedure terminating with a prompt stating that the system could not copy the file (what file?). And from the system prompt the svchost.exe file cannot be found. What the f… should I do?!

  • FormerUser

    Setting loose a fiasco like this might almost be forgivable.

    Trying to weasel out of the resulting consequences with a press release composed by lawyers and PR pukes is unforgivable.

  • John

    This was a major blunder and already cost me 12 hours rebuilding our small business computers. It is unacceptable for this type of screw-up. Too bad I did not have business interruption insurance to pay me for rebuilding my machines. Of course, they would come to you for reimbursement.

    The issue started early yesterday, and you did not have all site pull down the antivirus updates for hours. Time for heads to roll!

  • Joe

    Thank God we switched to Mac a few years ago!

  • Venki

    It will easy if you can tell the fix rather than giving lengthy statements which is not going to bring back anything for sure. Forget not your business. Never a great fan of McAfee, just moved from Norton to McAfee for the first time, looks like a mistake.

  • Peggy O'Neal

    After three hours on line with your tech support in INDIA I am ready to ban-togather for a CLASS ACTION LAW SUIT. Unable to access my e-mail.

  • Billy Bob

    “One half of one percent of all enterprise customers, and less than that on consumer side” HAHAHAHA YEAH RIGHT! Barry, you and your executive team and board ought to just pack it up now. Or better yet, do the honorable thing and commit seppuku. Thank GOD we went with Symantec/Norton.

    Think of how many more comments would be here – if people could actually GET ONLINE to contact you clowns after your 5958 update. Surprisingly your stock is only down a couple of percent so far, but I’m sure as the story gets rolling and snowballs with the accompanying lawsuits and government coming knocking, it will be down a hell of a lot more. Great shorting opportunity.

  • Peggy O'Neal

    I spent 3 hours on line with INDIA one of your tech’s telling me to punch F8. No help FIX MY COMPUTER TOU MESSED UP. Sounds like we need a class action law suit.

  • Rodger

    I crashed first thing Wed. morning when McAfee updated. I had three sessions with chat support and not until the third session at 9pm did the techie admit that it was a McAfee problem.

    The others simply told me to contact computer supplier because it was their problem.

    I could not reach internet, open McAfee, do a restore, copy and paste, use a usb drive, open many programs.

    I finally reinstalled xp from my original disks and got back up and running. I lost 17 hours, I am self employed and no one is paying me when I am searching for computer solutions.

    I can understand the mistake. I totally can’t understand McAfee’s response to the mistake.

  • ex-IT Admin

    Yes, McAfee made a (terrible) mistakes. But this is a slap to all the cheap-ass CEOs: update your company’s equipments instead of buying a BMW for yourself!!!!!

    I know there are companies that still use Win 2000!

    And thanks to cheap-ass netbooks, XP will never die, and all us IT people will forever have to cover this outdated beast.

  • Unable to access my e-mail McAfee has blocked all my programs. I cannot even remove McAfee from my computer. I am blocked by you. O NORTON I wish I had not changed security systems.

  • Sam

    Tip for everyone, switch to Norton 360, not a problem to be had.

  • David Matthews

    After reading some of the blogs I am shocked that so many people are feeling this way. Give me a break. How many of you have never made a mistake in your life. Really

  • Tijno

    Took me 1.5 hours to solve the issue… (found a much clearer explaination on another site how to solve it by the way). Will cancell my subscription and go to an opensource solution !

    Thanks for nothing

  • I agree with most of you, I did just about everything however the system is still not working. My customer is not very happy and he suggested the following:”Crash the OS and re-load it, I don’t give a blank, blank, just fix it.” I don’t know what the issue is but I will do as he says, he is the one that signs the checks.

    Cheers!!

  • Dave

    We were considering your products as our current enterprise wide solution can not scan our EMC Celerra NAS. Based on this incident, but most importantly your handling of the response, your products will be weighted accordingly.

  • PPG

    This is horrible. I spent entire day with a computer having no internet, can not open/run and copy-paste files. What a diaster? How can we trust Mcafee here onwards? This update impact is more than a virus. Literally devastating. So does that mean you guys only create viruses (like this) and sell anti-virus softwares? Come on what is this? You must protect us.

  • Anthony

    “one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base–home users”
    Seriously?!?! Who are you trying to kid??? Are you SO isolated from reality that you haven’t the slightest clue as to what is really happening out there due to what I would say is clearly McAfee’s BIGGEST and most NEGLIGENT blunder???
    I don’t even know why I’m so emotional over this. I use Norton at home, and my employer uses Symantec across its enterprise. Thank goodness for that!
    Some words of wisdom – stop attempting to downplay this situation; it’s only making your impacted customers more angry and frustrated than they already are.

  • Jerome C.

    Kudos to David Blankenship for the fix.
    Shame to McAfee for their standoffish attitude, and their lack of professionalism. Downplaying the problem is not helping anyone. Just publish fixes…everywhere. And give a substantial award to those who found the fix for you.
    Don t worry, customers will make you pay for that.

  • Susie Q

    I’m out of work today – out of work tomorrow – likely – system restore is gone – no drag and drop features on the desktop – the Start Bar buried itself SOMEWHERE.

    I don’t have time to sit and read blogs and hope I find an answer. WHAT are you people gonna do?

    I want to take my comp to Best Buy and have them FIX it – YOU are going to pay for it. I can’t even get on internet to download your f**** fixit.

    Really bad time in the economy to be out of work – FOR ANY REASON!!!@!!!!!!!!!!!

    Absolutely NO excuse for this – hopefully you can fix everybody’s comps and then shut yourselves down.

  • D. Slinger

    Boot into Safe Mode by pressing F8 during the POST before the XP logo appears. Login with your local admin account.

    If the PC boots REALLY slow, like 3 minutes to get the desktop, the SVCHOST.exe is probably missing. The GUI copy/paste function will not work. You will need to use the command line to copy files. Explained below.

    Insert a thumb drive that contains a copy of XPSP3 SVCHOST. EXE and EXTRA.DAT (up to you to find on McAfee site. SVCHOST.exe must be from XP SP3!). It could take a minute for the drive to install and appear as a usable device.

    Press WINDOWS KEY + R to bring up the RUN command.

    Type CMD press enter

    The thumb drive will most likely be the E: drive.

    Type: copy e:\svchost.exe c:\windows\system32

    Type copy “e:\extra.dat c:\program files\common files\mcafee\engine”

    The “” are needed on the second command due to spances in the file path.

    Pull your drive and reboot.

    Fixed

    Move on. Once you have the files on the thumb drive, this takes about 4 mintues.

  • Peter

    I lucked into the source of the trouble because I happened to see the DCOM shutdown timeout — and could Google on that symptom using an unaffected computer.

    Unlike myself, some home users with XP SP3 missed the DCOM shutdown and lack another computer to find help. They remain deadlocked, and McAfee can not reach them. They are the real measure of McAfee’s incompetence!

    As a gesture of good faith, McAfee should extend each existing 12-month subscription by an additional month. A free month for a lost day is the least they can offer. If situation worsens, a free *year* for a lost week.

  • Im glad that u have considerd that Windows is a threat.
    But im sad to say that im one of the people that has been affected by our software and the first result is that i now have uninstaled it from my companys computers.
    BR
    Stefan from Sweden

  • Don

    Wow, Glad I am not a McAfee user.

    If anyone is looking for a GOOD, reliable antivirus, check out www.avast.com. It is free for home use and in my experience catches more problems than McAfee or Symantec. No, I do not work for them, I am just a happy home user who does not pay a dime to support this type of nonsense.

  • clement james

    I’m sitting here; trying to get my laptop working; it has all of my work files; letters; plans; pictures; addresses; email; technical documents; proposels; I could go on; then today I find out the software that I use to protect my data; that I paid good money for; is causing me pain; now to fixed it I have to spend time that would otherwise be use to make money; and now I’m not very happy; not a good way to start a day; thank you

  • Bob

    What is even worse and inexcusable is that I had a live chat with a support person who had no clue about the problem. I described the problems with my computer which were exactly as described by McAfee and they couldn’t help.

  • Patrick Macy

    Goodbye Mcafee. I shall NEVER trust you again.

  • Chuck Stradley

    OK, now I am really fried!!! You guys put out two supposed fixes for consumers. I’ve tried both from the effected machines and neither works, Windows refuses to recognize the syntax in the .exe file directions and running the provided fix from the Thumb Drive tells me the .dat file has been removed and all should be good however when I reboot I go back to the endless loop. You haven’t done anything to actually fix my problem. If the svchost file was deleted from the hard drive how the hell are we supposed to copy it back when it is either deleted or quarantisned. I’m no IT whiz but I know when someone is half stepping. I can spell TOYOTA and you guys are pushing me close to that point. As it stands now I’m going to have to spend $250 for my IT experts fix your f***** plus the down time which is costing me money. No wonder the professional IT guys who have hundreds of machines are going to pull the plug on you. I spent 40+ years in Quality Assurance and it would appear that you talk the talk but fail to walk the walk.

    I want a response quickly as to how to fix this problem and a commitment to reimburse me for my IT expenses as stated above.

  • Jim Wolff

    Are you $*&!? kidding me? One half of one percent?
    What kind of new math is that? That is not what I am hearing from the field. You hosed millions of customers and fail to take responsibility. This enterprise customer will NEVER renew with you!

  • Ohanes

    Both computers desk/laptop no longer have the task bar, windows menu, network,no internet connection,no restore is posible-completely dead.
    How can I install the patch ??
    Somebody screw up big this time…..
    Who is going to pay for a remote outside repair..
    Probably alot of computers are affected-maybe milions…
    Give a better solution haw to fix this mess..

  • patrick

    Maybe all other Major Anti-virus companies should Detect McAfee products as “malicious” haha.

  • Tom Hassell

    I bet the Enterprise sales team over at Norton are on fire this morning.

    I cannot comprehend your blog post and its attempt at minimizing the impact of this failure on your part.

    I personally came by to let you know I will never us another McAfee product again until your company can at minimum, accept responsibility for its mistakes.

  • Pam I am pissed

    What a mess this has created, no start, no task bar, no outlook, no programs are working period. All windows programs gone. I ran the scan yesterday, did a shut down and when I came back on line, it was all gone. This is barely making news, why are you not making more of a story out of this?@#$% I did a restart and got it back up and going with internet, but no windows programs, now I have to buy new stuff $300 for your mess, how are you guys going to be liable? PLEASE post more info on your web site.

  • I’m smelling exaggeration in these comments.
    So far I’ve fixed 3 computers with simple restore of the quarantined file and restart.

  • Stuart

    McAfee’s response – What a complete joke that was.

    I like the comments ‘researchers worked diligently… passed our quality testing’. Yeah right – what a bunch of IDIOTS!! This has cost my company $$$’s in added workload.

    Time to switch from these incompetents I suggest!

  • Prickly Pete

    “Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3″

    Ya think?

    This tells me to not use one product to protect the entire enterprise. I am going to replace McAfee on some machines with a product from another vendor. This way if something like this happens again we won’t loose everything. At least we can limp along with a couple pc’s in each department.

  • Roel

    Dear Barry,

    despite following all guidelines, there is no way my XP machine or those of my colleagues is running again. I have been sitting here trying to fix it for the past 10 hours…am so grateful have another machine which runs Norton and which. Suggestion #1 get a full scale, 1 for all automated fix in place. Suggestion #2 get some good lawyers. Suggestion #3 hire a new PR/ communication officer #4 make sure you post whatever you do big time on your website and make it as simple as possible for anyone to get full insight in anything which is going on #5 make sure you post progress every hour or so (had not heard from you for 14 hours)6# try to graduate for your primary school, as a 10 year old would probably do better in these circumstances

    waiting for your follow-up

    Best regards,

  • Keith Spencer

    60 percent of our computers were unusable for 3 to 6 hours yesterday due to your false positive detection.

    I have used the McAfee EPO product to manage 180 installations of McAfee antivirus software for the past 8 years. This year will likely be the last.

    I require better quality control from my antivirus vendor.

  • Martin

    Here’s an update from Sweden:
    Telia, the largest phone- and broadband distributor: 15000 computers affected
    Systembolaget, warehouse for alcohol: 28 stores closed due to computer failure.

    I have, luckily I may say, Vista on my home PC and were not affected but never the less, in my eyes McAfee has lost a great lot of trustworthyness. This mainly based on the worthless comments coming from McAfee management. As many before me has stated it seems to be more important to keep up a good face rather than listening to the many affected and angry customers who has lost money due to the current event.
    I think the best way to keep up a good face, if that’s your main priority, you come up with a good compensation for all affected by your mess-up and get some credit that way.

  • Scratch1

    I know of two home users who are affected by the problem. And more importantly, they didn’t know they were infected. They just knew that their computer wasn’t working or keeps rebooting. So, I think that there are many more people who are affected and haven’t made the connection to this being a McAfee caused problem.

    McAfee really needs to step up their communications game and inform people of what’s going on. I think this includes advertising on TV and Radio to get the word out so that people aren’t spending $200 with Geek Squad. (Perhaps I should check to see if McAfee owns stock in GeekSquad.)

    Second, feature the problem and the fix on the front page of your site. Burying it in a link is not “mannin-up” about this at all. Remember, it’s not the fact that you have a crisis that people will remember; it is in how you respond to the crisis. And right now, McAfee is doing a very bad job.

    As an IT consultant in a position to make software recommendations for Fortune 100 companies, I would have a hard time recommending that people stay with a company who really isn’t partnered with them in good-times and in bad. Step up your game, McAfee, and show that you are the one to stick with in difficult times.

  • 60% of our college’s computers were unusable for 3 to 6 hours yesterday due to McAfee’s false positive detection.

    I have used McAfee’s EPO product to manage 180 installations of McAfee antivirus software for the past 8 years. This year will likely be the last.

    I require better quality control from my antivirus vendor.

  • Scratch

    I know of two home users who are affected by the problem. And more importantly, they didn’t know they were infected. They just knew that their computer wasn’t working or keeps rebooting. So, I think that there are many more people who are affected and haven’t made the connection to this being a McAfee caused problem.

    McAfee really needs to step up their communications game and inform people of what’s going on. I think this includes advertising on TV and Radio to get the word out so that people aren’t spending $200 with Geek Squad. (Perhaps I should check to see if McAfee owns stock in GeekSquad.)

    Second, feature the problem and the fix on the front page of your site. Burying it in a link is not “mannin-up” about this at all. Remember, it’s not the fact that you have a crisis that people will remember; it is in how you respond to the crisis. And right now, McAfee is doing a very bad job.

    As an IT consultant in a position to make software recommendations for Fortune 100 companies, I would have a hard time recommending that people stay with a company who really isn’t partnered with them in good-times and in bad. Step up your game, McAfee, and show that you are the one to stick with in difficult times.

  • Vera Murrell

    My Windows XP operating system now has many errors/flaws and will need to be reinstalled to fix. McAfee is now deleted from the system after I followed the directions on the email you sent my husband concerning our account early Wednesday. The issues caused by your mistake and lack of assistance will definitely impact my next purchase decision. Can you say ‘Toyota’?

  • Gene

    Does a false positive Issue mean that it really was a true negative issue???

  • We received this file through email from McAfee

    http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe

    Boot into safe mode, load this file from a thumb drive, reboot. It has fixed the broken computers.

    Why isn’t this link on McAfee’s front page!!!

  • Richard Coleman

    I too had the problem with my home computer Windows XP. Fortunately I did have another computer that was not affected (due to being off). I would not have known what was wrong if not for a link on Lucianne.com about the McAfee DAT problem. I was able to find the link “fix” at the McAfee site, download to a traveldrive and install on my non-functioning machine in safe mode. It took some doing to navigate since I did not have a tool bar but I was finally able to install the fix. It took care of my problem. If I had not had another working computer I probably would have incurred expense to take the machine to a repair service to find out what was wrong.

  • Walt Smith

    “less than one half of one percent”

    Are you serious?!!! One of our IT guys said the count so far was thousands – 40% of the servers he knew about were affected.

    The quote above shows serious waffling!

  • Calypso

    Had to copy svchost.exe from a working computer.
    Svchost.exe was not in the dllcache directory of the affected computer.
    After I copied it in CMD modus (DOS level) it worked again.

    Thanks!!!!

  • Parrilladk

    I spent most of the day yesterday trying to fix my computer as I am today. I have been on the mcafee main webpage and there is no mention of a problem. Where I work (university) there were at least 1/4 of all computers down.

  • Mr. S

    We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally…

    Yeah, your belief is WAY off base, and you know it. How about an apology instead of spouting damage-control lies? About 99% of our 700 computers got hit by this yesterday and we are still working on getting them up today. I know of several other organizations first-hand that are having problems as well – Thousands of machines.

    I suppose this is to be expected since you outsourced Q&A to India. Time to buy your stock and short sell it…

  • Mr. S

    We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally…

    Yeah – your belief is WAY off base, and you know it. How about an apology instead of spouting damage-control lies? About 99% of our 700 computers got hit by this yesterday and we’re still working on getting them up today. I know of several other organizations first-hand that are having problems as well (Thousands of machines).

    I suppose this is to be expected since you outsourced Q&A to India. Time to buy your stock and short sell it…

  • Bob

    What a joke. STILL no mention of this issue or the links on your homepage. Hello Toyota of the software world!!! It will be interesting to see how your customer-base leaves you in the same way they left and are leaving Toyota. Maybe if you put up something on your homepage NOW and get out in front of the damage you can save your company. So far, too little to late.

  • Lee

    Your statement that down plays this issue by saying this only effected one half of one percent of your business customers completely amazes me.

    The QA department in McAfee failed to catch this pure and simple. Had they have had an XP machine with SP3 in their lab they would have identified this right away when the 5958 DAT file was applied.

    Yesterday, McAfee was the VIRUS and the clean up continues on over 700 machines.

  • John

    McAfee, Why don’t y’all release a self-booting ISO that will fix the problem? It would be easy to do. It would fix the problem. Overnight mail a repair CD to anyone who was affected who can no-longer boot their PC, and has no access to burn an ISO. This will save you a lot of headaches, I’m sure… The only people this wouldn’t help are those who cannot boot off CD (i.e encrypted boot hard drive).

  • Aaron

    Barry McPherson you are full of s*#t. I don’t know where you got your numbers but they are way off. Your fix it solutions don’t work on every computer. I am having to rebuild a number of workstations to get them functional again. Thank you for costing me two very long days now with very little sleep while I try to get people’s computer working again. I should turn around and bill you for the hours I have spent so far fixing problems you caused. Your response makes it sound like everything is peachy and you are on top of the world. Well I have a headache the size of Montana due to your ignorance. You should be issuing out refunds to everyone of your customers.

  • Ed Bilger

    Like Alex, my computer has been stripped of much of its functionality. My email is gone. I have a home business. Does McAfee care about the damage that is done? How do I, a non-geek, restore my computer? Yes, the Restore function is gone.

  • Tom Philipps

    It is darn shame you are unable to admit you screwed up. No, this was not a tiny problem when 400 workstations in my company were unusable for most of a day. You a lot of us a lot of money yesterday.

  • Sandy P

    I agree with so many people. I lost total use of my computer & am unable to get into any systems to try fixes. What are we supposed to do? I do not have the money to buy a new one or pay someone to fix it. My daughter had a hugh research paper for her college class due today & was unable to complete it. I will definitely be cancelling my subscription for McAfee!

  • CyberdyneSystems

    CybderdyneSystems

    Gee, do you think you could maybe make finding the patch a little easier, like link it from the article above and maybe from your front page?

    I mean, you’ve only hosed millions of PCs around the world, most of which are now looking for this patch.

  • Alex

    I no longer have the task bar, windows menu, network and sound on my pc.
    I can’t install the patch, backup my files (copy paste is disabled)
    I’m going to loose all my work because of a stupid geek who doesn’t know how to program.
    No more McAfee!

  • Deborah

    This mistake gives you exactly 3 to 4 minutes to investigate, assess and change. Not enough time to figure out what all the geeky terms like DCOM, DAT and SVCHOST means. I\’m not a geek so I took the laymans way out and deleted the whole enchalada.

    My computer kept rebooting itself, after about 5 times I figured out how much time I had to go into Control Panel, hit add/delete programs, wait until the list populated itself (a nail biting situation) and I just deleted McAfee. My computer is working fine, but I am now without protection. What I want to know now is can I reinstall from my disk, choose NO AUTO UPDATES and carry on until my subscription is over (8/10) and purchase better protection software?

  • Deborah

    This mistake gives you exactly 3 to 4 minutes to investigate, assess and change. Not enough time to figure out what all the geeky terms like DCOM, DAT and SVCHOST means. I’m not a geek so I took the laymans way out and deleted the whole enchalada.

    My computer kept rebooting itself, after about 5 times I figured out how much time I had to go into Control Panel, hit add/delete programs, wait until the list populated itself (a nail biting situation) and I just deleted McAfee. My computer is working fine, but I am now without protection. What I want to know now is can I reinstall from my disk, choose NO AUTO UPDATES and carry on until my subscription is over (8/10) and purchase better protection software?

  • The swed

    I understand why this post disappeared from the frontpage of the blogg. This post is a disgrace.

    The new post is not much better, marketing BS instead of apology and straight answers resolving the problems.

    1. None should be charged today for calls to support.

    2. You must offer people some compensation, one free month is more than nothing.

    3. Tell it like it is, and say your sorry.

    That’s a start. But you lawyers think you can lie and hide.

  • Does anyone here remember reading the installation license agreement when they installed McAfee? Most likely is absolves McAfee of any liabilities whatsoever and places the risk of operation completely on the end user. Nice!

  • Jeff

    I have not been a fan of McAfee products for a long time. This error, and the way McAfee is handling it, are ensuring that McAfee remains on my “not on MY network” list.

  • Does anyone here remember reading the installation license agreement when they installed McAfee? Most likely is absolves McAfee of any liabilities whatsoever and places the risk of operation completely on the end user. Nice.

  • Bill

    We have a company of 30,000 people and the entire organization lost all network connectivity for the entire day. This equates to about about $5m of productivity that was lost yesterday. I don’t buy the 1/2 of 1 percent comment.

  • David

    Hospitals are down, universities are down, businesses are down, including mine, and the “fix” you posted did nothing for me. As far I’m concerned you’re fired.

  • I find it impossible to believe that only 0.5% of enterprise customers run some XP SP3 machines somewhere in their business. We like many McAfee customers had loss of service to many users due to this incident and recovery has consumed a large amount of IT time and caused user fustration. We also run McAfee on our mission critical servers, which luckily were not impacted, but obviously this incident has highlighted very poor QA. I cannot understand how this could have been missed by a satisfactory QA process and will be removing McAfee products on some if not all of our servers. We will also definately be reviewing our options for the desktop.

  • Patrick

    I disagee that only a few were affected. We are still working on hundreds of computers on day 2 that require individual visits to resolve the SVCHOST issue caused by the false-positve.

  • Randy

    Who and where do we need to send the bills for cleaning up this mess?

  • Talk about an understatement: “the error can result in moderate to significant issues on systems running Windows XP Service Pack 3″. I betcha if “Mr. Barry’s” desktop pc had been rendered usless like mine at home, heads would roll. And roll they should.

    Question is: Is McAfee culpable? I think they are. Think about it. How many manhours has their substandard product cost companies and individuals across the world. Do you think they can spell bankruptcy?

  • Mark C

    Epic corporate fail. McAfee will be no more within months. I used to be a McAfee user, and even tried them one more time with trialware on my netbook but after a couple of days of frustration I removed it. Even though this update would not have affected me, I’m sure a Win7 fail is in the future.

    McAfee’s public response has only succeeded in shooting itself again in its remaining foot. Barry, you didn’t do your company any favors at all – it would have been better if you had said nothing than what you did say. This leads me to think that corporate leadership is no smarter than the regression testing lab.

  • Rasmus C.

    This morning our IT-department found out that more than 300 computers in our network-domain was affected by this error. The machines could not be used because of the file svchost.exe was removed i Windows.

    We then had to visit alle computers or use 10-20 minutes in the phone with each owner of the computers. And we have used at least 10 minutes per computer and we are still having more than 100 machines wich cannot be used at this time.

    So we are not at all impressed by this update fro McAfee…;o(….

  • Rasmus Christiansen

    This morning our IT-department found out that more than 300 computers in our network-domain was affected by this error. The machines could not be used because of the file svchost.exe was removed i Windows.

    We then had to visit alle computers or use 10-20 minutes in the phone with each owner of the computers. And we have used at least 10 minutes per computer and we are still having more than 100 machines wich cannot be used at this time.

    So we are not at all impressed by this update fro McAfee…;o(

  • Tim

    Your blunder has already cost me over $2000.00 USD. In the first few hours of your mistake. It goes with out saying you have lost me as a customer.

  • Jeff Ross

    Thanks for MCPR.exe! Works great! I was able to completely remove Mcafee products from all company computers.

  • Nathan Smith

    Totally wasted my entire day dealing with this in a 76 station computer lab. My IT team is still working to help faculty and staff recover from yesterday’s 5958 update. In most every case we’re having to boot from an external device in order to replace the svchost.exe.

  • Dave

    Thank you for complete and utterly admitting that you are a management idiot. All of us who are “home users” now feel completely minimized and un-valued by you. You will NEVER see anymore of my money. I will choose to vote with my wallet once I can get my now useless laptop repaired thanks due to you and your uncaring firm.

    Barry this statement should get you fired for complete ignorance of both the situation and it’s impact on the future of your firm.

  • Dimitris Andreou

    For all practical purposes, McAfee *IS* the virus.

  • Emmett

    Ran the new SuperDat tool that was provided and followed the instructions that was e-mailed to me from McAfee. Start up performance greatly improved but the operating system is still jacked up. I have to keep intercepting shutdowns by using command line because services not starting properly and they are initiating the pc to reboot just so I can try to figure out what else is not running properly. I have seen viruses/malware that were easier to correct the issues manually then this fubar. Guess I going to be wasting company time reinstalling a PC in the end along with re-evaluating out security software suite for next year.

  • NOD32

    I havent used McAfee Is many many years, and thank god for that! This news even made the biggest paper here In Norway

  • Lisa

    We had hundreds of PCs affected by this issue, your one half of one percent estimate to downplay the extent of the issue is insulting.

    Your lack of support and useful information information made the situation even worse.

  • Ken Schnieder

    If it’s such a small percentage of customers that you say (0.5%), then you can afford to compensate them for their troubles. We estimate a company we were contracting at this week lost $1.2 million in lost productivity alone when their 2000+ PCc’s were bricked and all IT staff on hand, including contractors,were ordered into triage mode to recover PC’s. So, when can they expect a check?

  • Try this:

    1 Restart into safe mode with networking

    2 open a Command window. If your explorer isn’t started, hit CTRL – ALT – DEL and hit Task Manager.
    Hit File, run. CMD.EXE and enter.

    3) type DEL C:\Program Files\Common Files\McAfee\Engine\avvscan.dat

    4 type cd c:\windows\system32\dllcache

    5 type copy SvcHost.exe ..\

    6 Restart your PC. You are good to go!

    This instructions have its source here:
    http://brianseekford.com/index.php/2010/04/21/how-to-fix-the-mcafee-svchost-crash-from-the-virus-definition-update/

    //pcpro@home.se

  • Large Enterprise User

    “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally.”

    I work for a very large enterprise-level multinational corporation. Literally TENS OF THOUSANDS of our employees worldwide have been severely impacted by this fiasco. I am urging my company to exercise its legal prerogatives and hold you fully responsible for the lost productivity and revenue your irresponsible behavior has caused.

  • Keaboka

    McAfee better step up and stop hiding behind their fingers. Once one of my computers experienced this problem, I went to the Mcafee website hoping to get answers on how this was happening to my computer. Gues What!! NOTHING WAS THERE!!

    I had to post a report to microsoft and that is only when i got to learn about this problem from other users and the technicians at Microsoft.

    Then I find a small link in a little corner on Mcafee home page about this problem. And gues what? It doesnt say there is a problem. It says “False-Positive” What the hell is that?

    You know, My account is over the return period by a few days, But I believe I am still entitled to a full refund considering the loss caused by this product.

    My wife cant even study for finals because the computer wont work.

  • Brett

    Step 1: Fix the issue and inform customers.
    Step 2: Offer free month/year service to customers that were affected.
    Step 3: Investigate why your QA team dropped the ball and reorganize accordingly.

    QA should be testing against every supported OS with every possible combination of the settings enabled/disabled. Uh, that is their job.

    Honestly, for a premium service you are supposed to do it better. Often you are the only defense computers have from the malware writers of the world. You are supposed to have a bullet proof solution and not be the source of the problems.

    Microsoft helped you out by discontinuing support for their OSs that are 10 years or older. This means your QA department has less to test against. Thus, it is acceptable to say tough luck to a Windows 98 user that was running your software and it broke. But Windows XP Service Pack 3? Really?

    Bottom line: The base functionality of your service combined with ongoing payment does not allow you mistakes. You should have caught this before it went out the door. You are supposed to be one of the best now act like it.

  • Brian

    Nothing quite like spending 6 hours to completely restore my laptop, without which I can not connect to my workplace. Fortunately for me after reloading my machine, I was too tired at 1:00 AM to load the last piece of software (McFee Suite.) I had not realized at that point that my virus protection software (my insurance policy) is what made my machine un-usable. It probably was fixed by then, but I think I will give it a few days.

    Nice Job on making an otherwise good day really crappy. Oh and I am sure it was my fault because I decided to use the functionality of your software.

    I look forward to hearing how you will be compensating your customers. For starters you should be refunding our subscription fees. Perhaps even a few additional years of service on the house (not that it is worth the risk).

    Just remember that whatever your numbers indicate to you, this had a very very real impact on many people.

    Even if it was 1/2 a percent of whatever, I still spent 6 hours restoring and reloading my machine. That is kind of the very problem you are supposed to prevent.

    NOT GOOD!!!!

  • I am a Network Technician in NY and ran into this problem yesterday at one of our clients. Thankfully we caught the issue and manually hit the machines affected to resolve the issue. We don’t sell McAfee and I know this may be inappropriate, but for those of you looking for other products Vipre Enterprise and Home Editions is a great product and it does not use a lot of system resources. It is constantly in the top 5 of Anti-Virus product reviews and is a cheap alternative to this product… Hopefully McAfee rectifies this with their existing customers. I have spent over 10 hours in the last 2 days and will be billing the client at 125 an hour… That really sux for them.

  • Try this solution:

    1 Restart into safe mode with networking

    2 open a Command window. If your explorer isn’t started, hit CTRL – ALT – DEL and hit Task Manager.
    Hit File, run. CMD.EXE and enter.

    3) type DEL C:\Program Files\Common Files\McAfee\Engine\avvscan.dat

    4 type cd c:\windows\system32\dllcache

    5 type copy SvcHost.exe ..\

    6 Restart your PC. You are good to go!

    This instructions have its source here:
    http://brianseekford.com/index.php/2010/04/21/how-to-fix-the-mcafee-svchost-crash-from-the-virus-definition-update/

    //pcpro@home.se

  • Brian

    Nothing quite like spending 6 hours to completely restore my laptop, without which I can not connect to my workplace. Fortunately for me after reloading my machine, I was too tired at 1:00 AM to load the last piece of software (McFee Suite.) I had not realized at that point that my virus protection software (my insurance policy) is what made my machine un-usable. It probably was fixed by then, but I think I will give it a few days.

    Nice Job on making an otherwise good day really crappy. Oh and I am sure it was my fault because I decided to use the functionality of your software.

    I look forward to hearing how you will be compensating your customers. For starters you should be refunding our subscription fees. Perhaps even a few additional years of service on the house (not that it is worth the risk).

    Just remember that whatever your numbers indicate to you, this had a very very real impact on many people.

    Even if it was 1/2 a percent of whatever, I still spent 6 hours restoring and reloading my machine. That is kind of the very problem you are supposed to prevent.

    NOT GOOD!!!

  • ILikeComps

    Thank you boys… i just see this subject on the news. and i thought might take a look what you people have to say…. ive had fun for 2 hours… dont trust a virusscanner… All virusses start in the beginning as a program, and it depends on the developers to keep it a program if you get my drift. Never trust Anyone on the internet. As you can see they backstab you whenever they can.
    And then people like me reading what misery you people have put yourself on the shoulders.
    Good luck boys, and if you all was so good, you wouldnt have this problem in the first place…. dont blame mcaffee, blame yourself cuntheads!

    If This already passing the Mcaffee Test Lab, what more can you people gonna expect.

  • As a long term customer of McAfee with over 4500 PCs and servers I have to say I have always put up with the rather poor support and account management from McAfee due to the strength of EPO in a large corporate environment.

    However this incident has just about finished of any last allegiance to McAfee.

    All AV or security companies have the occasional problem but the blatant marketing style of this release and sudden influx of ‘concerned mail’ from our account ‘executive – who only normally calls at renewal time – is galling and patronising to the hundreds of support staff that are running round machines with cds and removable media to ‘clean’ our ‘infected machines.’
    This incident is worse than any real virus we have ever encountered!!

    Come on McAfee – admit this is a major failure of your testing system and don’t blame your customers for turning on security features that you promote when trying to sell a product!

  • Frank

    Tragic error and it affected hundreds of our machines and unproductive salesforce. However, McAfee has also saved my butt hundreds of times with timely and effective anti-virus updates. As bizarre as this sounds they still get an A, regardless of how the error was handled.

  • Brian

    Nothing quite like spending 6 hours to completely restore my laptop, without which I can’t connect to my workplace. Fortunately for me after reloading my machine, I was too tired at 1:00 AM to load the last piece of software (McFee Suite.) I hadn’t realized at that point that my virus protection software (my insurance policy) is what made my machine un-usable. It probably was fixed by then, but I think I’ll give it a few days.

    Nice Job on making an otherwise good day really crappy. Oh and I’m sure it was my fault because I decided to use the functionality of your software.

    I look forward to hearing how you will be compensating your customers. For starters you should be refunding our subscription fees. Perhaps even a few additional years of service on the house (not that it’s worth the risk).

    Just remember that whatever your numbers indicate to you, this had a very very real impact on many people.

    Even if it was 1/2 a percent of whatever, I still spent 6 hours restoring and reloading my machine. That’s kind of the very problem you’re supposed to prevent.

    NOT GOOD!!!

  • carrie

    had to format and complete reinstall, all data lost, no backup. years of data, customer data all gone, all I have is a half written phone log of incoming prospects. I\’m screwed without even dinner. thank you McAfee for your Quality Assurance i\’m so greatful for paying you for my only sourse of incomes total failure.

  • Darrell

    A fix that worked for me:
    - Copy svchost.exe from another WinXP PC put it on a USB flash drive. Location is “c:\windows\system32\svchost.exe”
    - Boot hosed computer in safe mode (use F8 repeatedly before computer boots Windows)
    - Place flash drive in computer. I had to run a wizard to get it to recognize the drive. It errored, but still recognized the drive.
    - Open command prompt from run menu. Hold Windows Key and R, type cmd
    - Change the directory to the flash drive or CD drive, e.g. type f:
    - Type without quotes “Copy svchost.exe c:\windows\system32\”
    - Exit command prompt
    - Reboot computer in safe mode
    - From control panel, add/remove progams, remove McAfee
    - Reboot computer normally
    - Reinstall McAfee and update (if you are adventurous) or choose to install another antivirus program

  • Bill Zimmerman

    I understand the pain most organizations are feeling with this problem, and it is a very unfortunate situation. We run TVD, and e-Policy Orchestrator in our enterprise, pull available updates on an hourly basis, then push the updates to the desktop. This product is not inexpensive, requires internal resources to manage, and you certainly do not expect to be crippled by the very organization protecting you. However, we were notified by McAfee of the problem in reasonable time, our system administrators reacted, and saved our organization from the impact of this update.

    We have been a McAfee shop for over 10-year, good product, good solution, good support, bad situation.

  • Erin

    I’m a freelancer and my computer is my lifeblood. You hurt my computer and cost me time and money.

    Result: I will never give you my money again.

  • Gary

    well, if our company (and what I read on the internet yesterday) is any indication, McAfee not only was lax in internal testing, but slow to remediate and slower still to accept fault. I think we learned our lesson form the Pentium issue years ago, I wonder what the fall out will be from this? It will not be as easy as McAfee is pretending it will.

  • D. Hatton / Senior Sys Admin

    Wow. This issue is huge and widespread. Just in my agency alone, we have hundreds of computers that must be manually repaired, all across the state. No remote fix. No central administration. Techs have to build .bat files with good svchost.exe files and the new dat file from McCrappy, and then deploy out to multiple locations with their “thumb drives”. The majority of systems at all customer locations are rendered useless. That being said, I’m not at all surprised at how this has been downplayed. I am very curious to know what QA was done, as this issue was really not hard to discover…duh.

  • Mike Smith

    Why do you guys even exist?
    We should all use Microsoft Security Essentials.
    Its FREE and wont mess up our computers.

  • Michael

    SOOOOO happy I dropped McAfee products years ago! Anyone who can unhose their systems needs to drop this product like a hot potato and install Microsoft Security Essentials. Been using it for a year and it has not given me any problems and is easy on the resources.

  • Thomas

    Workaround works. Just did fixed the local PC ( fortunately only one affected). Anyway – not very impressed.Im a corporate user and have to admit that I spent quite a lot of dosh on McAfee. This is my last year with them.

  • Mike Barry

    Less than a half of 1% ? It’s not encouraging to know that you see this as only a small problem.

    You just wiped out anyone who had their PC turned on with auto update enabled and are still using Windows XP. Did I get that right ? Less than 1%, eh ? Can you say “almost all of your corporate customers” ? At a minimum. And they can’t be fixed by a broadcasted solution but need to be individualy fixed by IT personnel.

    Do you list “Corporate Responsibility” as one of your company Values ?

    I work for an international company with close to 100,000 worldwide employees. I think you know who we are. We use McAfee and their auto security updates. Since we never went to Vista & are just now going to Windows 7, probably 25%-30% of all our PCs were taken down by this. This update was released about 6am Pacific Time. Anyone who turned on their PC at work in the morning before this problem was discovered about 8am and shutdown would have gotten hit. If this had been released later in the morning when the majority of our PCs would have been online, we probably would have had over 80% of our PCs down.

    This problem hit millions of PCs.

  • Overworked IT Department

    I has been almost 24hours since the beginning of this fiasco.
    You would think than by now a warning would be posted right smack in the middle of your website home page to help people fix this issue. but NO !!!
    you have to look around the main page to find a non descriptive link to this blog, read the blog to find links to other pages where you might get some information on how you might be able to fix the problem!!!!

    What about a main page saying:

    ALERT WE SENT YOU A CORRUPT DAT FILE TO FIX THE ISSUE CLICK HERE…..

    Pathetic !!!

  • Leif Källsten

    We’re running ePO 4.5 Patch 1

    In our system the “McAfee Default” policy for VirusScan 8.7.0 “On-Access General Policies” has “Scan: Processes on Enable” checked.

    And this setting is not possible to change.

  • Bill Pickett

    1. If McAfee would have posted the info to the front page of their site yesterday, we could have mitigated the damage. They are certainly negligent in not doing that. We here something major was happening to other organizations that involved the network but could determine no details until we started seeing computers fail. I agree a security based company must maintain their credibility.

    2. If you are from a enterprise user. Post that. I have to believe that the issue involves more than the number listed. This would be a good litmus test. – Enterprise User

  • Sparky

    “In the past 24 hours, McAfee identified a new threat that impacts Windows PCs.”

    BFD. We all knew about it hours before you did.

    I can’t believe you still have this explanation up. You don’t even describe correctly what happened, and you describe no fix. This is a “response”? You weasel.

  • Craig

    I understand that this caused problems, but I can’t believe the whining of our society. This is like buying a truck to haul a shipment and the truck breaks down. Dang, we need to sue the truck manufacturer or maybe the belt broke so we need to sue the belt manufacturer. The point is that when you run a business, you need to realize things happen and have a backup plan or live with the consequences. We are so quick to blame and yes, they made a mistake and they should do whatever it takes to fix the issue, but all the people talking about paying damages and buying a new computer; get over it. If you don’t know how to fix it, take it to someone that does. That is why they have jobs and that is part of a business expense. It’s not like you never have to have repair costs for houses, cars, offices, boats, etc. It’s called an operating expense.

    BTW – I am responsible for over 1900 computer systems and over 100 servers running McAfee and thanks to McAfee’s quick responses, I have all of them up and running. McAfee did as they should be expected. They found an issue, pulled the cause, created a fix, are working with those who call in needing help, and got a replacement file that didn’t cause the issue. He, who has never made a mistake – cast the first stone.

  • HappyDude

    “The remediation passed our quality testing”

    If This already passed your tests, what more to expect…

    but im just a happy reader laughing in your faces because i dont use a virusscanner at all.. im my own virusscanner, and i do not make clicking mistakes.

    You people blaming McAfee… but just face it, you suck at a computer!… then you wouldnt use mCaFee in the first place.

  • Mary

    I have been completely unsatisfied with McAfee’s response. I have a ‘dead’ computer that neither Dell nor McAfee can help me with – - unless I want to PAY them…I have tried reloading windows twice now to no avail. I believe a class action lawsuit should be around the corner…anyone want to help get it started? I want a new computer and/or reimbursement for mine (it’s only 1 1/2 years old) (pro-rated of course..).

  • Dana Kimball

    Are computers that have not already been affected by this safe or do we need to download something too? Just to be safe??

  • Tammy

    Waiting on tech to come. God only knows what this is going to cost. Today is payroll day for me and I cannot complete it. Guess I will tell my employees to call McAfee and complain.

    Tech says he could possibly come today.

    This really sucks!!!!!!!!!

  • SS

    I work for a Large Financial Corp in NYC/NJ. Over 600 PC’s went down for 2hrs. I cant imagine what it cost us.

  • Karl Runner

    I had all of the nasty problem that others had and I WAS ABLE TO FIX THE PROBLEM. But first let me state that McAfee’s response to this issue with a little blurb titled “McAfee’s response on false positive issue” is INTENTIONALLY misleading and their fix can’t be implemented. Here is how I fixed the problem. MCAFEE, READ THIS.
    1) Grab your Windows XP CD and boot your computer from the CD. 2) At the prompt, enter to the Recovery Console (R option). For more info go here: “http://support.microsoft.com/kb/314058″.. 3) At the password prompt, just press the Enter key.(may not work with some OEM computers). 4) At the next prompt, press the “1″ key which will take you to the C:\Windows directory. 5)Remove the directory with the bad Mcafee DAT file. Type “RMDIR C:\Program Files\McAfee\VirusScan\DAT” (don’t type the quotes). 6) Reload a backup copy of SVCHOST.EXE (that’s the file that Mcafee wiped out. Type “copy C:\WINDOWS\$NtServicePackUninstall$\svchost.exe C:\windows \system32″ (don’t type the quotes) If you don;t have the $NtServicePackUninstall$ folder, then I can;t help you. 7) Take the CD out and reboot. Windows should start normally. 8)Since the replacement SVCHOST.EXE is an older version of the file, you should replace it with a current version from XP service pack 3. Here is how: Find a computer with XP SP3, copy the SVCHOST.EXE (from C:\windows\system32 folder)to a flash drive. Copy the file from the flash drive to the C:\Windows folder of the problem computer. Shutdown the computer and reboot it with the Windows XP recovery CD. Go to the recovery console(same process as you did before)and type the following “copy SVCHOST.EXE C:\windows\system32″. 9)Reinstall Mcafee anti virus from scratch. It worked for me. Took about 15 minutes.

  • Liz Lockhart

    I repeat. . .It was not just XP. I am running System 7!

    The difference, perhaps, is that I was able to do a RESTORE to get back to an earlier state before 5958, but I had to figure that out on my own. That was a short-term fix, though, because McAfee would update itself within minutes. Even though I refused to reboot when prompted, McAfee would then shut off my network access–hence, internet access, email, ability to print.

    If the computer works today (I am currently on a laptop that has not been affected), I will still have to spend time reinstalling Microsoft Critical Updates and Java updates that were blown away by the numerous system restores I did while trying to isolate the problem.

    SYSTEM 7, not just XP, was affected.

  • Robert

    Since McAfee is in head in the sand mode, here’s how to fix the issue…

    If you are able to get to the desktop:
    Log in and IMMEDIATELY select “Update Now” from the context menu of the icon in your task bar. The definitions should update before McAfee fully loads and you will cure it.

    If you are the victim of having svchost.exe deleted, which results in no task bar, no copy/paste, no network etc:
    Look for a copy of svchost.exe in c:\windows\servicepackfiles\i386. It may be there on some machines. If it is not, you will need to obtain a copy of the file on CD,
    boot to windows
    Open a command prompt by launching Task Manager and then starting a new task called “cmd”
    Type “cd\windows\system32″ without the quotes and press enter
    Type “copy d:\svchost.exe” without the quotes and press enter. (d: is the CD drive so it may be different on your machine)
    If you are asked to overwrite, select yes.
    At this point, reboot and you can follow the instructions above. Just boot to Windows and update your DAT file to cure it.

    Unfortunately not everyone has access to another copy of svchost.exe. McAfee shoudl pay to fix this. They are not doing themselves any favors by denying the impact.

  • Well..I can say that this extremely SUCKED for our whole states 11 institutions/colleges…our grant contract provides almost ALL our workstations to run Mcafee…which is a pain. The man-hours to dig out of this are painful, let alone the paranoia that it\\\’ll happen again in a week, due to a rushed fix. EPIC fail Mcafee, and EPIC weak \\

  • Charles Finley

    Well..I can say that this extremely SUCKED for our whole states 11 institutions/colleges…our grant contract provides almost ALL our workstations to run Mcafee…which is a pain. The man-hours to dig out of this are painful, let alone the paranoia that it’ll happen again in a week, due to a rushed fix. EPIC fail Mcafee, and EPIC weak “apology”.

  • Robert

    Since McAfee is in ‘head in the sand” mode, here’s how to fix the issue…

    If you are able to get to the desktop:
    Log in and IMMEDIATELY select “Update Now” from the context menu of the icon in your task bar. The definitions should update before McAfee fully loads and you will cure it.

    If you are the victim of having svchost.exe deleted, which results in no task bar, no copy/paste, no network etc:
    Look for a copy of svchost.exe in c:\windows\servicepackfiles\i386. It may be there on some machines. If it is not, you will need to obtain a copy of the file on CD,
    boot to windows
    Open a command prompt by launching Task Manager and then starting a new task called “cmd”
    Type “cd\windows\system32″ without the quotes and press enter
    Type “copy d:\svchost.exe” without the quotes and press enter. (d: is the CD drive so it may be different on your machine)
    If you are asked to overwrite, select yes.
    At this point, reboot and you can follow the instructions above. Just boot to Windows and update your DAT file to cure it.

    Unfortunately not everyone has access to another copy of svchost.exe. McAfee shoudl pay to fix this. They are not doing themselves any favors by denying the impact.

  • Rob

    All I can say is Thank the IT GOD I stopped using McAFAIL a long time ago – ever since I was given the total runaround by their so-called “support” line which at the end told me to repurchase the software (to obtain a lost key from a totally trashed hard drive). To all you (L)users out there – all the best of luck getting over the problems you’re having. Step 1 is to remove all McAFAIL software from your systems and go from there.

  • maxCohen

    “Corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, were not affected.”

    And then you’ll blame us for not having it enabled the next time there’s a problem. I have a good solution, go with AVG.

  • David

    You really don’t have a QA lab, do you?

  • JD

    I’m happy I use a competitive brand! And I will NEVER use McAfee, ever!

  • Ben

    So what about the small guys that are running off a small amount computers (no more than three or so) and have home total protection where they have lost their computer to this screwup. They pay for your service to protect their computer and this happens and they loose everything. Now they have to hope that they can find someone to fix your mistake and its not gonna be cheap bec computer repair and maintenance never is. So how long till my company that relies on these few computers is going to be fixed so I can mork to make some money in this downed economy??? And will I have to pay for repairs or will you company that I have paid for their protection from such incidents for 6+ years somehow get everyones computers fixed???

  • Phil

    Remember back when McAfee was a great product? That was way back in the days before Network Associates bought McAfee and destroyed the product. Yes, I\’ve been around for a while. Long enough to know that your canned responses are NOT acceptable.

    Question: How many Network Associates employees are now unemployed as a result of this fiasco? If the number is less than 10 you\’ve failed miserably a second time this week…..

  • Tom

    Seems like many of you still trust on newly released software updates, even if it hits thousands of computers in your enterprise. I personally think not only McAfee screwed up, but also every large company’s IT department that did not test the updates on their computers before deploying them. It’s not like buying a new car, it’s IT where you don’t have to double check if tires are mounted properly.

  • Doug Landrum

    One half of one percent? I work for a major corporation and it has crippled us. Own up, schmuck!

  • Mary

    My computer completely crashed. I believe McAfee owes me a new computer since I can’t get to the Internet, etc…and I can’t even reload Windows. I’ve tried twice and even Dell can’t help fix it. McAfee was NO help on the phone yesterday, nor was Dell.

  • Marc

    Wow this is a shocking response – what’s MaCafee actually doing to FIX this?!?

    If you can get the offending software off your machine then I’d recommend installing something from Trend Micro – their SPN stops this happening

  • Lucky Girl

    I have a MAC and I am still running MARVELOUSLY!

    More reasons to buy a MAC:

    MAC doesn\’t have McAfee

  • Candy Harding

    Where do we submit our bill?
    Thanks

  • Jeroen

    I think this message is more for the stock brokers then for clients. I had to work all day yesterday to get our agents machines updated. It was not a straightforward fix as in a lot of cases we couldn’t even update svchost.exe because it was in use/protected.

  • nico

    ‘Less than 0.5% of our customer…’ BS!

    All the XP SP3 computer in companies with Viruscan and EPO (more than 50% of our customer) encountered the problem.
    IT is just huge and everybody are running averywhere to try to put the companies back to business.
    Stop marketing communication and start to find good excuses because this is just the begining of the storm….

  • DeVoiD Jason

    Abviously your company doesnt have any quality control. the file you quarantined is nto only a Windows file, it is an important file that is used for many things, including Windows Services.

    Also, what the heck is the point in publishing the “fix” on the Internet when most peoples computer is rebooting all the time…. you expect them to try and get to the “fix” page inbetween rebooting!?? wow… what an amazing suck.

    this is just another example of why I walked away this useless product (my opinion, which im sure is now shared with many more users) many years ago, and havent looked back.

    My last point:

    Where in this post is your apology to the customers who, thanks to the lack off quality control, are affected by this Macafee created problem? huh? well? im sure people are waiting for it…… and try to sound sincere

  • Lane

    When will you put a “click here to fix our BIG MISTAKE” and another button that says “you know the mistake we mean, the one that crashed and incapacitated millions of computers”

    And please dont try to disguise it with words like “false positive” because its pretty likely anyone running McAfee will not disguise their intention to purchase a different virus software if…and this is a big if….you ever man up and put it on your website where a one click fix will resolve the issue, just like a one click update caused the issue.

  • Vickie

    This worked for me: Safe mode > restored to 4/20/10 > re-downloaded Mcafees.

  • There is a fix for the issue. You need a PC that has not been affected and a copy of BartPE. Copy the entire McAfee file from c:-program files-common files folder on the unaffected PC to a thumb drive. Copy svhost.exe from c:-windows-system32 from that same unaffected PC to the thumb drive. Boot the affected machine with BartPE. Go to the file utility and copy svchost.exe from the thumb drive onto the affected machine into the c:-windows-system32 folder. Copy the entire McAfee folder from the thumb drive writing over the c:-program files-common files-Mcafee folder. Reboot the PC. The issue is fixed. I can tell you that simply following the fixes off the McAfee website that were published as of last night didnt resolve the issue. The Extra.dat file did nothing. Feel free to contact me if you want to know how your customers feel about this debacle. Replace the dashes with backslashes.

  • Pissed

    We are about to renew our McAfee license, because of this, it is now not happening. It has creted even more work since we now have to study 2-3 other vendors and make a decision to switch. Kapersky, here we come.

  • Mike Edgerton

    There is a fix for the issue. You need a PC that has not been affected and a copy of BartPE. Copy the entire McAfee file from c:/program files/common files folder on the unaffected PC to a thumb drive. Copy svhost.exe from c:/windows/system32 from that same unaffected PC to the thumb drive. Boot the affected machine with BartPE. Go to the file utility and copy svchost.exe from the thumb drive onto the affected machine into the c:/windows/system32 folder. Copy the entire McAfee folder from the thumb drive writing over the c:/program files/common files/Mcafee folder. Reboot the PC. The issue is fixed. I can tell you that simply following the fixes off the McAfee website that were published as of last night didn’t resolve the issue. The Extra.dat file did nothing. Feel free to contact me if you want to know how your customers feel about this debacle.

  • Helpful advice

    “We are investigating how the incorrect detection made it into our DAT files and will take measures to prevent this from reoccurring.”

    The best measure that you could take to prevent this from reoccurring is to file for chapter 7 bankruptcy.

  • Hi,

    The biggest issue faced here is not the relatively straightforward steps to resolve. Its the fact that the lack of network connectivity once a machine is affected means that you have to have a human being in front of a PC to fix. Not such a big issue in environments with lots of PCs in one place.

    However, we have a LOT of clients with this issue across literally 100s of sites throughout the UK with no dedicated IT presence in most of these (small-ish) sites.

    While the workaround is OK for a tech person, a non-IT literate user is never really going to be able to resolve this problem without a lot of time spent on the phone to a tech person and access to local admin password (where safe mode is necessitated)

    WE developed a process whee we tell our clients end-users effectively to reboot and press F12 and their PC will be fixed automatically.

    It has taken us a while to get here, but the last of the 1000s of affected PCs across 100s of sites will be up and running in the next hour or two. And we didnt need to send engineers hundreds of mile to perform manual fixes!

    It should be re-stressed that getting either Extra.dat or Dat 5959 on to your PC does not fix your PC. It just prevents the issue re-occuring once youve fixed it in the first place!

    More at: www.mycentrality.com

    Regards
    Mike Davies
    Director
    Centrality Ltd

  • Magnus Sundqvist

    Today I’m happy that our company choose another protection software. In Sweden this have had a large impact…

  • Thiago Cruz

    Is it so diffucult to spread those informations at you main page? An error like that should be splashed there. As faster information you get quick you solve. Another way possible could be messages in ePO at MyAvert Security Threats.Regretful…
    Thiago Cruz.

  • AVG

    I hate your bloatware. I use good free products and not your crap. Try AVG or Microsoft Security Essentials. McAfee and Norton hog way too many resources and slow down your computers.

  • T McLarik

    Dear McAfee Staff.

    This incident coupled with another recent occurrence makes me wonder if I want to even keep your software on my PC, if I can trust it.

    Our college also runs McAfee, and it has been plagued with the Hamweq.A worm as well as the autorun.gen! worm. Being that we all use flash drives, I noticed some strange happenings when I plugged it into other machines. Although I scanned my FD with your AV, it found no problems.

    I d/l ed MS Security Essentials and installed it. Once installed it immediately found these two bugs. Also, the school continues to be plagued with these worms, as every time I come home & plug my FD into my PC, it registers the worms have returned, but only MS Security Essentials registers them. I have, knowing that the worm is present on the FD (as indicated my MSSE), initiated a scan with your software and it still does not register the presence of it.

    Taking into account that “bad code” can slip through occasionally, I still have to wonder, how safe am I really, considering that I am using the Security Center, which also includes the firewall and program permissions? I know that not all software catches everything, but these worms are at least a couple months old.

    I opted for your software on my new PC, hearing that it was much improved and less system resource intrusive then your main competitor.

    I don’t mind paying a yearly fee for my AV defs, however, since I am paying for those, I would expect that treats, such as the worms, would be dealt with as quickly as possible. The fact that the worms have been out there for some time, coupled with the fact that the school cannot seem to rid themselves of these using your software is somewhat, scary.

  • xxxxxxxxxxxx

    FYI the impact of this goes far beyond your own customers, our IT staff is fielding numerous calls from confused/concerned users, even though we’re NOT using your product at all.

    I certainly hope you guys aren’t too big to fail, because you deserve to…

  • xxxxxxxxxxxx

    FYI the impact of this goes far beyond your own customers, our IT staff is fielding numerous calls from confused/concerned users, even though we’re NOT using your product at all.

    I certainly hope you guys aren’t too big to fail, because you deserve to…

  • Ed

    “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally.”

    Just spent the last 14 hours repairing 1500 of our work machines, but at least we are in the minority, that makes me feel so much better.

    That was sarcasm by the way, not sure if that was obvious, I havent had much sleep lately.

    Seriously, how did the problem not get noticed. It is not like XPSP3 is a rarely seen o/s.

  • John Parr

    How was I supposed to get help to fix the problem or receive the update when I have no internet access? Called the support line and paid $89 to have a tech walk me through the fix. I asked him what kind of virus this was. He told me I must have picked it up somewhere when he KNEW IT WAS YOUR FAULT! Pick up the morning paper and read in the business section it was McAfee’s fault. Expect to have my $89 refunded today.

  • ben

    All networkingm usb ports, and taskbar were disabled on one PC. Couldn’t get to commmand prompt.
    However CD Rom and floppy were working.
    My workaround:
    Create a bootable floppy.
    From a working PC I copied:
    scvhost.exe
    wpa.dbl
    naixyoj.dll, and .tgz
    prsgrc.dll and .tgz
    ssprs.tgz
    to the floppy.

    Then booted to floppy on affected pc and copied these to windows\system32
    then I deleted all program files\mcaffee.

    After rebooting computer to H.D. everything OK.
    Then I installed AVG.

    You might be able to do similar things if you create a linux boot CD if you have no floppy.

    Fortunately it only got one of our companies PC’s.
    Mcaffee can now claim their rightful place as the Toyota of the anti-virus world!

    –Ben

  • John Parr

    How was I supposed to get help to fix the problem or receive the update when I have no internet access? Called the support line and paid $89 to have a tech walk me through the fix. I asked him what kind of virus this was. He told me I must have picked it up somewhere when he KNEW IT WAS YOUR FAULT! Pick up the morning paper and read in the business section it was McAfee’s fault. Expect to have my $89 refunded today.

  • Ed

    “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally.”

    Just spent the last 14 hours repairing 1500 of our work machines, but at least we’re in the minority, that makes me feel so much better.

    That was sarcasm by the way, not sure if that was obvious, I havent had much sleep lately.

    Seriously, how did the problem not get noticed. It’s not like XPSP3 is a rarely seen o/s.

  • Pekka Kilponen

    What can I do now. My windows xp home edition on Acer Aspire One Pro is now totally messed up, cannot run any programs. A

    A DCOM error occurred when this happened and XP rebooted. Now I cannot see even my windows start menu nor run any programs even in safe mode.

    Do I have to re-install Windows XP now? Thank you very much, seems that McAfee is worse than any virus.

  • Chris

    Go Mac you’ll never go back!

  • We have just decided that we are going to go with another anitvirus software after this incident. We cannot afford to spend the money on software that shuts our business down for a day…..

  • A. F. Gudmundsson

    I work in an IT dept. in a bank that uses mcafee, and yesterday we had to take all of our systems down for what at first seemed to be a virus storm on our network – at the time there was no information on your website about your error – later we found discussion on one of the forums about this faulty dat file. So yesterday all of the IT dept. spent their evening walking to ALL the Windwows XP machines and applying the fix to them, and we have just over a 140 windows xp machines (the rest is windows 7) so I don\\\’t buy this is affecting a minor percentage of the (soon to be former) mcafee customers

  • Ganju Yadav

    I work for a large corporation (~40 K employees) who uses McAfee enterprise solution. Estimated 16,0000 computers have been impacted and total downtime is about 1.5 days per person. Go figure.
    I don’t believe McAFee claim that only 0.5% of McFcee customers are impacted.

  • KD UK

    Thousands more like me switching on their pc this morning wont have heard this news about your monumental c-up and have lost their trusted pc and precious files because they are not pc repair savvy. Get this on the main news channels immediately, then get the md to apologise and then get your men out there and fix us/refund us.

  • Siang Kua

    Two out of our three global offices running off enterprise and standalone McAfee software were affected and what a lot of rubbish to say that one half of one percentage of McAfee clients were affected. Give me a break.

  • jimmie

    Im sure there is no such thing as test lab or test machine or test enviroment if so this bug would have been found by the company and not the customers.

  • Steve Nesbitt

    Norton and others got to be loving this. Enable-disable? Not a question. If the feature to select is there, it is McAfee’s responsibility to make sure all choice functions in the program work flawlessly. Believe me when I say there will be no fix by McAfee for most of the affected XP Platforms as one of the problems is not being able to browse and therefore McAfee will not be able to take control of the PC to fix it not to mention one will not be able to open the email they say will provide the fix proceedure. Not being able to wait for this to wash out,(it’s going to be a long time) I puchased and installed a full Windows 7 Home Premium and did a custom install that deleted XP and service packs and did not install McAfee. That was my fix for $220.00

  • John

    This is awful – My Laptop has gone back to windows 2000 appearance style; I cannot open McAfee to check anything.

    Nothing works – internet is gone.

    Terrible job. I dont know what I can do – I’m not tech savvy; I cannot afford to bring it to get fixed.

  • Veiga

    I have several PC’s with this problem; last night I did not sleep by this issue; only now I saw this!

    Who will pay my work and all work I will have with my Clients; they use McAfee by my suggestion!

    Shame on you and on your incompetence!

  • bret

    Just out of curiosity. What does McAfee use for AV? If they used their own product this wouldn’t have happened to us!

  • Elísio Veiga

    I have several PC’s with this problem; last night I did not sleep by this issue; only now I saw this!

    Who will pay my work and all work I will have with my Clients; they use McAfee by my suggestion!

    Shame on you and on your incompetence!

  • Another sole proprietor affected by your error. Metrics can be very misleading and .5 percent of your sales clearly represents thousands of end users. Even your comment system is degraded, but I am mad enough to retype my post.

    I was frustrated to find my netbook disabled as if by a virus despite constant updates of your product. Luckily, my desktop is not affected (at least yet) only my netbook so far, but both run on XP SP3.

    I worked at my desk most of yesterday so was blissfully unaware of the problem until too late to take my netbook anywhere or even return to my office. Troubleshooting from my home via Google finally pointed me toward svchost.exe, but not to McAfee. Thankfully I lacked the energy for an all night IT session as I am CEO, IT tech and admin, as so many sole proprietors must be.

    What a shock to learn my protector caused my demise. I understand that mistakes happen, so I look not at whether there was a mistake, but at how the mistake is handled. So far, inadequate sums my assessment.

    I am rapidly assessing which tool I can trust to secure my business tools when I leave McAfee and only wish I would receive a prorated refund on my annual fees.

    Hey, as you note, one half of one percent is a very small impact on your global user base. I say refund us all. You had a good Q1, after all and how much could such an insignificant number of users cost?

  • Sam

    Found a way to temporarily get your start menu back!!! Doesn’t fix anything but it’s a lot easier than what your doing now =)

    Press Control/Alt/Delete > file > new task > Type “explorer”

    Expand the box next to “My Computer”

    Click on Control Panel>Administrative Tools>Services

    And oddly enough, you don’t have to do anything after that because your start menu just appears…

    P.S. Barry, I’m so sorry that this is not your favorite day, wish there was something me and the rest of the world who happened to have XP sp3 can do for you. We apologize.

  • Dave B

    Around 11AM EST we had to shut down all (1,100) of our computers after we started seeing it spread across our 13 sites and realized the damage it was doing to our XP PC\’s. I spent 3 1/2 on hold with Mcafee GOLD support. The McAfee Business Community Forum had crashed after 1PM EST and the information Posted on the Main Website at that time was weak! After a while we starting discovering the fix by other Blog sites and applied the extra Dat to our EPO server we then gave the OK for everyone to restart there PC\’s. Of curse lots of time spent after words manually fixing the affected PCs. I blame Mcafee for not notifying it’s customers quicker via E-mail and not having a better Web site infrastructure to handle the volume of customers trying read and post Technical information about the issue.

  • Another sole proprietor affected by your error. Metrics can be very misleading and while your report of “customers affected” based on invoiced licenses may be accurate, it may not reflect the proportion of impact of this error.

    I am lucky. My relative lack of computer savvy saved me hours of frustration. Thankfully, my XP SP3 desktop is still working (but for how long?) I worked at my desktop most of the day and didn’t realize my netbook had a problem until 10pm. My limited resources and unwillingness to go downstairs into the office at that hour left me troubleshooting from my android phone until midnight. Unbelievably, I found a reference to the precise corrupted file before I committed to a wipe and reinstall, but not from McAfee. Satisfied I could find svchost.exe and save my data, I went to bed hoping I could afford whatever the fix would cost.

    Amazingly, none of my specific error searches brought up McAfee until this morning I hit a CNET article, so I didn’t realize until this morning that McAfee was behind it all (although I suspected it must be either the McAfee update or a botched installation file that has been plaguing me from HP).

    I did not know what to do to reformat and reinstall windows without a CD drive or i, too, would have wasted countless hours and lost data. Still, just two days ago I was contemplating switching from McAfee. I now will do exactly that and only wish McAfee had the integrity to refund my prorated costs and those of every other affected user.

    Hey, you estimate it’s only 0.5% of your client base after all. How much could that possibly cost you?

  • Rogier

    That’s some shameless downplaying, kudo’s for the guts Barry!

  • Browse

    The real question is why all these IT leaders have stuck with McAfee? We had issues with them years ago – exacerbated by McAfee’s culture of arrogance – and converted to a competitor’s product without subsequent hassles.
    Doesn’t anyone conduct due diligence?! The studies/reviews are all there (i.e., no benefit going with McAfee), it is notorious for slowing down PC’s to a near-hault (something missed by too many IT leaders: their responsibility is to facilitate business, not to stop/slow it), and the customer service is akin to a government-run organization (i.e., “your problem, not ours” attitude). It baffles me and – I hate to say it – it IS your fault for not waking up. This company is no longer Norton.

  • Neil

    For years I have been running the “avast” freebie on my business laptop, and not once have I had a single problem occur. Then IT tell me I have to have McAfee installed and within one week it is rendered inoperable by what it has to be said is your inability to provide a working system. It is an absolute joke and I am now working on my home PC that has avast installed on it. Guess what, it is working perfectly!

  • Ryan

    The board of directors should fire Barry and also the communications director for their response to this huge disaster!

  • Karen

    The reason that you think the number affected was so low is that nobody could get through to you. Also, you posted this at 8am EST..you must have been aware that there was a problem yet you failed to issue anything to your corporate customers about it. We could have disabled the update immediately…as it was, it was 11 am before we realized the problem and we had thousands down.

  • Nicholas

    Hi,

    I don’t have McAfee and it’s working fine. :)

    Good luck for others.

  • Michael Correll

    I use a Avira, a free (unless you up-grade) anti-virus program and am very pleased with it. We did have a virus once which one of the big name anti-virus programs failed to find but Avira found and removed it.
    Impossible to submit this comment.

  • Riz

    HI
    just my 2 cents i manage 100 pc’s and only 5 got affected by this bug luckily we were in the process of moving to Sophos anyway. what I have noticed is that the PC’s that seem to be affected are ones running virus scan 8.5.0i with NO patchs and NO hotfixes installed anything with patch 1 or above did not seem to get affeced. Hope it helps someone.

  • Riz

    HI
    just my 2 cents i manage 100 pc’s and only 5 got affected by this bug luckily we were in the process of moving to Sophos anyway. what I have noticed is that the PC’s that seem to be affected are ones running virus scan 8.5.0i with NO patchs and NO hotfixes installed anything with patch 1 or above did not seem to get affeced. Hope it helps someone.

  • Henric

    Please keep down the talk about a few percent affected. We have experienced a lot of problem with our customers already.

  • Jeroen

    Since midnight my computer is inoperable.

    My computer restarted as normal, but all my executable files are not responding.
    Nor can I acces my network, nor copy files. Thus I cannot copy my important works to a backup drive.
    Safe mode doesnt work either, seems to give the same problems. System recovery doesnt work.

    I Have Windows XP home edition, service pack 3

    Seems My computer has a virus- and is Hacked
    by your Product, every major command disabled all at the same time.

    I have used mac Affee products for many years.
    And payed every time contribution.
    Now my computer is ruined.
    Worse is that really NO-ONE is able to answer the phone at mc Affee helpdesk… just a voicemail recording.

    I await for a fix to help out those users who dont have anymore acces to the network, or internet, or are not able to excecute or Copy or Move any files since this update.

    If this means I have to reinstall my windows, and loose most of my recent works, I will never buy any McAffee products ever again, and I will tell everybody the same.

    Jeroen, Amsterdam, The Netherlands

  • Jay

    Doesn’t anyone else sense that this seems to be like the scientist who releases a virus because he already has the cure and it will make him rich or famous. This seems suspiciously like someone was getting ready or testing the new virus of the year ready to be released to boost sales but the cart was in front of the horse.

  • Nice job sweeping this under the rug McAfee. You’ll never see the like of me again.

  • Randy Gordan

    Good job in bringing up a timely resolution… that is why i trust McAfee more than any thing else…

  • JdV

    everyone running an OS like windows, DESERVE exactly what they get….

  • Joakim Olsson

    I can only say that McAfee’s way to deal with a such great issue as this is totally uncourageous. I’m personally running a Mac and hence not affected by the f’up. But when I heard about the news and checked your homepage I was surprised to not find it written all across the front page and letting your customers to know what has happened and how to fix the issue. I understand that you guys are spending a lot of time in crisis meetings at the writing moment but please be up front with your mistake and earn back you credits. Your behavior is damaging you reputation more than the f’up.

  • Peter

    I am surprised the time it took you to alert your customers. The DAT was released at 2.00PM GMT and the alert was send out at 6.40PM. By then all portable owners had left the company with 5958 loaded on their system. Mistakes happen (though this is a big one) but this late alert really is bad. Tip : put a XPSP3 system in your quality lab.

  • Rob

    “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally.”

    I believe you have vastly underestimated the scope of your failure.

  • Theresa

    This is total udder bullshit! I’ve tried all the fixes listed and I get a pop up that says “No qualifying Mcafee products found”. Now what the hell am I supposta do? Is Mcafee going to reimbuse me for the time and labor needed to fix THEIR error? My system is useless. I can’t open any files, can’t get on the internet, now what?

  • HENRY

    Today was my worst day of my life!!!!!! You broke!!!

  • AC

    McAfee, please give us the address to send our invoices to , because we made a lot of costs to solve the problems you created !!!

  • Graham

    You don’t need to worry about viruses, you need to worry about McAfee it seems. Is there an updated definition to protect the users from your QA processes? lol

  • Jay Schneider

    I’m an IT Contractor that does a lot of business with a very large chip manufacturer. The name begins with the letter “I”. That should be enough for most folks to figure out who they are. They were pretty crippled by this little screw-up. You’re so called “apology” is very weak. I bet you took a different “posture” when you and some key players at “I” were discussing your “one half of one percent” estimate. From what I was hearing, it impacted thousands of users in a pretty large company. Wouldn’t want to be in the shoes of the rep. that handles “I” for you.

  • John

    I too am a sole business operator with an XP system, very little computer skills, and as stated above -the taskbar is gone,have to access drives from recycle bin, no access to Internet/Email – my business operates from an online calendar I can\’t access.
    I had a computer tech of 20 yrs exp try your fix and nothing works. Copy and Paste are apparently disabled as well. The replacement DAT file is zipped and Safe Mode won\’t open it or copy it.

  • Joe W

    Hasn’t anybody at McAfee watch the news recently?!! Think TOYOTA!

  • John

    I too am a sole business operator with an XP system, very little computer skills, and as stated above -the taskbar is gone,have to access drives from recycle bin, no access to Internet/Email – my business operates from an online calendar I can’t access.
    I had a computer tech of 20 yrs exp try your fix and nothing works. Copy and Paste are apparently disabled as well. The replacement DAT file is zipped and Safe Mode won’t open it or copy it. The “engine” file does not exist.
    I don’t have the slightest idea who to take this to to get it repaired. Geek Squad wants almost $200 starting price to look at it. Don’t even know if I can recover the data files, wipe the drive and reinstall everything. My fault for not having a redundant backup computer – huh

  • Scott

    Unbelieveable I was just told to shut my computer down for 6 hours and magically it will have a new file downloaded to it and it will work again. If not call back in and they will give me a fix.

  • Marcelo San Martin

    I try to fix it the all day and nothing work, I hope you guys do something quick because I work with this computer and I am losing money,time and I believed we feel really disappointed with this BIG MISTAKE,please contact me to fix my problem.

  • Peter

    Your website posting is understating this issue. My XP Svc Pack 3 machine began rebooting uncontrollably this afternoon. I lost all network connectivity. As such, there was no way to logon and work through this problem. I had to re-install XP and lost most all of my files. Please get the facts on the impact first before you assume minimal damage to your customer base.

  • Larry

    Ha – not even the form for leaving comments is working correctly on your website. Look at all the slashes in posts where people used an apostrophe. I had to enter the captcha five times to get it to work, and then it told me I was posting comments too fast and to slow down. NICE! Good luck on Wall Street tomorrow ;-)

  • Corp_User

    Not only does McAfee need to man up and accept responsiblity for the problems introduced they must improve the PR group since they failed to commuicate this issue effectively through technical and media outlets. Doing so would have saved many companies hours of downtime. In our organization, I took the drastic steps of shutting everything down for most of the moring while we investigated only to find out that they F***’ed up! I had over 500 computers impacted.

    Does anyone need the number for Norton/Symantic? I am planning to use it!

  • Rhonda Gilliams

    The was not a “little” mistake. Anyone with automatic updates using McAfee and Windows XP service pack 3 was impacted. Today’s fiasco cost our county tax payers several thousand dollars for lost productivity today. I work at the county government offices. McAfee should have owned up to the mistake much earlier in the day, because we did look at the web site to see if there was known virus problems. Had McAfee listed their error this morning, it would have reduced the time spent today, trying to identify what we thought was a virus. Many hours lost running virus checkers against nothing, before we were forced to reapply a backup image to the dozens of pc that are running XP. This essentially deletes locally saved files and forces us to reinstall specific applications. So much time lost for no good reason. Not to mention trying to get back the licenses required to reinstall. I just shake my head. Words cannot describe how frustrated and disappointed I am in McAfee.

  • Steve

    Good timing because we will definitely NOT renew our corporate license. You guys will definitely hear from our legal department regarding manpower spent to trying to “fix” this little issue & the loss of productivity from our employees.

  • Larry

    The information we’ve been given is enough to help us make an important decision about the software we choose to protect our data, our identities, our networks, our business, our productivity, and our profitability.

    Thanks Barry!

  • Tom

    We are a medium-size company and had approximately 60-70% (or 400) of our PCs stop functioning on very short notice; completely stopping our business cold while WE tried to figure out how to fix the issue. Needless to day, there was significant loss of productivity for our company.

    Upon calling McAfee’s Gold Tech Support, we were met with waiting over 2 hours FOR AN OPERATOR!!!! Then, an additional 2 hours for Tech support. While we understand a higher than normal call volume for an event like this, we were completely takien aback that we had to dig deeply to find information regarding this issue on your website. We certainly would have expected to see something, anything on the main home page of McAfee….Nothing. Four hours of elevator music and nothing.

    After stabilizing the issue ourselves, we were extremely surprised to find that we had to download a ‘fix’ for this problem. How can you expect anyone to download a patch if they can’t login to their own system? Poor recommendation.

    We have had significant issues with support in the past and this issue was a show stopper.

    If McAfee is truly a leader in security, we feel bad for the industry. Poor communication and poor response (in our opinion) made a bad situation worse.

    Respectfully,

    Tom

  • Joe

    I will be escalating this issue to the highest IT levels at my company and will strongly recommend that we discontinue the use of McAfee. This is one of many issues we have had with McAfee recently and find the lack of software quality totally unacceptable. I estimate tens of thousands of engineers at just my company alone lost more than half a day of productivity today.

  • Matt K.

    Thank God Comcast dumped McAfee and went with Norton! And that I dumped McAfee and went with Avast at work.

  • I’m running EPO 4.5 build 851(Patch 1) . . .

    The “McAfee Default” policy for VirusScan 8.7i On-Access Scanner has “Scan Processes on Enable” unchecked. That part is true.

    The part that isn’t true is that this somehow protected anyone. We had about a 70% failure rate this morning, all due to the 5958 dat. The systems that didn’t fail were still at 5957.

    We’ve stuck with McAfee due to non-existent false positives, and OK virus detection. VS 8.7 malware detection sucks. I’ve felt for a long time that McAfee doesn’t realize that malware, not the traditional virus, is what eats up the most IT time. This was an extremely important failure for McAfee as a product.

    Accept full responsibility for a QA failure. Quarantining svchost.exe on XP SP3 systems is astonishing.

  • David Blankenship

    Here is the fix if you need it. It’s not too hard, but it took me hours to figure out. Sad thing is, I figured it out around 3:00pm CST before McAfee had a solution. Our corporate offices have been affected greatly. Way more than any 1/2 of 1%..

    Description of problems:
    Here is what an affected PC will experience. Rebooting on many machines. A message when booting that states there was an Unexpected Error and had to Close. The Start Menu and Taskbar will not show. Copy and Paste does not work. Internet Explorer opens briefly then closes immediately. Computers using DHCP will not get an address. Manually starting services results in Error 193: 0xc1. All network access is disabled.

    FIX:
    Use an unaffected PC to do the following:

    1. get a copy of SCVHOST.EXE off of your original CD, or even from an unaffected system.

    2. Download the McAfee DAT 5959 from http://www.mcafee.com/apps/downloads/security_updates/dat.asp?region=us&segment=enterprise

    3. Copy these to either a CD or USB drive.

    4. Insert the media you just created into the affected machine.

    5. Boot the computer logged in as an administrator or in Safe Mode as an administrator.

    6. You Start Menu and task bar are minimized, to make it show you can right click the line at the bottom of your screen where it is usually at and then select Toolbars, Quick Launch. This usually makes it pop back up.

    7. Goto Start then Run and type CMD. Press enter.

    8. Navigate to the drive you have the files on. For example if they are on the CD-ROM you would normally use D: then press enter.

    9. Type the following without quotes to replace SVCHOST.EXE “copy svchost.exe c:\windows\system32\”. Press enter. Answer Yes to overwrite the existing file if asked.

    10. Type the following without quotes “5959xdat.exe” and press enter.

    11. Now reboot your computer.

    12. Send hate-mail to McAfee for causing you to have a bad day.

    That’s my 12 step program to a better day tomorrow.

  • Mike S

    Unbelievable! I and hundreds of co-workers are down and unproductive with no help in sight! I cannot access the network, thumb drives, browser, etc- so how am I supposed to fix this? I have a presentation in the morning and it won’t look good. I’ll just pin up a McAfee logo with a line through it.

  • Adam

    As a company that has employed McAfee\’s recommended best practices for more than 9 years when it comes to managing their VirusScan product, let me tell you that this unbelievable oversight by their QA team, or whomever, cost us MILLION$. This brought over 1000 of our user\’s systems to their knees, requiring manual intervention involving USB drives and going into Safe Mode to restore the missing svchost.exe file and back rev the DAT files to 5957.

    In the fifteen(15) years I have been an IT professional I have never seen a bonafide virus bring down a company to this degree when that company is as diligent and careful in their approach to minimizing the affect of malware. We were a loyal customer, but I have to concur with other comments about McAfee\’s very poor history of customer care. I will also say that sanitized response to this issue, minimizing/downplaying its impact, has myself and my colleagues infuriated. I guarantee that by this time next year, our company will replace all 1500 of our McAfee licenses with a solution, or solutions from Symantec and/or Trend Micro.

    Fool me once, shame on you. Fool me twice….

  • Tom pissed in Seattle

    Were a small airline based in Seattle..”one half of one percent of our enterprise accounts globally” is crap..we ended up with only 10 machines out of 80 hit but that was only due to the fast thinking of our IT staff (they pulled the plug on our update server while it was just getting started handing out the bad update). We had to pull the stop cord on two of our Canadian flights as we lost a machine that is used to transmit data to Homeland Security, AND we had to bring in two of our network consulates to figure this mess out. Total cost today just in consultant billing is over a grand not counting the cxl flights and our cost to cover those. Our hired guns also support over 3000 machines at over 100 other companies here in the Seattle area and they figure they lost 1000 of those boxes today (they have recommended MF to all their clients for years). Yea…one half of one percent..get a life. Our annual $2500 update is due in a month. IF (and I mean IF!!) I get my costs back out of this mess then I MAY JUST think about not pulling the plug but they better get talking fast in the next 24 hours! Ugggggg!!!

  • As IT consultants we have been selling McAfee antivirus for years to client, but no more. How something this severe was able to get past QA and the fact that you are playing down this issue by thinking “less than one half of one percent of … enterprise accounts globally and a fraction … in the consumer base” when hospitals, universities, and businesses all over the world were crippled and had to invest thousands of IT hours is appalling.

  • BigBallsMcFalls

    FIXES
    ——
    get the updated DAT from mcafee and apply it via a command prompt, reboot.

    if after reboot:

    1) taskbar missing

    this means svchost.exe needs to be put back in /system32

    there should be a thin smidge of taskbar showing. put the mouse,
    on it and right click and add the desktop toolbar, it should pop up the taskbar

    2) open cmd window

    start-run-type cmd-enter

    or hit windows – R and that opens the run box

    3) in the command window copy svchost.exe from
    any backup location (usually winnt/servicepackfiles/i386) to /winnt/system32

    4) Now with a fresh svchost.exe, you can launch stuff and system should be normal. may want to reboot.

  • Barry:

    This was a most unfortunate incident. We are an electric utility that is subject to NERC & FRCC regulations and we COULD have been fined significantly if it were not for the fast action by our Network Team (should read NOT McAfee Support). After our team determined the issue (BEFORE any indication from McAfee), we were able to slow further incidents. As part of our incident plan, ALL Internet traffic was immediately suspended, leaving us completely blind and with egg on our ‘public’ face. We are a relatively small company and had approximately 50% (or 300) or our PCs stop functioning on very short notice; completely stopping our business cold while WE tried to figure out how to fix the issue. Needless to day, there was significant loss of productivity for our company.

    Upon calling McAfee’s Gold Tech Support, we were met with waiting over 2 hours FOR AN OPERATOR!!!! Then, an additional 2 hours for Tech support. While we understand a higher than normal call volume for an event like this, we were completely takien aback that we had to dig deeply to find information regarding this issue on your website. We certainly would have expected to see something, anything on the main home page of McAfee….Nothing. Four hours of elevator music and nothing.

    After stabilizing the issue ourselves, we re-instated our Internet traffic and were extremely surprised to find that we had to download a ‘fix’ for this problem. How can you expect anyone to download a patch if they can’t login to their own system? Poor recommendation.

    We have had significant issues with support in the past and this issue was a show stopper. Our support/maintenance agreement expires in May and, after today, we are planning to not limit ourselves to products we already own.

    If McAfee is truly a leader in security, we feel bad for the industry. Poor communication and poor response (in our opinion) made a bad situation worse.

    Respectfully,

    Tom Hornby

  • Tompan

    Wow! I cannot believe this blogpost…just a look across the internet tonight reveals the widespread extent of this problem. At our organization (in California) with many thousands of computers, everyone experienced a variety of problems…most of my co-workers did not have functioning computers when we left today. Over the phone fixes from our tech department could not fix what had happened…So reading this crap from the company makes me so angry. We will definitely be getting Macs now.

  • Vincent

    NO TASK BAR, ME TOO.
    after paid for tech support call and waited for one hour on the phone. And the answer was “contact your computer manufactor to fix the windows, then call back” (to get charge for second time).
    I’m soooo sorry to install McAfee one week ago. forget about McAfee, don’t want to hear about McAfee again….. I’m going to pick up another antivirus software right now.

  • Liz Lockhart

    If your tech support people would actually LISTEN to what the customer says rather than continually going back to their canned script, you might learn about an actual problem earlier.

    Repeatedly today, I got stupid responses from tech support after I told them that McAfee was shutting me out of the network and internet–and had been doing that since last night. I knew it was a problem with McAfee. Not one person would actually listen to that, but they all willing to charge me for a tech support session. Instead of listening, they told me to “Open a chat window,” “We will email instructions to you,” and then finally, “We are working on this and the issue will automatically resolve itself when a new update downloads.”

    None of those answers will work on a system that no longer accesses the internet, and I said that to the tech guy who just kept repeating his assertion that the fix would be automatic.

    I have been using computers since the days of keypunch and got my first personal computer when they still had an OS on a floppy disk (the real floppies that were actually floppy). I know I must be one voice among thousands who could have given valuable insight to your company, if only a tech person would listen!!!

    Your 1/2 percent figure is total fiction! AND the problem did not just affect Windows XP. I have System 7. Like others who have posted, I lost hours of productivity last night and all day today. Can you spell AVAST?

  • Brian

    I agree with all the other comments…they keep sending out fixes that need IE access which I no longer have…also can’t copy and load on damaged computer because USB ports are not recognized…we have crapped out PCs and McAfee needs to step up and make this right…

  • Angie

    Just give us an update that will get our computers working again!!! Don’t tell me to go to updates, I no longer have access to my toolbar or the internet….come on already!!!!

  • Well after systematically updating machine after machine today thinking we had a virus problem…even going as far as to download a stinger to run on the machines affected. No control of shares, network, able to add an external drive to rescue last moment critical data. This is just not right. When you can not even start the program that is to keep you safe. Refund the money for time lost. Class Action anyone?

  • Dean Devlin

    We just finished our migration from symantec to mcafee and today almost 300 out of 500 PC’s were down in a matter of minutes. Management now is asking very seriously to migrate back and scrap that software. They’re pretty ticked off at mcafee’s attitude during all this and they intend to get the purchase cancelled. We just lost 3 month’s worth of time + what we’ll have to do to get it out.

  • Nathan

    We were shutdown for 3 hours and lost major $$$$. I’ll be talking to my IT Ops VP about who we contract with when our current contract expires. Weak apology.

  • Joe C

    Now What do I do to get my laptop fixed? It stopped working and quits after right after beginning to start. I\’m running XP SP3. Not only did you break my computer but you hog so much of the resources when I start up that the delay is excruciatingly long. I hear the new Norton only looks at files that were accessed when it does a scan thus decreasing resource time significantly. Guess where I’m going next. Ok its two issues, nevertheless I’ve a broken laptop and haven’t got a clue where to start to fix it.
    BTW where is your quality control? Where are the tests you run new software against to ensure the fix works for all OS’s?

  • Kurt

    I would like to really thank Mcafee for their wonderful product in screwing me on my last week for my finals both in English II and Humanities. I have in both classes a 10 page report due in the next week which I returned back to school after 10 years to complete. Now come to find out my entire work on my computer is gone since this major error through the program which I put faith into it to protect after having Norton. You mean after dealing with Mcafee for 4 years I might have to retake my classes again after 4 months of hard work along with pay ing $200 to have my computer fixed to be without it for like 4 days. I mean that gives me 3 days to finish my two papers on my last term in school. Thank you so much for great service when calling to to get I”m sorry there is nothing we can do to help you out. Hope about offering to aide in my computer repair since I’m a full time student. I can almost promise you though when my term service with McAfee ends I will be going back to Norton or another protection program. Great way in loosing customers I guess that is what the company is about.

  • Tom

    Hmmm, Corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, were not affected.
    So, those corporations who decide to take a more aggressive approach to prevent infections and turn on this feature it\’s all their fault?
    Was Windows XP with SP3 and

  • Mike Smith

    My home computer was hit with these same symptoms a little over a week ago. (The Reboot with the same error message). I was using Mcafee under the Comcast Cable agreement. There are more than just corporate computers going down on this and it did not just happen today.

    I tried to fix myself but no go. i jad a choce spend $200 to take to a shop or just buy a refurbished P4 PC for $200. I opted for the refurbished PC since I had know idea what was wrong with the other.

  • Tehnem

    OK, Seriously, the reports by McAfee on affected customers is an outright lie. There’s no way to sugarcoat this…

    Didn’t read all the post, but here is a quick and easy fix for those still hosed.

    - Boot System and Disable McAfee
    - If system shutdown initiates issue shutdown /a from command prompt
    - Navigate to Quarantine Manager and restore svchost.exe from the Manager Tab
    - Navigate to C:\Program Files\Common Files\McAfee\OldEngine
    Select and copy the following files: (avvclean.dat – avvnames.dat – avvscan.dat)
    Paste the select files into the parent folder: (C:\Program Files\Common Files\McAfee\Engine) (Overwriting existing files)

    Reboot System -
    At this point you can either Update to latest DAT – or uninstall and install ‘another AV’.

  • Barry – Your CYA blog post is 100% unacceptable. Did anyone proof that gem before you clicked the button? How can you blame your customer for choosing to turn on a feature in your product? How can you publish the number of affected customers when you couldn’t even answer the phones – you would have gained more credit if you said you were able to answer 1/2 of one percent of all calls to support today. I’d like to refer you to your bio on the McAfee website if you’ve forgotten your responsibilities.

    One request; can you please install a Windows XP SP3 in your QA lab and also set up an environment that doesn’t have all the defaults selected? Oh, and please review the test results before releasing the DATs.

    For the record;
    1) 90%+ of our live machines went down today. Since we have people in every time zone, we are still shoveling the #$%^ to get them back up.

    2) We have our Endpoint Encryption rollout on hold because our XP machines crash every time they hibernate and McAfee hasn’t responded to this problem in over a week. What’s Engineering doing with this one?

    3) We recently replaced our existing desktop protection solutions with your products. Can you help explain to my company why we didn’t make a poor decision?

    How do you plan to make this right?

  • Alan

    This certainly caused many hours (money, lost productivity..etc…) to manage. I\ve been using McAfee for many years. This is the worst of too many issues of late. Please spend a higher precentage of our hard earned subsciption fees in the test department. We are relying on you!

  • Barry – Your CYA blog post is 100% unacceptable. Did anyone proof that gem before you clicked the button? How can you blame your customer for choosing to turn on a feature in your product? How can you publish the number of affected customers when you couldn’t even answer the phones – you would have gained more credit if you said you were able to answer 1/2 of one percent of all calls to support today. I’d like to refer you to your bio on the McAfee website if you’ve forgotten your responsibilities.

    One request; can you please install a Windows XP SP3 in your QA lab and also set up an environment that doesn’t have all the defaults selected? Oh, and please review the test results before releasing the DATs.

    For the record;
    1) 90%+ of our live machines went down today. Since we have people in every time zone, we are still shoveling the #$%^ to get them back up.

    2) We have our Endpoint Encryption rollout on hold because our XP machines crash every time they hibernate and McAfee hasn’t responded to this problem in over a week. What’s Engineering doing with this one?

    3) We recently replaced our existing desktop protection solutions with your products. Can you help explain to my company why we didn’t make a poor decision?

    How do you plan to make this right?

  • Amateurs, I am now working for 9 hours to get this fixed, still not done, you will surely understand I will remove your program on each off our stations, and never buy it again. Your incompetence in not offering a decent fix /solution in a simple file download is just unbelievable, and then this marketing excuse above; just a suggestion next to firing the development team, kick your communication officer onto the street as well, as he/ she obviously has written this stupid story.

  • I was down 2 computers and had to take them in to Fry’s to get fixed. After paying the 59.00 each to get them Re-booted, I only got one back. I then had to install all the software back onto them. I would hope that McAfee would reimburse the cost of getting these fixed. I did not have the time to wait and see if things would magicaly fix themselfs.
    So, McAfee you owe me $120.00 plus one days work.

    Mike

  • Greg

    Liar Liar computers on fire! How pathetic to say businesses were impacted, what about the hundreds of thousands of home users too? MMMMM smell that….smells like class action for lying….

    How about posting a step by step fix

  • Jason

    After reading so post it sounds like some people cannot get a Command Prompt to do some of the fixes. One other way to try to get the command prompt is to press Ctrl+Alt+Delete –> File –> New Task –> CMD

    Hope this helps at least one person.

  • So where is the exact fix for an affected machine that no longer has access to the network let alone the internet. Additionally, copy, xcopy any kind of copy does not work even in safe mode so how exatcly do you expect me to replace the svchost file anyway.

  • J M A

    This was an unmitigated disaster. I am a lawyer and was down all day. Our office was in chaos. The computer used by our receptionist to route phone calls from outside was down as well.

    For a while, people who were not yet affected were updating their dat files and running viruscan, thinking they were screening for a problem that had disabled the other machines.

    We have 90+ desktops running McAfee and although i could have gotten past one mistake, for the reasons related to your response cited by David below, we will change.

    The pretense that this was not a significant problem that cost far, far more than the price of your product makes me not want to do business with this company.

    I used to be so impressed with the straight-up quality of McAfee.

  • Val

    I work for one of your Enterprise customers and a lot of our employees were down for a large part of the day. Talk about productivity loss. We have ~80,000 employees worldwide. Not sure how you got the small percent you noted above. Someone really is not telling the whole truth here. I have also heard there were other companies with computers down including a medical/hospital group here in town. Hopefully, there was no loss of life due to this issue. Shame on you!!!

  • Jonathan

    This update not only crashed my computer but kept me from supporting the thousands of clients that I support in my enterprise enviroment.

    I spent my afternoon re-imaging and loading my software.

    So where do we send our bills to ? Who is McaFee’s attorney ? This is no joke, this also crashed another supports persons computer in my department.

  • Uday

    This happened to me 9 :30 AM CST today, I did almost 6 hours of troubleshooting , and finally fixed it ,, and got my computer running . I am sure there are 1000s of there suffering ..Mcafee !! thats was a big mistake..!! But for my it skills i wudnt be able to fix this ,,it was not an easy fix..

  • Mike

    I amm running XP SP3 and have not had a problem, yet. What has happened recently is I renewed my McAfee for the year and downloaded an quote – upgrade, and the thing keeps turning off its firewall randomly. I tried the unhelpful desk and that was worthless. Now, how can I prevent this upgrade from killing my computer

  • djo

    I was affected. I tried system restore and it would not let me do it. I restarted twice – then fired up system restore again and it let me. After it started up again the McAfee had several problems. Real time scanning would not run and auto updates was off. I did a manual start of the update and all is working for now. Knock on wood. Maybe I got lucky for once.

  • I appreciate the response but feel the above posting has a ‘this is not a big deal’ feel to it. I am a technology consultant in Sioux City, Iowa and was called in (10:00am central) to help the City/County IT department in addressing this issue. I felt the IT department had in place appropriate procedures and did a good job in identifying the problem (RPC services not starting and svchost missing/0 bytes) with the systems that were showing the symptoms. We did our due diligence of calling McAfee and asking if there was anything known to the company (approximately 11:00 central). We were told that there were no reported issues. It was not until early afternoon that another local company contacted the department and notified us of the known McAfee false positive. After a significant time on hold we were able to contact McAfee and the person we worked with was very helpful.

    What I really want to impress on you is while I know you want to put as little negative light on this issue for financial reasons and may have ‘affected only 1/2 of 1 percent of your enterprise accounts’, this issue did affect the City and County of Sioux City significantly… a full day of down time, significant personnel and other resources expended.

  • Mike

    I’m running XP SP3 and have not had a problem, yet. What has happened recently is I renewed my McAfee for the year and downloaded an “upgrade”. Now the darn thing keeps turning off the McAfee Firewall randomly. I was on with the helpless desk and nothing. Anyone have any advice? How do I prevent my machine from getting this update and killing my computer?

  • Mark

    You are downplaying a mistake that affected hospitals across the country and jeopardized safety and health. Epic fail. I might have forgiven the original incident, but given your response, I will never own a McAfee product again.

  • Sonja

    Well, I think you are greatly underestimating the impact of you little oopsie. Every member of our staff has had major computer problems today. That would 100% of our users.

  • susan

    just had a pop up that told me of an urgent problem and I need to run a scan ASAP==but after reading all of these comments, do I do it or not? Is it better to leave it be if I have not had a problem so far?
    I see lots of very upset people, I see no response from MCAFEE-why not???
    Do you respond to these emails privately, or is your response public so other users can act accordingly?

  • Dan

    Nothing is worse than watching a company make a huge mistake and then try to downplay it. I would much rather that you take ownership of the problem and commit to your customers whom you have failed what you are prepared to do to prevent this from happening again. Obviously, your quality control is flawed – this was not a obscure issue – it affected all XP SP3 computers that got the update and should have been caught in your quality control process.

  • Pat

    I think you should be just a little bit more apologetic. Your crash caused havoc where I work and there were a number of people who were down for a few hours while our staff figured out that it was McAfee.

  • Dijit

    I read hospitals were affected by this big time. Who wants a life support computer going down on a false virus. And how could you call a windows file a virus. Don’t you have a standard list of windows files to go by. This means loss of sales in my opinion and possible loss of life. This is terrible, I would never want McAfee software disabling a life supporting computer. Someone needs to be investigated here, this is too deliberate. Whoever identified the windows file as a virus needs to be fired.

  • This problem put our company out of business for 4 hours today. This was very bad timing due to the fact that it’s a quarter end month for us. In addition, we’ve got to recovery approximately 30% our our computers. A process that is taking staff 15 to 60 minutes depending on whether the user is local or remote. In the future do you recommend that we delay installing DAT files to avoid this problem in the future? Your status above seems to indicate it was a much smaller problem than what really occurred. In addition, there was no status published on the web and my support team was on hold with your tech support for 2 hours.

  • Monte

    I do not believe it is 1/2 of one percent. Where did you get that number? I waited on hold for 45 minutes get disconnected without talking to anyone then 2 hours to be asked my grant number and then transfered to a technician…. I hung up and we found a fix on our own no thanks to McAfee. We had about 500 PC’s or more affected..

  • Mitchell Givner

    What need I do to correct this problem on my computer?

  • Your latest 5959 virus definition file has caused my staff to wast countless hours today on our PC’s.

    I just renewed my subscription to your sw for my company. I am very angry that you let this slip past QA and it got to the field. You need to make this right and issue me a credit for my lost productivity today and for the hours I will spend tomorrow fixing machines that don’t work because of your slip up. We barely were able to process payroll today because of your mistake.

    Peter Walker
    President
    Attalus Communicaitons

  • David

    I will NEVER EVER purchase another McAfee product again. This DAT file crippled my ability to work all day, and is completely unacceptable. Your response to the situatin is demeaning in that you dismiss the real impact to customers. You created a horrible situation and don’t seem to get that.

  • John

    “The remediation passed our quality testing”

    Clearly your so-called “quality testing” leaves a great deal to be desired. Particularly so since the error very quickly reveals itself on an XP SP3 system.

    Your “quality testing” has lost my company thousands of hours of productivity.

  • Would you like to pay for damages? As a result of this problem the .exe files on my computer have been rendered inoperable. I can’t even run a system restore, nor can I access the computer for any possible fixes you might have. DELL are telling me I have to reformat my hard drive and start again. Not happy.

  • Arne

    is the currepted version 5959 deleted from all update servers of mcafee?

  • JJ

    “Corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, were not affected.”

    Good job on blaming the customer.

  • Colleen Adans

    What is the fix for the McAfee virus if it shut down your pc and now you can not access the internet?

  • R Derby

    This update has erased my network, and made most of my software inoperable. Mcafee’s fix includes another update, but the Mcafee program no longer runs on my computer. I’m pissed!

  • frank

    i just paid $200 for a pc repair shop to fix my PC when it was an error?????? absolutely ridiculous and mcafee needs to reimburse its customers for gross incompetence.

  • Wade Johnson

    My company alone had thousands of computers completely inoperative. Don’t pull a Toyota on this and grossly understate the problem. Admit the error, remediate, apologize and do the best you can. Obfuscate, cover up and distort, and you guys will be ruined.

  • Al

    “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base.”

    We have 850 users at our facility, and we are estimating over 400 users were affected. Your numbers aren’t adding up, but I suppose it’s necessary for you to make your claims so as not to further hurt your business.

    You should blog about how to properly fix the damage McAfee has caused, like how end users (or I.T. personnel) might need to replace the SVCHOST.EXE so that Framework Services, Copy and Paste, and even the Windows Taskbar function again. For many of the PCs that I’ll have to fix at work, it’s not just a simple DAT update.

  • David Prater

    Since you broke my computer, I expect your help.

    I no longer have a taskbar on my desktop, so I do not have access to the McAfee shield in the status area.

    I have tired booting in safe mode and reinstalling virus scan using the cd and neither work becuase it appears they are trying to write to the task bar that no longer exists.

    When I first booted the machine after the update, I got a message that said something like Windows Security has found a threat – delete, proceed. I chose delete and my machine would no longer boot properly.

    You tell me the name of the file it deleted and maybe I can load it from the Windows XP cd.

    At this time, I am not a happy McAfee customer. I have used your software for many years and you should strive to help me to repay me for being a loyal customer.

    I am using McAfee AntiVirus Plus on Windows XP with Service Pack 3

  • Sparky

    Still no comments. What’s up with that? Biggest problem you’ve ever had, and no one has anything to say? Pfft. You\’re blowing your credibility.

  • David Henkemeyer

    “We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally and a fraction of that within the consumer base.”

    Bull Loney! Even if that statement is remotely true, it’s paints an incredibly inaccurate picture when you consider how much money and how many man hours were wasted today in companies worldwide.

    This “statement” contains relevant details, and for that, I commend you, but statements such as “moderate to significant issues” and “less than half of one percent” are obvious attempts to downplay what is considered by many to be the biggest A/V blunder of all time.

    Imagine hiring a personal bodyguard, when suddenly and without explanation, the bodyguard turns and shoots you in the face. That was the feeling I had for 7 hours and 15 minutes today, on a day that I had a LOT of work to get done.

    Shameful.

  • Doria Ramos

    I cannot do a system restore, or even open up the McAfee to check the DAT version and i think that it affected my Windows XP because I have lost my local area connection and cannot even access the internet to get the upgrade for the DAT.

  • Jerry Twomey

    Win XP SP3 machine now non-functional – No way to get to a “start” menu or a command line, (tool bar at bottom of screen no longer there) Consequently the other things suggested in the fixes and workarounds can not be implemeted. Attempts to get to a DOS window to put the .EXE file back in could not be done either.

    You need a
    1. No network access fix
    2.Fix that can be done from an external source boot
    This is not an “inconvenience” it has been a total show stopper

  • Bruce Ouellette

    Unacceptable! Within the one week our email filtering (MxLogic) has had false-positives preventing users from getting email from our customers. We lost orders as result. The response from McAfee was to have users continually check their accounts and add to “Allow” list. I have to send a number of false-positive emails to McAfee to get this rectified, not to mention what I had to go through with upper-management and users. Now, you pull this crap. I’ve been asked by upper-management to look at other products and another email-filtering service. Last, I have to spend the next couple of days going to number of our 18 branches though out Wisconsin and Illinois fixing workstations that will not boot as result of your product. This is after we spend $9000.00 a year with McAfee.

  • Sparky

    “Corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, were not affected.”

    Really? We have always installed every workstation with the defaults, and Scan Processes on Enable is checked, NOT disabled. All the workstations that downloaded the bad 5958 got hosed and had to be fixed manually.

    You’re blaming the consumer for your mistake. You get a raise, I bet.

  • Sharon Welty

    I happen to be one of the people that now has a computer which will not start windows because of your product download. I was told by phone that it would be fixed in 5 hours and I still am unable to use my computer. The number I was given is 491440176. How will this problem be resolved????

  • Sean

    What do I do if I have already rebooted my system? Now my computer tells me that I do not have an OS!

  • Alexandra Boggio

    I appear to be impacted with the issue stated. I have not been able to get to my task bar or start menu and cannot log into programs or exe files. Further, I lost all ability to connect to internet. I write from another PC on my network that is not infected. I have been on two paid services calls since 2 PM today and am being told there is nothing to be done to resolve. Can I please get senor tech support?! thanks it is appreciated

  • Linda

    If I haven’t turned on my Windows XP computer and won’t be until the weekend, do I have to worry? When McAfee scans or does an update, will my computer be affected?
    I’d appreciate a response.
    Thanks.

  • Waiming Au

    Your web site does not even mention how svchost.exe has been removed by 5978. And you have not disclosed how the computer is affected (i.e., the computer runs into a reboot constantly.) Saying “false positive” means nothing to the home consumers who are affected.
    I suggest you should simply ask consumers to talk to McAfee support directly so that McAfee personnel can, in real time phone call, to tell the consumers the fix step by step.

  • Rudy

    Serious?! Why not just admit the f’up and say you’re sorry? You jacked up untold hundreds of thousands if not million of computers. That sucked. At least man up! Oh yeah, there’s that little guy wearing the power stripe from legal standing over shoulder telling you how much little culpabililty you have in all this. Jeez!

  • Susan Jackson

    What is someone supposed to do while you get your act together & figure out a way to fix this problem. I am down a computer with limited computer knowledge to get this back up. This is looking like this is going to cost me a lot of money that I don’t have to fix.

  • I have a suggeston for you. What has not been made entirely clear is whether or not applying the latest update, 5959, completely fixes the issue, or if the workarounds are still required for affected systems. I think if 5959 does not fix it for affected systems, you should explicitly state something like:

    “If you apply 5959 DAT, you must still perform workaround on affected systems.”

    Your KB article says something very similar to this, but not exactly:

    “The issue is resolved in the 5959 DAT file release (April 21, 2010), which is available from the McAfee Security Updates page at: …

    IMPORTANT: If you are already affected by this issue, you must still either replace or restore svchost.exe. See Workaround 2 below. McAfee is continuing to work on an automated solution to fully resolve the issue for affected customers.”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>