Thursday, April 22, 2010

[FIX] - McAfee Update Causing Windows XP SP3 to Shut Down

There has been issue with a McAfee DAT file 5958- released Wednesday, April 21, 2010. Its causing stability issues on Windows XP client systems. The symptom is caused by a false-positive detection of the W32/wecorl.a virus on a core Windows file (svchost.exe). Once the file is quarantined by McAfee, the system may encounter one of the following symptoms:

· The computer shuts down when a DCOM error or a RPC error occurs

· The computer continues to run without network connectivity.

· The computer triggers a Bugcheck (Blue Screen).


McAfee DAT 5958 file is propagated to client machines that conduct automatic updates of definition files. McAfee updated the DAT file soon after the problem was identified with a new version that does not cause the problem. DAT 5958  file has been superseded by version 5959, which corrects the false positive detection. Additionally, McAfee has released an EXTRA.DAT file (Check the McAfee links given at the end) that can be used to suppress the false detection of the Svchost.exe process for customers who are running the 5958 DAT file.



To manually repair a computer encounters this problem, follow these steps:

1.     Restart the computer in safe mode by pressing F8 before the Windows splash screen appears.

2.     Log on to the computer. Then, press CTRL+ALT+DEL, and then click Start Windows Task Manager.

3.     Select New Task (Run…) from the File menu.

4.     Type cmd.exe, and then press ENTER.

5.     Run the following command:

ren “%programfiles%\Common Files\McAfee\Engine\avvscan.dat” avvscan.old

Note This behavior removes McAfee virus definitions. Make sure that you update to the latest definitions (5959 DAT or newer) after you complete these steps to restore virus definitions.

6.     Run the following command:

copy %systemroot%\system32\dllcache\svchost.exe %systemroot%\system32\ and press ENTER

7.     Restart the computer.

Source :

Microsoft KB Article:


Please refer also to the following McAfee articles:


Windows XP Service Pack 3 (SP3) is the only operating system that is affected by this problem.

No comments: