cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 31 of 194

Re: W32/Wecorl.a 0-day?

Anyone else noticing that machines with IE7 don't have this issue with the false positive and machines with IE8 do?

Former Member
Not applicable
Report Inappropriate Content
Message 32 of 194

Re: W32/Wecorl.a 0-day?

We are all IE7 here and see it on every machine with the new dats.

Former Member
Not applicable
Report Inappropriate Content
Message 33 of 194

Re: W32/Wecorl.a 0-day?

svchost.exe is independant of IE, so I would be surprised if this was the case.

PhilR
Level 12
Report Inappropriate Content
Message 34 of 194

Re: W32/Wecorl.a 0-day?

So, how long would it take McAfee to re-release 5957 as 5959 and populate its mirrors?

That's what really needs to happen NOW.

Former Member
Not applicable
Report Inappropriate Content
Message 35 of 194

Re: W32/Wecorl.a 0-day?

PhilR: YES.

Here's another little bit of fun:

Windows accounts with just "user" permissions cannot issue shutdown -a.

I am working on a batch file using cpau to run with admin rights so they can stop the shutdown, since they have to wait for the popup window before they can issue the command.  I'd rather not touch ~700 machines.  I'm assuming that once McAfee releases the fixed DAT, ePO can then push it out to the affected computers to correct this isue.

Message was edited by: CrazyFingers on 4/21/10 11:28:19 AM CDT
Former Member
Not applicable
Report Inappropriate Content
Message 36 of 194

Re: W32/Wecorl.a 0-day?

Getting all the machines back in a working state that have been affected by the .dat without actually touching them is the issue for us now. Epic Fail on McAfee's part on this one. What about all those hospitals that are using McAfee's products..."oops" doesn't cut it.

Anyone have any suggestions on how to do that on a domain of 2000+ computers? 😕

Former Member
Not applicable
Report Inappropriate Content
Message 37 of 194

Re: W32/Wecorl.a 0-day?

Has anyone found whether

sfc /scannow

will fix the damage?

Former Member
Not applicable
Report Inappropriate Content
Message 38 of 194

Re: W32/Wecorl.a 0-day?

not sure, will try.

Former Member
Not applicable
Report Inappropriate Content
Message 39 of 194

Re: W32/Wecorl.a 0-day?

There's no actual damage.  It's not cleaning/deleting the file, just causing a dump/reboot.  Rollback the dat and you should be fine.

Former Member
Not applicable
Report Inappropriate Content
Message 40 of 194

Re: W32/Wecorl.a 0-day?

It is deleting the file.

I have now tested 5 Windows XP SP3 machines and the SVCHost.exe is not present in C:\Windows\System32.

Due to this Services.msc does not work either and neither does half od the explorer.exe (Start Menu etc...).

I have tried to copy back in the SVCHost via different methods but McAfee Quarantine's / Deletes it straight away.

Currently working on Disabling McAfee OAS through Safe Mode.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community