cancel
Showing results for 
Search instead for 
Did you mean: 
clbarnett
Level 10
Report Inappropriate Content
Message 31 of 194

Re: W32/Wecorl.a 0-day?

Anyone else noticing that machines with IE7 don't have this issue with the false positive and machines with IE8 do?

pfarrell
Level 7
Report Inappropriate Content
Message 32 of 194

Re: W32/Wecorl.a 0-day?

We are all IE7 here and see it on every machine with the new dats.

Mal09
Level 12
Report Inappropriate Content
Message 33 of 194

Re: W32/Wecorl.a 0-day?

svchost.exe is independant of IE, so I would be surprised if this was the case.

PhilR
Level 12
Report Inappropriate Content
Message 34 of 194

Re: W32/Wecorl.a 0-day?

So, how long would it take McAfee to re-release 5957 as 5959 and populate its mirrors?

That's what really needs to happen NOW.

Re: W32/Wecorl.a 0-day?

PhilR: YES.

Here's another little bit of fun:

Windows accounts with just "user" permissions cannot issue shutdown -a.

I am working on a batch file using cpau to run with admin rights so they can stop the shutdown, since they have to wait for the popup window before they can issue the command.  I'd rather not touch ~700 machines.  I'm assuming that once McAfee releases the fixed DAT, ePO can then push it out to the affected computers to correct this isue.

Message was edited by: CrazyFingers on 4/21/10 11:28:19 AM CDT

Re: W32/Wecorl.a 0-day?

Getting all the machines back in a working state that have been affected by the .dat without actually touching them is the issue for us now. Epic Fail on McAfee's part on this one. What about all those hospitals that are using McAfee's products..."oops" doesn't cut it.

Anyone have any suggestions on how to do that on a domain of 2000+ computers? 😕

pauln
Level 7
Report Inappropriate Content
Message 37 of 194

Re: W32/Wecorl.a 0-day?

Has anyone found whether

sfc /scannow

will fix the damage?

Re: W32/Wecorl.a 0-day?

not sure, will try.

pfarrell
Level 7
Report Inappropriate Content
Message 39 of 194

Re: W32/Wecorl.a 0-day?

There's no actual damage.  It's not cleaning/deleting the file, just causing a dump/reboot.  Rollback the dat and you should be fine.

Tefty
Level 7
Report Inappropriate Content
Message 40 of 194

Re: W32/Wecorl.a 0-day?

It is deleting the file.

I have now tested 5 Windows XP SP3 machines and the SVCHost.exe is not present in C:\Windows\System32.

Due to this Services.msc does not work either and neither does half od the explorer.exe (Start Menu etc...).

I have tried to copy back in the SVCHost via different methods but McAfee Quarantine's / Deletes it straight away.

Currently working on Disabling McAfee OAS through Safe Mode.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community