wwwebsurfer All American 10217 Posts user info edit post |
Any tech guys getting a mass of email/phone calls as your entire network restarts repeatedly?
I'll be prayin' none of ya'll are in this mess, cause that would be a very, VERY bad day. 4/21/2010 3:04:58 PM |
Grandmaster All American 10829 Posts user info edit post |
mostly symantec corp here. 4/21/2010 3:12:56 PM |
gs7 All American 2354 Posts user info edit post |
http://isc.sans.org/diary.html?storyid=8656
Quote : | "McAfee DAT 5958 Update Issues
Published: 2010-04-21, Last Updated: 2010-04-21 19:12:24 UTC by Guy Bruneau (Version: 1)
McAfee's "DAT" file version 5958 is causing widespread problems with Windows XP SP3. The affected systems will enter a reboot loop and loose all network access. We have individual reports of other versions of Windows being affected as well. However, only particular configurations of these versions appear affected. The bad DAT file may infect individual workstations as well as workstations connected to a domain. The use of "ePolicyOrchestrator", which is used to update virus definitions across a network, appears to have lead to a faster spread of the bad DAT file. The ePolicyOrchestrator is used to update "DAT" files throughout enterprises. It can not be used to undo this bad signature because affected system will lose network connectivity.
The problem is a false positive which identifies a regular Windows binary, "svchost.exe", as "W32/Wecorl.a", a virus. If you are affected, you will see a message like:
The file C:WINDOWSsystem32svchost.exe contains the W32/Wecorl.a Virus. Undetermined clean error, OAS denied access and continued. Detected using Scan engine version 5400.1158 DAT version 5958.0000.
McAfee released an updated DAT file, and an "EXTRA.DAT" file to fix the problem. An EXTRA.DAT file is a patch to just fix the bad signature. McAfee's support web sites currently respond slowly and are down at times, likely due to the increased load caused by this issue.
Several readers reported that this procedure worked to recover:
1 - Boot the system in "Safe Mode" 2 - copy extra.dat in c:/program files/common files/mcafee/engine 3 - reboot.
If you lost "svchost.exe", then you need to copy it back to c:/Windows/system32/svchost.exe while in safe mode.
Additional information from McAfee: http://community.mcafee.com/thread/24056?tstart=0 McAfee Knowledgebase Article: https://kc.mcafee.com/corporate/index?page=content&id=KB68780 EXTRA.DAT file: http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=265240." |
Ouch.4/21/2010 3:15:09 PM |
Nighthawk All American 19623 Posts user info edit post |
Glad I don't have that piece of shit AV program running on my system. 4/21/2010 3:18:43 PM |
wwwebsurfer All American 10217 Posts user info edit post |
^exactly. If you had like 10,000 machines and had to sit down at each one to fix it by hand? If this was a major corp you'd be doing department triage... who would get their stuff back first? Accounting? Customer Service? Admins?
On a side note: I'll work for $10/hour through the night if anyone needs help getting their machines back on line. Serious too, just to provide a hand to a TWW'er 4/21/2010 3:20:20 PM |
Nighthawk All American 19623 Posts user info edit post |
^We only have about 1500+, but with 4 guys including the boss, we would be in a world of shit. 4/21/2010 3:28:41 PM |
phishbfm All American 4715 Posts user info edit post |
http://www.frumpzilla.com/frumpzilla_site/articles/mcafee-fail/ 4/21/2010 4:04:26 PM |
Nighthawk All American 19623 Posts user info edit post |
One of the guys on Engadgets forums said all of Intel is down. Apparently they were just on the cusp of rolling out Win 7, so the whole company is pretty much dead at this point and they were all sent home early.
^What a smug little shit that is. Tee hee I have a Macbook. Guess what fuckface, my home and work computer both are on Windows 7 and both don't use bloatware like McAfee, so I'm fine and my network is great too.
[Edited on April 21, 2010 at 4:08 PM. Reason : ] 4/21/2010 4:06:30 PM |
phishbfm All American 4715 Posts user info edit post |
sensitive much? 4/21/2010 4:09:56 PM |
wwwebsurfer All American 10217 Posts user info edit post |
I'm with Nighthawk. The mac supervirus is coming, it's probably already here with 99% infection rate - but they all too smug to run basic software like antivirus. 4/21/2010 4:17:43 PM |
Golovko All American 27023 Posts user info edit post |
Quote : | "^What a smug little shit that is." |
Why is that smug? Its no different then what Pro-Windows bloggers write...in fact its probably a lot more tame than most.4/21/2010 4:20:42 PM |
Nighthawk All American 19623 Posts user info edit post |
^However the issue I find is that 85% of Mac users think this same way, that they are somehow superior to the neanderthals who use anything not personally blessed by Steve Jobs himself. That's where I have the problem with Mac users.
For reference to the kind of bloggers I am talking about, see Ken Rockwell:
http://www.kenrockwell.com/apple/why-pros-use-mac.htm 4/21/2010 5:35:42 PM |
Golovko All American 27023 Posts user info edit post |
Quote : | "^However the issue I find is that 85% of Mac users think this same way, that they are somehow superior to the neanderthals who use anything not personally blessed by Steve Jobs himself. That's where I have the problem with Mac users." |
lol 85% of users in BOTH camps are exactly like that and think the other is inferior. It's a two way street, buddy.
I read the first paragraph and there are some valid points in there pre-Windows 7.
[Edited on April 21, 2010 at 5:38 PM. Reason : .]4/21/2010 5:37:48 PM |
Nighthawk All American 19623 Posts user info edit post |
In particular I was addressing the "Companies lose BILLIONS a year from using Windows instead of Mac" and the "conspiracy" between Microsoft and IT departments. Keep reading. Its a real gem.
Enough of my bullshit though, talk about the Fail bomb that is McAfee! I guess the techies that are affected don't have time to get on here because they have another 400 computers to sit down and fix tonight.
[Edited on April 21, 2010 at 5:42 PM. Reason : ] 4/21/2010 5:40:45 PM |
kiljadn All American 44690 Posts user info edit post |
good lord
a whole team of motherfuckers needs to lose their jobs for this 4/21/2010 5:41:58 PM |
Golovko All American 27023 Posts user info edit post |
Quote : | "It runs smoothly for months at a time." |
I stopped reading after this because thats simply not true. Sure the OS can run for months at a time if you aren't really doing much other than basic needs...but once you start running real apps they are prone to crash. Most crashes are easy to recover from without affecting the rest of the OS but every now and then you do need to hold down the power button.
One bug in particular involves external displays and macbook/macbook pro's.4/21/2010 5:43:30 PM |
kiljadn All American 44690 Posts user info edit post |
^that particular bug hits my coworkers at least once a day. There's no "this machine is better than that"
it's whatever. my workflow is perfected on a windows machine. my coworkers prefer macs. 4/21/2010 5:58:19 PM |
Golovko All American 27023 Posts user info edit post |
Quote : | "^that particular bug hits my coworkers at least once a day. There's no "this machine is better than that"" |
that bug used to affect me daily until I figured out the bug free process. I usually have my lid closed when i'm at home working on my external monitor.
If you disconnect it with the lid closed thats where you experience the bug and have to do a hard reboot.
If you open the lid, select 'detect displays' from the display drop down and then disconnect, you'll be fine.
A separate but similar bug is in photoshop. If you are using photoshop in fullscreen mode (shortcut F) and disconnect from an external display...your Photoshop is fucked and you will need to restart photoshop.4/21/2010 6:28:09 PM |
Master_Yoda All American 3626 Posts user info edit post |
Havent read too much on this but hearing from you guys, ya this is gonna cause some mass hell for some companies. Lets see who leaves McAfee after this, and how much they get sued.
Quote : | " The mac supervirus is coming, it's probably already here with 99% infection rate - but they all too smug to run basic software like antivirus.
" |
Thats one good thing a lot of universities are starting to require macs to have AV. NCSU did it a couple years back, as they are def popular in large amounts on a campus.4/21/2010 7:07:01 PM |
Nighthawk All American 19623 Posts user info edit post |
So I guess none of the other IT trolls around here had employers stupid enough to be running McAfee? 4/22/2010 11:33:30 AM |
Optimum All American 13716 Posts user info edit post |
plenty of them here at TAMU. just none running on Windows XP SP3 in my sphere of influence. 4/22/2010 11:34:47 AM |
gs7 All American 2354 Posts user info edit post |
Well, all they had to do to prevent the problem is not automatically push updates from McAfee before testing them first. 4/22/2010 12:11:44 PM |
BobbyDigital Thots and Prayers 41777 Posts user info edit post |
Yesterday we had a significant number of XP users down due to this. Those who have Macs were obviously not affected.
In order for our engineers to service our customers, the mac users were basically stuck with a higher workload.
So who really won?
EDIT: btw, i've always argued that McAfee is as bad as a virus. When I use a PC, often times it's CPU is bogged down due to fucking Mcafee.
[Edited on April 22, 2010 at 12:24 PM. Reason : .] 4/22/2010 12:21:20 PM |
Golovko All American 27023 Posts user info edit post |
Mac pwnt stay home at work 4/22/2010 12:22:44 PM |
cain All American 7450 Posts user info edit post |
^^ i'm just happy i had email on my phone so i could get the email telling me how to fix my chain rebooting laptop with no network connectivity. 4/22/2010 12:41:39 PM |
Arab13 Art Vandelay 45180 Posts user info edit post |
had to reboot yesterday due to this i guess, but other than that no problems... 4/22/2010 12:56:19 PM |
FroshKiller All American 51911 Posts user info edit post |
Yesterday, we were all svchost.exe. 4/22/2010 1:27:38 PM |
Golovko All American 27023 Posts user info edit post |
^not Mac users. Yesterday, Mac users were smug.
[Edited on April 22, 2010 at 2:33 PM. Reason : .] 4/22/2010 2:33:08 PM |
Optimum All American 13716 Posts user info edit post |
^ When they weren't too busy doing the work of the down PC users. 4/22/2010 3:32:56 PM |
FroshKiller All American 51911 Posts user info edit post |
Microsoft Security Essentials users were smug.
[Edited on April 22, 2010 at 3:35 PM. Reason : no takebacks] 4/22/2010 3:35:09 PM |
Optimum All American 13716 Posts user info edit post |
^ shaggy 4/22/2010 3:58:11 PM |