US-CERT is aware of public reports indicating that McAfee DAT release 5958 is incorrectly identifying the valid system file, C:Windowssystem32svchost.exe, as containing malicious code. Reports indicate that a false positive detection occurs on Windows XP Service Pack 3 systems. Symptoms include a denial-of-service condition when the McAfee software attempts to clean the file.
US-CERT encourages users and administrators to review the McAfee Virus Profile: W32/Wecorl.a and apply the “extra.dat” and additional updates provided by McAfee as necessary to mitigate this issue. Users should ensure that they have installed DAT 5959 or greater before running any on-demand scans.
Corporate users and administrators are encouraged to review the McAfee Corporate Knowledgebase Article KB68780, while home users are encouraged to review the McAfee FAQ Document TS100969.
This product is provided subject to this Notification and this Privacy & Use policy.