Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

I've actually gone through and called those people who show "unread" on my
emails and ask "Is there any reason you decided to not read my email?"

Luckily, I scare them enough that it works. 🙂


"Patrick Farrell" <pfarrell@packereng.com> wrote in message
news:JaFzn.22137$yE3.7340@kovat.provo.novell.com...
> On 4/21/2010 10:48 AM, Joseph Marton wrote:
>> On Wed, 21 Apr 2010 14:53:03 +0000, Patrick Farrell wrote:
>>
>>> Most people can barely get logged in before it
>>> starts shutting down, so naturally they can't read any e-mail I want to
>>> send them about how to work around this.

>>
>> They won't be able to read your e-mails about the problem? How is this
>> different from a normal day? Don't tell me your users actually normally
>> read e-mails you send out!
>>

>
> True.. I always set my e-mails to show all status, and I frequently see
> "deleted" but not opened. Naturally those are the ones that call with
> questions regarding what was in the e-mail.
>
> Even if they read it, they usually read about one paragraph and then call
> and ask me something that was farther down. I'll ask "Did you read my
> e-mail?" Well part of it, but I decided to call instead.
>
> Sigh.
>



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On Wed, 2010-04-21 at 14:53 +0000, Patrick Farrell wrote:
> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
> my systems by detecting a false positive in svchost and causing a system
> shutdown. Lovely. Most people can barely get logged in before it
> starts shutting down, so naturally they can't read any e-mail I want to
> send them about how to work around this.
>
> This is going to be a fan-freaking-tastic day...


This attack from McAfee just took out a ton of our Win 98 boxes.

🙂 I'm glad I'm not the administrator of those.



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

craig_wilson;1965061 wrote:
But what about the busted PCs?

Do you need to Do some type of Safemode boot?
Can you copy the file over via a SystemShare before a user logs in?

What a mess!

On 4/21/2010 12:53 PM, Patrick Farrell wrote:
> On 4/21/2010 9:53 AM, Patrick Farrell wrote:
>> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
>> my systems by detecting a false positive in svchost and causing a system
>> shutdown. Lovely. Most people can barely get logged in before it starts
>> shutting down, so naturally they can't read any e-mail I want to send
>> them about how to work around this.
>>
>> This is going to be a fan-freaking-tastic day...

>
>
> They are e-mailing me an extra.dat file.
>
> 1 hour and 37 minutes on hold.



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.


Where is that extra.dat file?
0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 12:49 PM, Chris Cox wrote:
> On Wed, 2010-04-21 at 14:53 +0000, Patrick Farrell wrote:
>> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
>> my systems by detecting a false positive in svchost and causing a system
>> shutdown. Lovely. Most people can barely get logged in before it
>> starts shutting down, so naturally they can't read any e-mail I want to
>> send them about how to work around this.
>>
>> This is going to be a fan-freaking-tastic day...

>
> This attack from McAfee just took out a ton of our Win 98 boxes.
>
> 🙂 I'm glad I'm not the administrator of those.
>


Their forums are down now from the traffic.


0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Mcafee Enterprise users, warning...

abibbas;1965084 wrote:
Where is that extra.dat file?


https://kc.mcafee.com/corporate/index?page=content&id=KB68780

Thomas
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

Are my DOS machines safe? I'm running MSAV.


"Chris Cox" <cjcox@no-mx.forums.novell.com> wrote in message
news:1271872183.18768.28.camel@geeko...
> On Wed, 2010-04-21 at 14:53 +0000, Patrick Farrell wrote:
>> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
>> my systems by detecting a false positive in svchost and causing a system
>> shutdown. Lovely. Most people can barely get logged in before it
>> starts shutting down, so naturally they can't read any e-mail I want to
>> send them about how to work around this.
>>
>> This is going to be a fan-freaking-tastic day...

>
> This attack from McAfee just took out a ton of our Win 98 boxes.
>
> 🙂 I'm glad I'm not the administrator of those.
>
>
>



0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Mcafee Enterprise users, warning...

grimlock;1965097 wrote:
On 4/21/2010 12:49 PM, Chris Cox wrote:
> On Wed, 2010-04-21 at 14:53 +0000, Patrick Farrell wrote:
>> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
>> my systems by detecting a false positive in svchost and causing a system
>> shutdown. Lovely. Most people can barely get logged in before it
>> starts shutting down, so naturally they can't read any e-mail I want to
>> send them about how to work around this.
>>
>> This is going to be a fan-freaking-tastic day...

>
> This attack from McAfee just took out a ton of our Win 98 boxes.
>
> 🙂 I'm glad I'm not the administrator of those.
>


Their forums are down now from the traffic.


And their knowledge base is also difficult to get to. Seems like many have been affected by this. It will be nice to see if they apologize with a press release.

Thomas
0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 1:06 PM, thsundel wrote:
>
> abibbas;1965084 Wrote:
>> Where is that extra.dat file?

>
> https://kc.mcafee.com/corporate/index?page=content&id=KB68780
>
> Thomas
>
>


Their forums are down right now 🙂

If you need the extra.dat just e-mail me and I'll send it.

0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 1:05 PM, Craig wrote:
> Are my DOS machines safe? I'm running MSAV.


Well considering dos doesn't have an svchost.exe I'd say you are fine 🙂
0 Likes
Knowledge Partner
Knowledge Partner

Re: Mcafee Enterprise users, warning...

On Wed, 21 Apr 2010 18:57:27 GMT
Patrick Farrell <pfarrell@packereng.com> wrote:

> On 4/21/2010 1:06 PM, thsundel wrote:
> >
> > abibbas;1965084 Wrote:
> >> Where is that extra.dat file?

> >
> > https://kc.mcafee.com/corporate/index?page=content&id=KB68780
> >
> > Thomas
> >
> >

>
> Their forums are down right now 🙂
>
> If you need the extra.dat just e-mail me and I'll send it.
>

Looks like the have a special page up.....
http://vil.nai.com/vil/5958_false.htm
http://download.nai.com/products/mcafee-avert/5958/extra.zip

--
Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.45-0.1-default
up 6 days 6:48, 4 users, load average: 0.12, 0.15, 0.32
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 195.36.15

--
Cheers Malcolm °¿° SUSE Knowledge Partner
SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
If you appreciate what I've posted, click the LIKE button below. If this
solves your problem, please click the ACCEPT AS SOLUTION button.
0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 9:53 AM, Patrick Farrell wrote:
> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking all of
> my systems by detecting a false positive in svchost and causing a system
> shutdown. Lovely. Most people can barely get logged in before it starts
> shutting down, so naturally they can't read any e-mail I want to send
> them about how to work around this.
>
> This is going to be a fan-freaking-tastic day...


Odd one.. On every system so far, it hasn't actually deleted svchost.exe.

I get a call from one of our guys offsite.. Machine takes forever to log
in, task bar is reduced to a line at the bottom of the screen and he
can't stretch it up, and his usb ports aren't working.

Sure enough svchost.exe is 0 bytes and it has the current defs.
Fortunately there's a backup copy in windows\system32\dllcache
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On Wed, 2010-04-21 at 18:16 +0000, thsundel wrote:
> grimlock;1965097 Wrote:
> > On 4/21/2010 12:49 PM, Chris Cox wrote:
> > > On Wed, 2010-04-21 at 14:53 +0000, Patrick Farrell wrote:
> > >> The April 21st dat updates (5958.0000) (VirusScan 8.7i)are nuking

> > all of
> > >> my systems by detecting a false positive in svchost and causing a

> > system
> > >> shutdown. Lovely. Most people can barely get logged in before it
> > >> starts shutting down, so naturally they can't read any e-mail I want

> > to
> > >> send them about how to work around this.
> > >>
> > >> This is going to be a fan-freaking-tastic day...
> > >
> > > This attack from McAfee just took out a ton of our Win 98 boxes.
> > >
> > > 🙂 I'm glad I'm not the administrator of those.
> > >

> >
> > Their forums are down now from the traffic.

>
> And their knowledge base is also difficult to get to. Seems like many
> have been affected by this. It will be nice to see if they apologize
> with a press release.


We're using that extra.dat workaround with an old svchost file via
thumb drive to repair the laptops. Fortunately we stopped our ePO
server soon enough so that at least at our site, it's just a handful
for the moment.


0 Likes
grimlock1 Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

On 4/21/2010 2:14 PM, Chris Cox wrote:

> We're using that extra.dat workaround with an old svchost file via
> thumb drive to repair the laptops. Fortunately we stopped our ePO
> server soon enough so that at least at our site, it's just a handful
> for the moment.


There should be a copy in windows\system32\dllcache

On the 1 system where I had to replace the svchost (which had 0 bytes)
that's where I pulled it from.



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

I think I heard Patrick Farrell say something like:

> This is going to be a fan-freaking-tastic day...


Yeah, what a lovely update, perfect way to interrupt our OES2 Linux
training

--
Stevo
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Mcafee Enterprise users, warning...

I think I heard CitrixDude say something like:

>
> So very true... THANK YOU for posting this warning. Seriously, Thank
> you very much!
>
> I would have had 200+ Servers and 3000 workstations with this issue
> right now.


It only seems to affect winxp sp3 machines, don't think your servers
would have been hit.

--
Stevo
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.