McAfee Update Shutting Down Windows XP Computers

Confirmed: a bad McAfee update for Windows XP has shut down thousands, possibly millions, of computers around the world. That's big trouble.

Twitter has been buzzing with the news this afternoon that McAfee updates were shutting down XP PCs, and we've heard that California sent out an email to state workers a little while ago warning them of the problem. Also apparently affected: the University of Illinois at Urbana-Champaign, over 100,000 computers serviced by a UK IT firm and presumably countless others based on the reports that keep coming in.

According to Engadget:

"DAT update 5958 deletes the svchost.exe file, which then triggers a false-positive in McAfee itself and sets off a chain of uncontrolled restarts and loss of networking functionality."

There's also, apparently, a fix (also unconfirmed) according to Twitter user scratchfury:

boot to safe mode, rename mcshield.exe, reboot, run Virus Console, pick Tools -> Rollback DAT, name back to mcshield, reboot

That fix, though, as commenter Denver80203 points out below, only prevents you from getting nailed. Once your computer has been hit, things get a lot more complicated.

So far the impacted machines seem to be primarily enterprise and not consumer, but we'll update as soon as we know more about the scope of the problem.

UPDATE: McAfee just sent me the following statement:

McAfee is aware that a number of customers have incurred a false positive error due to incorrect malware alerts on Wednesday, April 21. The problem occurs with the 5958 virus definition file (DAT) that was released on April 21 at 2.00 PM GMT+1 (6am Pacific Time).

Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

The faulty update has been removed from all McAfee download servers, preventing any further impact on customers. We are not aware of significant impact on consumers and believe we have effectively limited such occurrence.

McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. McAfee apologizes for any inconvenience to our customers.

So that's good news for consumers, and every bit as terrible news as expected for corporate users who've already been burned.

[Engadget]