How to fix your McAfee-crippled computer

關於本站運作的一切事項、問題式意見,歡迎發表。

How to fix your McAfee-crippled computer

文章 #1  未閱讀文章PoP » 2010-04-23 08:22

Source: http://news.cnet.com/8301-1009_3-20003106-83.html?tag=nl.e757

McAfee pushed out a malformed security patch early on Wednesday that wound up crippling computers running Windows XP, but there is a fix available. Users should note that it's labor-intensive and must be applied manually to each computer. If you're running Windows Vista or Windows 7, your computer shouldn't be affected by the bad update.

If your computer is shutting down automatically, you must address that before you can fix anything else.

# Step 1: Open a command prompt: Start menu, Run, then type cmd and hit Enter
# Step 2: Type shutdown -a, which will prevent the shutdown from occurring

McAfee has revealed two fixes for the problem. Each one requires multiple steps, and can be confusing. If you're not comfortable with advanced computer fixes, you should get help with this.

For the first fix, go to the McAfee interface through the Start menu, and disable Access Protection and On-Access Scanner.

# Step 1: Click Start, Programs, McAfee, and then VirusScan Console
# Step 2: Right-click "Access Protection"
# Step 3: Select "Disable"

If you have Internet access, download the EXTRA.ZIP file provided by McAfee and unzip the EXTRA.DAT within. (Note that Nai.com is a safe site maintained by McAfee, for those who were wondering.) Once EXTRA.DAT has been extracted:

# Step 1: Click Start, Run, then type services.msc and click "OK"
# Step 2: Right-click the McAfee McShield service and select "Stop"
# Step 3: Copy EXTRA.DAT to "\Program Files\Common Files\McAfee\Engine"
# Step 4: Then restart the McAfee McShield service by right-clicking on it and choosing "Start" from the context menu
# Step 5: Re-enable access protection by going back to the VirusScan Console
# Step 6: Right-click "Access Protection"
# Step 7: Select "Enable"
# Step 8: In the VirusScan Console, go to the Quarantine Manager Policy
# Step 9: Click the Manager tab
# Step 10: Right-click on each file in the Quarantine and choose "Restore"

There is, of course, one massive hang-up with this McAfee-recommended solution: More likely than not, you don't have Internet access on your McAfee-borked computer. In fact, it's highly unlikely that you have access to much of anything, since deleting SVCHOST.EXE prevents key Windows 32-bit sub-system processes from functioning at all. To get the EXTRA.DAT on your computer, you'll probably have to download it on an unaffected computer, then copy it to either a USB drive or a CD-ROM and use the command prompt to copy it over to your C: drive.

The second workaround requires that you apply the EXTRA.DAT fix as detailed above before beginning and that you have access to a second, unaffected Windows XP computer. On that computer, go to C:\WINDOWS\system32 and copy SVCHOST.EXE to a network location or a removable media device such as a USB stick. Then copy the SVCHOST.EXE from the unaffected computer to the affected computer, and restart the McAfee-afflicted computer. There are details on applying the EXTRA.DAT via ePolicy Orchestrator at McAfee's fix on Nai.com.

Severe problems caused by buggy or false positive security updates are rare, but not unheard of. Recent instances include an update from Avast that marked hundreds of legitimate files as threats in December 2009, Computer Associates flagging a Windows system file as a virus in July 2009, and AVG marking ZoneAlarm as malware in October 2008.

McAfee did not immediately responded to a request for comment.

Updated at 5 p.m. PDT with additional information.

McAfee Executive Vice President of Technical Support and Customer Service Brian MacPherson has written a blog post and a follow-up commenting on the situation, although neither addresses how the bad update made it past quality-control testing in the first place.
當流赤足蹋澗石,水聲激激風吹衣。
人生如此自可樂,豈必局束為人鞿?
頭像
PoP
 
文章: 13617
註冊時間: 2006-12-06 03:42

回到 站務處

誰在線上

正在瀏覽這個版面的使用者:沒有註冊會員 和 1 位訪客

cron