McAfee nukes WinXP

McAfee released a rather nasty malware update last night which identified svhost.exe in Windows XP SP3 as a virus called W32/Wecorl.a. A PC will try to reboot after half a minute and land in a neverending story boot cycle.

McAfee advises users who receive a detection for W32/Wecorl.a after updating to the 5958 DAT to not reboot their PCs.

The antivirus maker has already reacted to the problem and released a Recovery SuperDAT which can be downloaded here (.exe). Admins and users should transfer the recovery DAT to a USB stick, boot affected PCs in safe mode and run the SuperDAT. PCs then ought to be reboot in normal mode and receive a regular update of the meanwhile sanitised signature file, 5959 DAT.

McAfee claims its malware update merely hit 0.5 percent of corporate users worldwide and even less users of its consumer products. That said, 0.5 percent of users worldwide is actually quite a lot.

A detailed instruction of how to react can be found in McAfees corporate knowledge base right here.