McAfee

[saint_stevo]

Utter, Utter c*nts.

 

Released a dodgy DAT file and now all of our machines are in a reboot loop!

 

http://isc.sans.org/diary.html?storyid=8656

 

Gonna be a long night......

[thesaint sfc]

McCrapee we call it at work.

[Ponty]

The days must simply fly by.

[thesaint sfc]

It is a blast.

 

We call Bright FM - ****e FM.

 

Heart FM - Fart FM.

[saint_stevo]

'stevo your alright to finish at 9 and be back in for 6am yeah' ****s

[chrisobee]

'stevo your alright to finish at 9 and be back in for 6am yeah' ****s

 

Of all people it would happen to you !! You really couldn't make it up

[Mewsta]

My worst nightmare.... On days like this I am so glad I am using Kaspersky!

[thesaint sfc]

Today we've had 8 systems booked in with a runtime error - all have Mcafee installed.

[thesaint sfc]

OK - turned out to be an error with Roxio not mcafee

[thesaint sfc]

OK nope -its related to http://download.cnet.com/8301-2007_4-20003106-12.html

 

Windows start bar has disappeared on all systems now. F*cking nightmare. I hate mcafee.

 

Howd you fix it Stevo?

[S-Clarke]

OK nope -its related to http://download.cnet.com/8301-2007_4-20003106-12.html

 

Windows start bar has disappeared on all systems now. F*cking nightmare. I hate mcafee.

 

Howd you fix it Stevo?

 

Grab the file - svchost.exe from an unaffected PC and copy that back onto the system32 dir of the screwed system. That's bassicaly what the DAT update screws, it thinks svchost is a virus, so it deletes it (or zeros it) - thus losing (some) exporer and dcom functionality.

 

reboot and quickly install the new DAT (if you leave it too long, it deletes svchost again)

 

link to a nice working DAT - http://majorgeeks.com/download4425.html?2010-04-21

 

It's an odd one, seems to affect PC's in different ways. Some lose all network connectivity and taskbar/start menu, whilst others just loop and even some have BSOD's.

 

hope mcafee hang someone for this!

[saint_stevo]

sorry for late reply here, been running round like a headless chicken and driving around to sites to remedy! Fix i been using with success is to install 5859dat from disk and after that copy over svchost from an unaffected machine. Reboot and robert is your mothers brother. If it starts trying to shutdown again, go start-run, and type in 'shutdown -a'. Aborts shutdown. Symptoms i have seen on affected machines include no start bar, changed start bars to grey (not classic, just a greyed bar) and bsod. Also seems to shut off all connectivity. Just finished having started at half6 this morning. Waiting on an epo deployable solution......could be waiting a while. Apologies if i have taught anyone to suck eggs, and again sorry i didnt get on earlier to update

[St Landrew]

sorry for late reply here, been running round like a headless chicken and driving around to sites to remedy! Fix i been using with success is to install 5859dat from disk and after that copy over svchost from an unaffected machine. Reboot and robert is your mothers brother. If it starts trying to shutdown again, go start-run, and type in 'shutdown -a'. Aborts shutdown. Symptoms i have seen on affected machines include no start bar, changed start bars to grey (not classic, just a greyed bar) and bsod. Also seems to shut off all connectivity. Just finished having started at half6 this morning. Waiting on an epo deployable solution......could be waiting a while. Apologies if i have taught anyone to suck eggs, and again sorry i didnt get on earlier to update

 

Looks like you put in one of those shifts where people actually appreciate their technical support/troubleshooter staff, every once in a while. One question though. Why do people still use McAfee..? Is is cheap or something..? I've never known it to do anything other than to eventually screw up, and that was years ago. A barge pole and don't touch with are phrases that spring to mind.

[saint_stevo]

Looks like you put in one of those shifts where people actually appreciate their technical support/troubleshooter staff, every once in a while. One question though. Why do people still use McAfee..? Is is cheap or something..? I've never known it to do anything other than to eventually screw up, and that was years ago. A barge pole and don't touch with are phrases that spring to mind.

 

ePO is actually a half decent management tool for it.........plus it was in place before i arrived and is the same system as our parent company use (also hit for around 500 PC's)

 

Appreciation? Very little other than from my manager and director tbh

[thesaint sfc]

Easy peasy when you know how.

 

Boot up to safe mode - run this : http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe

 

(In some instances in safe mode the start bar was still missing, so put a my computer icon on the desktop to access memory stick this way. Use either command prompt or ctrl, alt, delete task manager to restart system.

 

Boot into normal mode. Run Mcafee updates.

 

Whilst updates are running you'll get the worm like prompt that your system will be shut down in 60 seconds.

 

Go to command prompt - type shutdown -a. (this can pop up a few times during update - so you'll need to do shutdown -a each time)

 

Allow Mcafee to finish installing updates.

 

All fixed.

Edited 23 April, 2010 by thesaint sfc

[Son of Bob]

McAfee? To be honest you're better off taking your chances with the viruses. They probably wont screw your PC up quite so badly!

[Tractor_Saint]

Caught it quickly at my work soon after we received reports of problems. 5858 was removed from the EPO and only couple of hundred or so servers and workstations had received the update. That evening when 5859 came out and was offered up by the EPO we were back down to double digits and no impact - a lucky escape, thank god McAfee isn't the core AV solution here!

 

http://siblog.mcafee.com/category/support/

[saint_stevo]

Problem is in *some* instances it closes off connectivity, so ePO cant get through.

 

Deep joy

[Tractor_Saint]

Yeah - we'll just let the on site support teams deal with those once the end users call the helpdesk for support

[saint_stevo]

Yeah - we'll just let the on site support teams deal with those once the end users call the helpdesk for support

 

55 sites, and me and my apprentice to fix all affected machines. (at least 1 per site currently)

 

Sweet

[thesaint sfc]

Been handy for us - £65 a fix. Quite surprised that no one we've dealt with has tried to claim off Mcafee - we've explained it was them that caused the problem.

[saint_stevo]

have contacted mcafee about possible compensation. More in hope than anticipation though

[Essruu]

LOL@ Antivirus Software.

[St Landrew]

LOL@ Antivirus Software.

 

Yeah, 5 computers out of every 100 are Apples. Whoop-dee-do..!

 

Frankly, who'd bother writing a virus..?

[Essruu]

Yeah, 5 computers out of every 100 are Apples. Whoop-dee-do..!

 

Frankly, who'd bother writing a virus..?

 

 

You know the reason for that is NOT market share. If it were, why would scammers already be targetting new iPad owners when only around 1 million have been sold? http://www.theregister.co.uk/2010/04/26/ipad_backdoor/

 

There are millions more Mac / Linux users in the world than there are iPad owners. This proves that it's nothing to do with market share - they're targetting the small market that is currently Windows PC and iPad owners BECAUSE WINDOWS IS INHERENTLY INSECURE.

 

'Frankly, who'd bother trying to write something for a secure operating system' is, I assume, what you mean.

[thesaint sfc]

Macs are rubbish.

[saint_stevo]

would rather have a surgical procedure that use/support a mac

[Essruu]

would rather have a surgical procedure that use/support a mac

 

You only have a job in support because of Windows.

[Bentley]

Anyone who needs an anti-virus probably shouldn't use a computer in the first place.

 

Haven't had a problem in three years. Mainly by using common sense.

[saint_stevo]

You only have a job in support because of Windows.

 

Because most of the world uses it.

 

Anyone who needs an anti-virus probably shouldn't use a computer in the first place.

 

Haven't had a problem in three years. Mainly by using common sense.

 

Depends on what you want to do with your computer, file sharing etc would require A.V and probably a firewall

[Essruu]

Because most of the world uses it.

 

No; Because it's sh1t and insecure. If most of the world switched to Mac or Linux systems, you and virtually every other support and helpdesk workers would become redundant overnight.

[saint_stevo]

if we all stopped sh*tting, the world would need less toilet roll

[Son of Bob]

If we all got off our arses and walked no-one would need taxi drivers!

[Baj]

No; Because it's sh1t and insecure. If most of the world switched to Mac or Linux systems, you and virtually every other support and helpdesk workers would become redundant overnight.

 

Then why does apple need a support dept?

[Al de Man]

Anyone who needs an anti-virus probably shouldn't use a computer in the first place.

 

Haven't had a problem in three years. Mainly by using common sense.

 

To a certain extent, I agree. I've had Symantec Corporate edition edition on my PC for the last four years and it's done very little except sit in the background and update automatically.

 

However, I did do a google images search for a stamp and site it directed me to tried to infect me with a trojan so you can never be certain.

[Essruu]

No; Because it's sh1t and insecure. If most of the world switched to Mac or Linux systems, you and virtually every other support and helpdesk workers would become redundant overnight.

 

Then why does apple need a support dept?

 

I said 'virtually every other support and helpdesk workers'. Every company needs support/ customer services depts.

 

The point is: All the time that Windows has such a large market share, the more support personnel companies are going to have to employ to deal with all of the cr@p that comes with it - crashes, conflicts, viruses, trojans and the like; All of that on top of the normal support you'd expect from any company. saint_stevo has Windows to thank for him not working in McDonalds.

[Tractor_Saint]

The point is: All the time that Windows has such a large market share, the more support personnel companies are going to have to employ to deal with all of the cr@p that comes with it - crashes, conflicts, viruses, trojans and the like; All of that on top of the normal support you'd expect from any company. saint_stevo has Windows to thank for him not working in McDonalds.

 

Don't agree - hackers look to the 80/20 rule. If Macs were in the majority then the hackers wouldn't bother with looking for vulnerabilities in Windows, they'd turn their attention to hacking Macs. Oh, and please don't start on the 'Macs are so much more secure than Windows machines'. The only way to secure a server / PC etc. is to unplug it.

[Essruu]

Don't agree - hackers look to the 80/20 rule. If Macs were in the majority then the hackers wouldn't bother with looking for vulnerabilities in Windows, they'd turn their attention to hacking Macs. Oh, and please don't start on the 'Macs are so much more secure than Windows machines'. The only way to secure a server / PC etc. is to unplug it.

 

Made me lol.

[Baj]

I said 'virtually every other support and helpdesk workers'. Every company needs support/ customer services depts.

 

The point is: All the time that Windows has such a large market share, the more support personnel companies are going to have to employ to deal with all of the cr@p that comes with it - crashes, conflicts, viruses, trojans and the like; All of that on top of the normal support you'd expect from any company. saint_stevo has Windows to thank for him not working in McDonalds.

 

And presumably you have a mac to thank you for working as a taxi driver? Don't be so ****ing patronising.

[Essruu]

And presumably you have a mac to thank you for working as a taxi driver? Don't be so ****ing patronising.

 

 

Yes; Every night when I come home, my MacBook, MacMini and my iPhone all line up to thank me.