False Positive Detection of w32/wecorl.a in 5958 DAT (McAfee)

Here is the procedure I used today to fix the issue with the false positive detection of w32/wecorl.a in 5958 DAT:

  • Download the EXTRA.ZIP file (bottom of the page) and extract the EXTRA.DAT file to a temporary location
  • Click Start, Run, type services.msc and click OK
  • Right-click the McAfee McShield service and select Stop
  • Copy (*1) the EXTRA.DAT file (or above like the now released 5959) to c:\program files\common files\mcafee\engine
  • Reboot in Safe Mode
  • Replace (*1) the current svchost.exe (c:\windows\system32\) with the copy stored in c:\windows\servicepackfiles\i386\svchost.exe or c:\windows\system32\dllcache\svchost.exe
  • Reboot and Test the system (*2)

(*1) If Windows does not allow you to copy the file, start the system with a bootable cd (like the Hiren’s boot cd) and then perform the copy operation

(*2) If McAfee fails to start consider re-installing the application

Additional information from McAfee can be found here and here.

Posted by Gabriel Maciel

No comments: