McAfee 5958病毒碼更新程序故障解決辦法

相信使用McAfee防毒軟體且是Windows XP的用戶，昨天應該會發現問題大條了！電腦突然當機或不斷重開機，McAfee當日上午（台灣時間21日晚間9點）發佈一次有問題的更新，讓該軟體強大的防惡意軟體機制搞錯防禦方向，轉而攻擊一項重要的Windows元件。

如何解決McAfee 5958病毒碼更新程序故障呢？如果您的電腦持續不斷重啟，它極有可能是由於McAfee 5958病毒碼更新程序故障強行刪除Windows XP系統元件Svchost.exe。刪除這個元件會導致防毒軟體和系統出現眾多異常故障，如：頻繁重新開機以及無法進行網路連線等等。

下面是一個比較簡單的McAfee 5958病毒碼更新程序故障解決辦法。

步驟一：使用F8啟動系統安全模式。

步驟二：重新命名「mcshield.exe」為「mcshield_temp.exe」。

步驟三：重新啟動電腦。

步驟四：開啟 McAfee VirusScan 主控台。

步驟五：點擊「工具」＼「復原DAT」。

步驟六：將「mcshield_temp.exe」改回「mcshield.exe」。

步驟七：再次重新啟動電腦。

步驟八：請執行病毒碼更新至5959以上。

McAfee 官方發佈的解決辦法：
McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.

Q: What does the SuperDAT Remediation Tool Do?

A: The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe, if not present it will attempt a restore from %WINDOWS%\servicepackfiles\i386\svchost.exe, if not present it will attempt a restore from quarantine. After the tool is run, the machine needs to be rebooted.

Recommended Recovery SuperDAT Procedure

1. From a machine that has Internet access, locate and download the Recovery SuperDAT at http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe and save it to portable media.
2. Take the portable media to each affected machine and run the tool. If you are not able to run the tool on the affected machine, boot in safe mode
3. Execute the Recovery SuperDAT tool
4. Reboot in normal mode
5. Use the product update to update to 5959

For additional FAQs and information, go to https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=1499948&page=content&id=KB68780 which will remain up to date.

McAfee 官方 SNS ALERT 郵件內容：
主旨：McAfee SNS ALERT: Update - w32/wecorl.a False Positive in 5958 DAT - DAT 5959 POSTED
內容：
Emergency DAT 5959 has been posted and is available at http://www.mcafee.com/apps/downloads/security_updates/dat.asp. This file is available in English and is replicating in other languages. For MORE information, go to the 5958 DAT Report on http://vil.nai.com/vil/5958_false.htm.

================================
UPDATE (12:47pm US/CDT)

McAfee is aware that a number of corporate customers have incurred a false positive error due to incorrect malware alerts. Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

The 5958 DAT has been removed from McAfee download servers, preventing any further impact to corporate customers. McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. You can view information at https://kc.mcafee.com/corporate/index?elq_mid=2363&elq_cid=1499948&page=content&id=KB68780 (NOTE: system is currently slow) or the McAfee Community at http://community.mcafee.com/docs/DOC-1374/

We will notify you of an emergency update when available, or in 90 minutes.

================================
ORIGINAL EMAIL (11:06am US/CDT)

McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file April 21 at 2:00pm (GMT +1). McAfee advises NOT to download this DAT. Please disable pull tasks and update tasks.

Information updates will be sent every 90 minutes to keep you advised.

官方文件：5958 DAT 中 w32/wecorl.a 誤報的更新
官方下載：SuperDAT Remediation Tool
官方網站：http://www.mcafee.com/tw/
相關閱讀：McAfee更新闖禍　Windows XP電腦大當機