McAfee’s False Positive of w32/wecorl.a Caused Removal of svchost.exe

Yesterday morning there were reports of computers going into a continuous rebooting cycle due a a glitch with McAfee’s antivirus software update. Apparently this only affected McAfee’s enterprise customers, and only on computers running Windows XP SP3. Even though the absolute number of computers affected does not appear to be large (McAfee’s own press release puts that number at 0.005% of all machines running McAfee), the story nevertheless made it to the front page of Digg, and Twitter was abuzz with anti-McAfee tweets. What’s worse, malware vendors have used this opportunity to spam search engine results, leading unsuspecting users to download viruses and trojans.

Continue reading