文章编号: 2025695 - 查看本文应用于的产品
展开全部 | 关闭全部

概要

McAfee has identified an issue in its virus definition (DAT) file. This issue causes a false-positive detection of the W32/wecorl.a virus in the Svchost.exe process. When this false positive occurs, the Svchost.exe process may be quarantined or removed, depending on the software configuration. This behavior may cause one of the following issues:

  • The computer shuts down when a DCOM error or an RPC error occurs.
  • The computer continues to run without network connectivity.
  • The computer triggers a Stop error on a blue screen. 

Windows XP Service Pack 3 (SP3) is the only operating system that is affected by this problem. This is a known problem.

更多信息

Resolution

Option 1:

For the latest information about this issue, including recovery steps, visit the following McAfee Web site:

https://kc.mcafee.com/corporate/index?page=content&id=KB68780 

Option 2:

To manually repair a computer that encounters this problem, follow these steps:

1.     Restart the computer in safe mode by pressing F8 before the Windows splash screen appears. 

2.     Log on to the computer. Press CTRL+ALT+DEL, and then click Start Windows Task Manager.

3.     On the File menu, click New Task (Run).

4.     Type cmd.exe, and then press ENTER.

5.     Rename the Avvscan.dat file to prevent the Svchost.exe file from being removed by McAfee until an updated DAT file is installed. To do this, run the following command:

ren “%CommonProgramFiles%\McAfee\Engine\avvscan.dat” avvscan.old

Note This behavior removes McAfee virus definitions. Make sure that you update to the latest definitions (version 5959 of the DAT file or later versions) after you complete these steps to restore virus definitions.

6.     Restore the Svchost.exe file to the system32 directory by running the following command. A backup copy is typically stored in the DLLCACHE folder.

copy %systemroot%\system32\dllcache\svchost.exe %systemroot%\system32\

 Then, press ENTER.

Note If this command fails with a "The system cannot find the file specified" error, verify the syntax, or go to the "Advanced Steps to recover a missing svchost.exe" section.

7.     Restart the computer. 

Advanced Steps to recover a missing Svchost.exe file

  1. To download Windows XP Service Pack 3 (SP3), visit the following Microsoft Web site:
     
    http://www.microsoft.com/downloads/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4
  2. Click Start, click Run, type cmd.exe in the Open box, and then press ENTER. 
  3. Use the cd\ command to change to the directory to which you downloaded this Windows XP SP3 file.  For example, run the following command:
     
    cd c:\directory name
  4. Extract the files from the WindowsXP-KB936929-SP3-x86-ENU.exe file by typing the following at a command prompt:

    WindowsXP-KB936929-SP3-x86-ENU.exe /x: directory name

    Note The directory name placeholder represents the directory where you saved the extracted files. 
  5. Expand Svchost.exe from the extracted folder, and then use the following command to put the file in the correct location:
     
    expand –r .\i386\svchost.ex_ %systemroot%\system32\
      

Option 3:

For steps to create a task sequence that automates this repair in System Center Configuration Manager 2007, visit the following Microsoft Web site:

http://blogs.technet.com/configurationmgr/archive/2010/04/22/configuration-manager-2007-task-sequence-to-assist-in-resolving-mcafee-antivirus-deleting-svchost-exe.aspx

More Information

This issue occurs for version 5958 of the McAfee DAT file. This DAT file was released on April 21, 2010. This DAT file has been superseded by version 5959. Version 5959 which corrects the false-positive detection that is described in the "Summary" section. Additionally, McAfee has released an EXTRA.DAT file that can be used to suppress the false-positive detection of the Svchost.exe process for customers who are running version 5958 of the DAT file.

 

属性

文章编号: 2025695 - 最后修改: 2011年7月29日 - 修订: 4.0
这篇文章中的信息适用于:
  • Microsoft Windows XP Service Pack 3
关键字:?
KB2025695
Microsoft和/或其各供应商对于为任何目的而在本服务器上发布的文件及有关图形所含信息的适用性,不作任何声明。 所有该等文件及有关图形均"依样"提供,而不带任何性质的保证。Microsoft和/或其各供应商特此声明,对所有与该等信息有关的保证和条件不负任何责任,该等保证和条件包括关于适销性、符合特定用途、所有权和非侵权的所有默示保证和条件。在任何情况下,在由于使用或运行本服务器上的信息所引起的或与该等使用或运行有关的诉讼中,Microsoft和/或其各供应商就因丧失使用、数据或利润所导致的任何特别的、间接的、衍生性的损害或任何因使用而丧失所导致的之损害、数据或利润不负任何责任。

提供反馈

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com