by lunarg on April 23rd 2010, at 20:42

One of my clients at work was also a victim of the latest McAfee false-positive trouble. In case you don't know what I'm talking about, read the official statement (and remedy):
Basically the issue is that McAfee wipes svchost.exe from your system because it thinks there's a virus in it. And this file is in fact quite critical for Windows to function properly.

My client managed to skip by the worst part of the trouble, and only had this issue on two of their desktop computers (running Windows XP SP3). Their systems were not entirely crippled as they would still boot and log in, but they were otherwise unable to use networking, start some of their programs, etc. McAfee was quite thourough so simply restoring svchost.exe from the ServicePackFiles folder was not possible. I did think of bringing a Windows XP CD so that wasn't really the issue.

First, I had to disable McAfee so it would not bluntly kick the file again and again. With McAfee out of the way, I restored svchost.exe, then rebooted (I made sure McAfee had its on-access scanning disabled at the next startup), then updated McAfee with the latest definitions (April 22), then re-enabled McAfee.

I'm pretty sure they got lucky with only 2 computers being affected. I did a quick look-around on their other computers and servers, and they managed to slip by that one critical definition update.