McAfee antivirus continuous restart Solution 2 and 3

Posted on by

Recommended Manual Recovery Procedure using the Extra DAT where DAT 5958 is currently installed

1. Locate the extra.dat from here and unzip

2. Boot in safe mode with “Network Option“ enabled

3. Copy Extra DAT into c:\program files\commonfiles\mcafee\engine

4. If svchost.exe exists in (c:\windows\system32) and is not a “0“ byte file, skip to step 5

5. If svchost.exe deleted,  Pull up the VSE console and open “Quarantine manager“

Click on the detection and select “Restore“

1) If the VSE console does not come up:
C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone
This will pull up the VSE console. Click on the detection and select “Restore“

2) If steps  4 and 4.1 do not work OR if svchost.exe is “0“ bytes:

a. When possible Copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present c:\windows\system32\dllcache\svchost.exe

b. Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same OS) from external media (USB, CD etc.)

If  “paste“ is grayed out, use the following commands:

Start -> run -> cmd

Run the following command “copy from [source\filename] to [destination\folder]“

Example:  copy x:\svchost.exe c:\windows\system32

6. Reboot in normal mode

7. Use the product update to update to 5959

8. Delete the Extra DAT file in c:\program files\commonfiles\mcafee\engine

Alternate Manual Recovery Procedure using DAT 5959 where DAT 5958 is currently installed

1. Boot in safe mode with “Network Option“ enabled

2. If svchost.exe not deleted (look in c:\windows\system32\svchost.exe) and is not 0 byte then network connection should be possible – skip to step 5

3. If svchost.exe deleted or if it is “0“ bytes, then network connection may not be possible

4. If svchost.exe deleted,  Pull up the VSE console and open “Quarantine manager“

Click on the detection and select restore

1) If the VSE console does not come up:

C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone

This will pull up the VSE console

2).    If steps 4 and 4.1 do not work OR svchost.exe is “0“ bytes:

a. When possible Copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present c:\windows\system32\dllcache\svchost.exe

b. Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same OS) from external media (USB, CD etc.)

If “paste“ is grayed out, use the following commands:

Start -> run -> cmd

Run the following command “copy from [source\filename] to [destination\folder]“

Example:  copy x:\svchost.exe c:\windows\system32

5. Download the 5959 SuperDAT from here

6. Run the SuperDAT program

7. Reboot in normal mode


more details at the source: McAfee KnowledgeBase – False positive detection of w32/wecorl.a in 5958 DAT.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>