BBC WINDOWS UPDATE HITS I.E

[Bernice Moore]

http://news.bbc.co.uk/2/hi/technology/8636985.stm

FROM FROG THANKS ..B

[John Dolva]

Bernice, I wonder if you could post the article please? (If not, that's cool, i'll hear about it in other ways sooner or later). (Unfortunately, on a number of occasions when i've followed links, i experience an intrusion attempt and or a bad ware, so, i tend not to follow links) There is also the advantage of the article being logged here independently of the other site.

[Evan Burton]

John,

The upshot of it is that if you are a McAfee anti-virus user, the latest update has misidentified a Windows file as being a virus. If you downloaded and installed update 5958, then your PC is probably have a problem.

The file affected is called svchost.exe; my firewall and AV have occasionally queried me as to whether it is a "safe application" and I say it is okay.

As well as your firewall and AV, I would also recommend a regular scan with software specifically designed to detect malware or spyware. Two of the best are Spybot Search & Destroy, or Malwarebytes Anti-Malware. Both have free and paid versions available.

[John Dolva]

Evan, thank you for that.

I'm sure not just I appreciate your response. Svchost is an essential component. Wierd that an av program id's such an oldie as a virus. Perhaps they are trying some detection method that is supposed to speed up the detection in bloatware and reports things that have features of viruses. A bit different from when windows came on a few floppies and f-prot complete with space for extra def files on one floppy.

AVG has a similar problem when in trying to speed things up it instead buggers things up. It's likely a problem that'll plague the industry for some time until someone releases the next big thing.

I've heard microtrend is ok for now. Norton is vulnerable. Many people blissfully believe their setup is secure but keep on adding portals. I'm waiting for the Linux GUI flavour that'll blow Gates out of the water. Prob not far away.

[John Dolva]

http://www.neuber.com/taskmanager/process/svchost.exe.html

''What is svchost.exe? Is svchost.exe spyware or a virus?

How to fix svchost.exe related problems?

1. Run Security Task Manager to check your svchost.exe process

2. Run Registry Booster to fix svchost.exe related errors

3. Run Spyware Doctor to remove persistent malware

Process name: Host Process for Services

Product: Windows

Company: Microsoft

File: svchost.exe

Security Rating: 1

"Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. It cannot be stopped or restarted manually. This process manages system services that run from dynamic link libraries (files with extension .dll). Examples for such system services are: "Automatic Updates", "Windows Firewall", "Plug and Play", "Fax Service", "Windows Themes" and many more.

At startup, Svchost.exe checks the services portion of the registry and constructs a list of services that it needs to load. Under normal conditions, multiple instances of Svchost.exe will be running simultaneously. Each Svchost.exe session can contain a grouping of services, so that many services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

If the process svchost.exe uses high cpu resources, it is mostly due because the service "Automatic Updates" is downloading some new Windows update. But having a 99% or 100% cpu usage could be caused by downloads due of some hidden malware on your computer. Some malware like the Conficker worm changes the Windows Registry so that svchost loads the malware .dll file. In this case you only see the authentic svchost.exe process in the task manager! Use our free Svchost Analyzer to find such malware.

See also: Microsoft reference

Note: The svchost.exe file is located in the folder C:\Windows\System32. In other cases, svchost.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.

Virus with same name:

Symantec Security Response - W32.Welchia.Worm

Symantec Security Response - W32.Assarm@mm

McAfee - W32/Jeefo

Microsoft Conficker worm ''

[Bernice Moore]

Security update hits Windows PCs

Thousands of PCs around the world have been paralysed by a security update that wrongly labelled part of Windows as a virus.

The update was sent out by security firm McAfee and made affected PCs endlessly restart.

Corporate customers of McAfee seemed to be hardest hit but some individuals reported problems too.

McAfee apologised for the mistake and released a fix to ensure PCs started working again.

Thousands hit

The problems were caused by an update to the long list McAfee's anti-virus uses to identify which programs are malicious.

McAfee's 5958 update wrongly identified the Windows svchost.exe file as the wecorl.a virus. This worm tries to replace an existing svchost file with its own version to help it take over a machine.

The update wrongly labelled svchost as the virus and then quarantined it. This caused many PCs to crash as Windows uses many copies of the file to keep the operating system going.

Computers inside businesses running Windows XP with service pack 3 applied were the hardest hit according to reports. The University of Michigan said 8,000 of its 25,000 computers were hit by the faulty update.

The SANS Internet Storm Center said the update was causing "widespread problems" and said it received reports about "networks with thousands of down machines and organizations who had to shut down for business until this is fixed."

Analyst Rob Enderle said the update "pretty much took Intel down today". Mr Enderle was at the chip giant's HQ for a meeting when the widespread crash started to hit the computers of the people with whom he sat.

"We believe that this incident has impacted less than one half of one percent of our enterprise accounts globally," said a statement from McAfee, adding that an even smaller percentage of its consumer customers were hit.

It said it removed the update "within hours" and released an updated file free of the mistake. It also issued a "sincere apology" for the inconvenience caused.

Story from BBC NEWS:

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8636985.stm

Published: 2010/04/22 10:52:35 GMT

© BBC MMX

Print Sponsor

Advertisement