McAfee Computer Virus: McAfee dat 5958 – False Positive Alarm

What is going on in McAfee today and what is a False Positive Alarm?

An Error code of 5958 has been experienced by Windows XP users of McAfee and they were afraid that there are rumors spreading that this is a virus and that it logs the use out of the system.  These rumors are false.

McAfee stated an official statement in their website that the McAfee 5958 error code is just a “False Positive” – meaning, it is giving an error out of nothing.

Don’t worry about anything major and computer virus and check out McAfee’s official website

17 thoughts on “McAfee Computer Virus: McAfee dat 5958 – False Positive Alarm

  1. It’s not an error code 5958. It’s an error caused by their DAT file 5958 and can and will send users into an endless reboot loop if they don’t know how to fix it.

  2. What do you mean to relax? this keeps rebooting the computers every minute or so , and on top of it mess up few other services and networking. This is a big mess and mcafee did not really handled that well. i will never buy their product again.

  3. Just quickly, the 5958 was an update and not an error message. McAfee released the 5958 dat which gives a false positive reading on svchost.exe and it is then quarantined. It affects Windows XP SP3. It does remove the network adapters and can shut your computer down with the NT Authority\System message. Easiest fix is to restore the file from McAfee quarantine and turn off scanning, reboot and update to the 5959 dat before turning on scanning.

  4. The false positive in the original version of DAT update 5958 (not “Error code of 5958”) recognized a virus where there was none and overwrote svchost.exe with a 0 kb file. This caused the affected machines to either reboot constantly or start up with most of the essential Windows services turned off, effectively disabling them.

    This affected machines that got their daily update this morning before McAfee realized their mistake.

    The good news is that anyone who is affected is off the internet and can’t read your misleading story anyway.

  5. The easiest way we have found to fix the problem is as follows sdat5957.exe from mcafee place on thumb drive

    2. Copy a svchost.exe from a working machine running windows xp SP3 to the same thumb drive

    3. Boot the infected pc in safe mode, varies for different types of machines

    4. Insert thumb drive on infected machine

    5. Open command prompt “Hit the windows key on your keyboard, usually next to the left Alt Key” + R

    6. type cmd, hit enter

    7. you will need to get to the drive for the thumb drive, in most cases this will most likely be E: or F:. To do this in the command prompt type E: or F: and hit Enter.

    8. Once in the thumb drive type, sdat5957.exe /f

    * This will force the downloaded 5958 DAT file to rollback to a previous state or in this case 5957

    9. now type copy svchost.exe “C:\windows\system32”, and then hit enter

    10. Next you will need to reboot

    11. Type shutdown -r -f , this will tell you that your computer will shutdown in 30 seconds. The -r will tell it to restart and the -f will force all other programs to shutdown as well.

    Ken Carrier Dayton, OH

    We had this problem as well and before anyone officially announced a fix this is what we were doing and we are having a lot of success. Hope this helps some people who were banging their heads like we were.

  6. “Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010.”

    “Enterprise customers of a widely used McAfee anti-virus product were in a world of hurt on Wednesday after an update caused large swaths of their machines to become completely inoperable.”

    …this is worse then a virus. If your a McAfee customer and your only learning about this now it’s most likely your already affected. If this is the case go to: (Good luck!)

  7. Amanda, you’re really going to want to revise this article.

    McAfee VirusScan Enterprise customers were surprised this morning when droves of Windows XP workstations with VirusScan Enterprise 8.7i started endlessly rebooting beginning around 10:00am EST. A bad DAT file update (DAT 5958) detected svchost.exe, a critical Windows system file, as being infected with W32/Wecorl.a.

    Because McAfee VirusScan Enterprise thought the file was a threat, it began to terminate the svchost.exe process, causing the operating system to shut down. In some cases, McAfee VirusScan Enterprise was able to remove svchost.exe, removing the user’s ability to access services depending on RPC such as networking, taskbar, firewall, etc.

    At this time, the countdown can be stopped by clicking Start–>Run–>shutdown -a

    1. Check if svchost.exe is still in C:\windows\system32. If not, replace it with a good copy from another Windows XP workstation off of a flash drive.

    You will need to hit Ctrl-Alt-Del and open Task Manager. Click New Task. Type cmd and hit OK. Move to the drive letter of your flash drive. Type copy svchost.exe C:\windows\system32 Reboot and proceed to step 2.

    2. If the svchost.exe file is there (or you just added it and rebooted), go to Start–>Control Panel–>Administrative Tools–>Services. Restart the McAfee Framework Service.

    3. Install DAT5959 from here.

    4. Reboot and enjoy. 🙂

  8. Amanda apparently doesnt work in an enterprise environment with hundreds of workstations connected to a domain. My company,s users experienced this fiasco from East to West Coast today and this was a major disruption of busines. To correct the problem, techs had to visit all affected users one-by-one and get them working again. McAfee blew it.

  9. Ken Carrier,

    We did the same thing. We figured it out and started fixing it before McAfee said anything. They seriously fell down.

    Read this:

    That’s McAfee’s response. They describe the problem incorrectly: “Researchers worked diligently to address this threat that attacks critical Windows system executables and buries itself deep into a computer’s memory.” No. It overwrites one file, svchost.exe, and doesn’t do squat to memory.

    And they blame the user: “Corporations who kept a feature called “Scan Processes on Enable” in McAfee VirusScan Enterprise disabled, as it is by default, were not affected.” Nope. Not true. It’s enabled by default.

    It’s one thing to make a mistake. It’s another to bullshit your way out of it. I don’t believe them. I don’t trust them anymore. Anyone else is free to draw his or her own conclusion.

  10. My computer is down. It cannot download anything.I will send the bill for everything they have destroyed on my computer.

  11. SPOT ON, Sparky!

    Amanda, dear — perhaps time to go back to J-School to learn to research your topic and then train to write in cogent, complete sentences.

    You totally missed the entire point of a WORLDWIDE significant issue. Hundreds of thousands, if not millions of computers were impacted. The total financial cost of down time, lost opportunity and repairs to systems will be astounding!

  12. I totaly agree about them “Droping The Ball” I worked until 0:20 this morning researching and resolving the issue, the symptoms that we experienced were not, and are still not displayed on their website and as stated before, bullshiting your way out of a situation is far from professional!

    I have already issued a tender for the provision of AV at renewal, guess who will not be invited to tender!

  13. Amanda,

    You clearly don’t know what your talking about.

    I’ve been on the phone all morning talking our remote offices through the fix procedure and having them download fresh svchost.exe and extra.dat’s from an unaffected PC.

    “Don’t worry about anything major and computer virus and check out McAfee’s official website” << thats actually lollable , comon ffs.

  14. Dude:

    don’t worry about it is a very dangerous thing to say. that corrupt dat file brought down 1000’s and 1000’s of computers. there is definitively something to worry about. I personally worry about the apparently non existing QA process at McAfee. they should have caught that one long before that file was released.

  15. I think that I don’t need to worry about intruders cause I’m using a high quality security software that I found on an website with the top ten best antivirus software. So if you want fully efficient protection I suggest you to use one of these software:

Leave a Reply

Your email address will not be published. Required fields are marked *