Network Computers are infected

495 pts.
Tags:
Virus detection
Virus Remover 2009
Windows XP
A number of machines have rebooted and poped up with a dcom error and then a 60 second count down reboot, when we reboot programs will not run and the task bar has dissapeared, we have ran sops anti root kit and malware bytes but when we run malwarebyes on some machines we get this error : in trying to install malwarebytes the following error message came up.... "Run-time error '372' Failed to load control vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid.ocx may be outdated. MAke sure you are using the version of the control that was provided with your application" any ideas?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Are these computers running McAfee AntiVirus? If so, there was a bad DAT release yesterday. The reboot scenario you describe is a symptom of the computers having the 5958 DAT. Here is part of the support bulletin thread on this event.
=====================================
McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.

Q: What does the SuperDAT Remediation Tool Do?
A: The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in %SYSTEM_DIR%\dllcache\svchost.exe, if not present it will attempt a restore from %WINDOWS%\servicepackfiles\i386\svchost.exe, if not present it will attempt a restore from quarantine. After the tool is run, the machine needs to be rebooted.

Recommended Recovery SuperDAT Procedure
1. From a machine that has Internet access, locate and download the Recovery SuperDAT at <a href=”http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe”>http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe</a> and save it to portable media.
2. Take the portable media to each affected machine and run the tool. If you are not able to run the tool on the affected machine, boot in safe mode
3. Execute the Recovery SuperDAT tool
4. Reboot in normal mode
5. Use the product update to update to 5959

For additional FAQs and information, go to <a href=”https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=699235&page=content&id=KB68780″>https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=699235&page=content&id=KB68780</a> which will remain up to date.

================================
UPDATE #4 (7:38pm US/CDT)
McAfee has published recovery procedures for the following two scenarios:
• Recommended Manual Recovery Procedure using the Extra DAT where DAT 5958 is currently installed
• Alternate Manual Recovery Procedure using DAT 5959 where DAT 5958 is currently installed
This information has been posted on <a href=”http://vil.nai.com/vil/5958_false.htm”>http://vil.nai.com/vil/5958_false.htm</a> and will be continuously updated as more information and procedures become available.

================================
UPDATE #3 (2:55pm US/CDT)
Emergency DAT 5959 has been posted and is available at <a href=”http://www.mcafee.com/apps/downloads/security_updates/dat.asp”>http://www.mcafee.com/apps/downloads/security_updates/dat.asp</a>. This file is available in English and is replicating in other languages. For MORE information, go to the 5958 DAT Report on <a href=”http://vil.nai.com/vil/5958_false.htm”>http://vil.nai.com/vil/5958_false.htm</a>.

================================
UPDATE #2 (12:47pm US/CDT)
McAfee is aware that a number of corporate customers have incurred a false positive error due to incorrect malware alerts. Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

The 5958 DAT has been removed from McAfee download servers, preventing any further impact to corporate customers. McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. You can view information at <a href=”https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=699235&page=content&id=KB68780″>https://kc.mcafee.com/corporate/index?elq_mid=2373&elq_cid=699235&page=content&id=KB68780</a> (NOTE: system is currently slow) or the McAfee Community at <a href=”http://community.mcafee.com/docs/DOC-1374/”>http://community.mcafee.com/docs/DOC-1374/</a>
We will notify you of an emergency update when available, or in 90 minutes.

================================
ORIGINAL EMAIL (11:06am US/CDT)
McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file April 21 at 2:00pm (GMT +1). McAfee advises NOT to download this DAT. Please disable pull tasks and update tasks.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • RickC
    Yeah it was found it just after posting thanks for your reply tho mate ;-)
    495 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following