Anti-Virus Program Update Wreaks Havoc With PCs

Computers across the country have gotten stuck rebooting themselves after an anti-virus program started identifying a normal Windows file as a virus. Anti-virus vendor McAfee Inc. confirmed that a software update caused its anti-virus program to misidentify a harmless file. McAfee has posted a replacement update for download.

Computers in companies, hospitals and schools around the world got stuck repeatedly rebooting themselves Wednesday after an anti-virus program identified a normal Windows file as a virus.

McAfee Inc. confirmed that a software update it posted at 9 a.m. Eastern time caused its anti-virus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download.

McAfee could not say how many computers were affected, but judging by online postings, the number was at least in the thousands and possibly in the hundreds of thousands.

McAfee said it did not appear that consumer versions of its software caused similar problems. It is investigating how the error happened "and will take measures" to prevent it from recurring, the company said in a statement.

"Apparently DAT update 5958 deletes the svchost.exe file, which then triggers a false-positive in McAfee itself and sets off a chain of uncontrolled restarts and loss of networking functionality," the Engadget technology blog said.

"The anecdotal numbers keep rolling in, and they're not small -- 30,000 machines are knocked out here, 60,000 there. Given that the only fixes right now involve techs spending time with each affected machine individually, things could get seriously messy," Engadget said.

On its customer support site, McAfee warned: "If you have not done so already, do NOT download the 5958 DAT and disable all automatic pull and update tasks." See more instructions here.

The computer problem forced about a third of the hospitals in Rhode Island to postpone elective surgeries and stop treating patients without traumas in emergency rooms, said Nancy Jean, a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state's largest, and Newport Hospital. Jean said patients who required treatment for gunshot wounds, car accidents, blunt trauma and other potentially fatal injuries were still being admitted to the emergency rooms.

In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Arlington, Va., also lost computer access.

Intel Corp. appeared to be among the victims, according to employee posts on Twitter. Intel did not immediately return calls for comment.

Computerworld's Web site said affected PCs "have displayed a shutdown error or blue error screen, then gone into an endless cycle of rebooting, users claimed."

McAfee "has yet to produce an updated signature definition file to replace the one that crippled computers," Computerworld said.

On its site, McAfee said that "posting of the 5959 DAT file is currently in progress. It may take several hours for the new DAT file to replicate out to all McAfee download servers."

Peter Juvinall, systems administrator at Illinois State University in Normal, said that when the first computer started rebooting it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone.

"I originally thought it was a virus," he said. When the tech support people concluded McAfee's update was to blame, they stopped further downloads of the faulty software update and started shuttling from computer to computer to get the machines working again.

In many offices, personal attention to each PC from a technician appeared to be the only way to fix the problem because the computers weren't receptive to remote software updates when stuck in the reboot cycle. That slowed the recovery.

It's not uncommon for anti-virus programs to misidentify legitimate files as viruses. Last month, anti-virus software from Bitdefender locked up PCs running several different versions of Windows.

However, the scale of this outage was unusual, said Mike Rothman, president of computer security firm Securosis.

"It looks to be a train wreck," Rothman said.

Copyright 2010 National Public Radio. To see more, visit http://www.npr.org/.

More in U.S. / World

Comments

blog comments powered by Disqus