How to recover from McAfee 5958 DAT

Recommended Manual Recovery Procedure using the Extra DAT where DAT 5958 is currently installed

1.      Locate the extra.dat from here and unzip

2.      Boot in safe mode with “Network Option“ enabled

3.      Copy Extra DAT into c:\program files\commonfiles\mcafee\engine

4.      If svchost.exe exists in (c:\windows\system32) and is not a “0“ byte file, skip to step 5

5.      If svchost.exe deleted,  Pull up the VSE console and open “Quarantine manager“

Click on the detection and select “Restore“

1)      If the VSE console does not come up:
C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone
This will pull up the VSE console. Click on the detection and select “Restore“

2)      If steps  4 and 4.1 do not work OR if svchost.exe is “0“ bytes:

a.       When possible Copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present c:\windows\system32\dllcache\svchost.exe

b.      Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same OS) from external media (USB, CD etc.)

If  “paste“ is grayed out, use the following commands:

Start -> run -> cmd            

Run the following command “copy from [source\filename] to [destination\folder]“

Example:  copy x:\svchost.exe c:\windows\system32

6.      Reboot in normal mode

7.      Use the product update to update to 5959

8.      Delete the Extra DAT file in c:\program files\commonfiles\mcafee\engine

 

Alternate Manual Recovery Procedure using DAT 5959 where DAT 5958 is currently installed

1.      Boot in safe mode with “Network Option“ enabled

2.      If svchost.exe not deleted (look in c:\windows\system32\svchost.exe) and is not 0 byte then network connection should be possible - skip to step 5

3.      If svchost.exe deleted or if it is “0“ bytes, then network connection may not be possible

4.      If svchost.exe deleted,  Pull up the VSE console and open “Quarantine manager“

Click on the detection and select restore

1)      If the VSE console does not come up:

C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone

This will pull up the VSE console

2).    If steps 4 and 4.1 do not work OR svchost.exe is “0“ bytes:

a.       When possible Copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present c:\windows\system32\dllcache\svchost.exe

b. Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same OS) from external media (USB, CD etc.)

If “paste“ is grayed out, use the following commands:

Start -> run -> cmd

Run the following command “copy from [source\filename] to [destination\folder]“

Example:  copy x:\svchost.exe c:\windows\system32

5.      Download the 5959 SuperDAT from here

6.      Run the SuperDAT program

7.      Reboot in normal mode

 

via vil.nai.com

Almost everyone at work in the office today spent most of the day recovering from the McAfee 5958 DAT problem. Here, http://vil.nai.com/vil/5958_false.htm, are instructions for recovery if you use McAfee at home and your Windows XP computer continues to reboot following the McAfee update being installed earlier today.

Posted via web from Arizona and Beyond

Sphere: Related Content