Hollywood-Backstage
McAfee Release SuperDAT to fix 5958  
McAfee Release SuperDAT to fix 5958
Hollywood Backstage Staff Writer 
Thursday, April 22, 2010 Santa Clara, CA

In a new development, McAfee has released a SuperDAT patch to fix computers affected by the "false positive error." The SuperDAT file can be downloaded for free from McAfee. It is an executable file that will stop the driver from blocking the computer and restore the svchost.exe by looking in the system directory dllcache folder. If the svchost.exe is present in this folder, it will restore the file. If it is not present, SuperDAT attempts to restore from the Windows Servicepackfiles i386 folder. Here is more information and download from McAfee for the "SuperDAT Remediation Tool."

Urgent Alert: McAfee has released a Recovery SuperDAT to address the W32/Wecorl.a false detection in 5958.  The public KB has been updated to included recover/remediation details for both home and corporate users. The SuperDAT can be downloaded at the McAfee official web page:

www.mcafee.com/us/threat_center/default.asp

The SuperDAT procedure recommended as Solution 1 for the "false positive error."

McAfee has developed a SuperDAT remediation Tool to restore the svchost.exe file on affected systems.

What does the SuperDAT Remediation Tool Do?
The tool suppresses the driver causing the false positive by applying an Extra.dat file in c:\program files\commonfiles\mcafee\engine folder. It then restores the svchost.exe by looking first in%SYSTEM_DIR%\dllcache\svchost.exe. If not present, it attempts a restore from the following:

  • %WINDOWS%\servicepackfiles\i386\svchost.exe
  • Quarantine.
After the tool has been run, restart your computer.

Recommended recovery SuperDAT procedure

  1. From a computer that has Internet access, locate and download the Recovery SuperDAT at http://download.nai.com/products/mcafee-avert/tools/SDAT5958_EM.exe and save it to portable media.
  2. Take the portable media to each affected computer and run the tool. 

    NOTE: If you are not able to run the tool on the affected computer, (re)start your computer in Safe Mode. 
    For instructions on starting in Safe Mode, see http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx?mfr=true 

  3. Run the Recovery SuperDAT tool.
  4. Restart in normal mode.
  5. Use the product update to update to DAT 5959.

NOTE: The previous article from HollywoodBackstage.com about the original response to the 5958 "false positive error" can be found on this page.