Posted by: David Stewart | April 21, 2010

The virus scanner that ate my co-workers

Fortunately, I escaped today, other than a mild brush with netlessness. But others were not so lucky.

I was working through my first meeting of the morning (a call with someone in India) and we got a building PA announcement about a “widespread network outage”.

This alone was an amazing thing – in over 13 years at my company, the only time the PA system is used is to announce a total building evacuation. I have never heard of an IT outage being announced over the building public address system. But My PC seems OK, so I don’t worry too much about it.

The next meeting I dial into, I start hearing more scary reports about people’s PCs which are rebooting continuously. “Get off the network now – if you know what’s good for you.” You don’t need to tell me twice.

After about an hour of working offline, we get an “all clear” announcement, so I get back online. And then I start hearing reports about how widespread the issue has become.

I ran into Dawn Foster who told me that the outage was due to a bad DAT file from McAfee, and it affected Windows XP machines worldwide. This report in Engadget gives more details.

So for those corporations and organizations which have not upgraded from Windows XP yet and are using the McAfee virus scanner, they got a new virus definition file (known as a “DAT” file) from McAfee and distributed them to their PCs. The update caused a critical Windows system file to be removed (svchost.exe) and PCs began failing in large numbers.

I’m sure that when this news works itself out, there will be winners and losers.


  • People running Windows Vista or Windows 7. The people with Macs or other OS’s are being pretty smug today too.
  • Microsoft – “hey, we told you not to run Windows XP any more. We’re serious!”
  • Symantec, the other major anti-virus vendor, must be smiling quite broadly.


  • McAfee, it goes without saying. They have long been a trusted supplier. Trusted so much that organizations would distribute their virus signature files without checking them thoroughly.
  • IT organizations, who trusted some things that they maybe should not have.
  • Regular people – I had to cancel some really important meetings because key co-workers had a non-functional PC.


  1. Add lazy people who didn’t upgrade / patch their systems to list of winners. DAT 5958 only adversely effected XP Systems w/ SP3 on them – and then, only some of them – thankfully for me and my staff.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: