What To Do if McAfee Virus Scan Update 5958 Crashes Your Windows XP Computer (or destroys svchost.exe)

You’ve probably heard about it already – a recent update to McAfee Virus Scan update caused the program to unintentionally damage Windows system files.  Symptoms include (but are not limited to):

  • Loss of internet connection
  • Can’t copy and paste
  • Can’t drag and drop files
  • Missing task bar/Start menu

This problem can render your computer completely useless until you fix the damage that was done by McAfee.  We’ve put a preliminary guide together – please let us know if it works in the comments (or if you have additional symptoms or solutions).

You may see an error similar to the one shown below if you are experiencing this problem:

Which reads:

“Windows is must now restart because the DCOM Server Process Launcher service terminated unexpectedly.”

Before you follow this guide, please note the following.

The fix for the McAfee Update 5958 problem is fairly straightforward, but you should be comfortable with working in Safe Mode and using a command prompt before proceeding.

If you do not feel comfortable with the material presented in this guide, please consult an authorized repair technician.

Method 1 (New 04/22/10)

A tool was released today from McAfee which should be able to perform the procedure explained in Method 2 automatically.  Please note that we have yet to extensively test this method, so post please post your experience in the comments if you use it.

Step 1: From a working computer, download the McAfee Remediation Tool and save it to a USB flash drive or burn it to a CD.

Step 2: Boot the affected computer into Safe Mode by tapping the F8 key as it starts up.  You will eventually see a black screen with several options, select Safe Mode as shown below.  You may also be prompted to select an operating system (even if only one is present).

Step 3: Run the McAfee Remediation Tool on the affected computer.  If you are unable to access My Computer because of a missing task bar or Start menu, press Windows + R to bring up a Run dialog, type the following command, and press enter.

EXPLORER.EXE /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

Step 4: Restart your computer, it should now operate properly.

Method 2

Step 1: You need to download the EXTRA.DAT fix that McAfee released after the problem occurred.  Since you probably can’t download this from your own computer, you will need to find a working computer and put it on a USB flash drive or burn it to a CD.

You may also need a copy of svchost.exe.  A backup version of this file may already exist on your computer, but if it doesn’t you can obtain it from a Windows XP installation disc.  More on this will be covered in Step 3.

Step 2: Boot the affected computer into Safe Mode by tapping the F8 key as it starts up.  You will eventually see a black screen with several options, select Safe Mode as shown below.  You may also be prompted to select an operating system (even if only one is present).

Windows will notify you about Safe Mode.  Click Yes to proceed.

Step 3:  Press and hold the Windows key and tap the R key.  This will bring up a Run prompt.  Type C:/Windows/ServicePackFiles in the prompt and press enter.

If this folder does not exist, proceed to Step 3.5.

If the ServicePackFiles folder exists, press Windows + R again and type cmd.  Press enter and you will see a command prompt.  Type the following commands in succession, pressing Enter after every line (please note that the direction of the slashes matters here!):

copy “C:\Windows\ServicePackFiles\i386\svchost.exe” “C:\Windows\System32” /Y

copy “C:\Windows\ServicePackFiles\i386\svchost.exe” “C:\Windows\System32\dllcache” /Y

Step 3.5: (Only follow this step if the ServicePackFiles folder does not exist):  You need to obtain a clean copy of the svchost.exe file.  The best way to do this is with a Windows XP installation disc.

Put the disc in your optical drive, press Windows + R, and type CMD.  You need to navigate to the the CD by typing in the drive letter followed by a colon.  In my example, the optical drive is called D.  I would type D: in the command prompt and press enter.

You then need to type the following commands in succession, pressing Enter after every line.

cd i386

expand svchost.ex_ C:\Windows\System32

Step 4: Finally, you need to copy the EXTRA.DAT file you downloaded in Step 1 to the computer.  Press Windows + R and type cmd.  Then navigate to your flash drive by typing the drive letter followed by a colon, then press enter.

For example, my flash drive is called G, so I typed G: and pressed enter.  You can type dir and press enter to view the contents of the directory to verify EXTRA.DAT exists.

To copy the file, type the following command and press enter:

copy EXTRA.DAT “C:\Program Files\Common Files\McAfee\Engine”

Step 5: Restart your computer.  Now that you’ve replaced svchost.exe and copied EXTRA.DAT, your computer should now start properly and operate normally.  If you continue to have problems, or have information that could be beneficial to include in this guide, please post in the comments below.

So What Exactly Happened?

What went wrong? The shortest explanation is that McAfee inadvertently flagged an important Windows system file, svchost.exe, as a virus and attempted to remove it.  This is what caused Windows to reboot and all the other problems.  In some cases svchost.exe was not damaged, but in all instances I saw today it needed to be replaced.

What does this guide do? This guide replaces your damaged svchost.exe file with a good version, and also applies an update to McAfee so it will no longer see svchost.exe as a virus.

That sounds simple, what’s with all the command line stuff? After svchost.exe was damaged, it unfortunately removed simple-but-critical features in Windows like drag and drop or copy and paste.  Most of the commands performed in this guide simply copy files, but since you can’t do it through the graphical operating system anymore it becomes a little more complicated.

Will this happen again? Probably not.  This event was very unlikely (and will be better guarded against in the future, I would imagine) – so it still remains critical that you keep your antivirus software and operating systems up to date.  Unfortunate incidences like this can happen, but most of the time updates do more good than harm.

I had something different happen! Please let us know in the comments below!  It will help us make this guide better.