On Wednesday (2010/04/21), millions of computers came to a dead halt when McAfee Antivirus falsely identified a normal Windows update file (svchost.exe) as infected with the malware name “Wecorl.a”, causing machines to either crash or enter an endless shutdown – reboot cycle. This false positive affected Windows XP SP3 systems, disabling computers in schools and hospitals, and even halting production lines in some industries.

McAfee quickly called the fix into action, dedicating its staff of more than 7,000 to fixing the problem. False detections occuring with antivirus detection is something which can’t be accepted.

The company’s official response to the false positive issue, from the McAfee website, is as follows:

• McAfee is aware that a number of customers have incurred a false positive error due to the release of the 5958 virus superdat definition file at 2:00 p.m. GMT+1 (6 a.m. PDT) on Wednesday, April 21.
• Our initial investigation indicates that the error can result in moderate to significant issues on systems running Windows XP Service Pack 3. If you are one of those impacted, we understand that this is a significant event for you and we’re very sorry.
• McAfee is taking every measure to prevent this from reoccurring.
• McAfee employees are working with the highest priority to support impacted customers. We have released updated virus definition files that do not contain the problem (DAT 5959 and higher) and are providing customers with detailed guidance on how to repair impacted systems.

Hackers of course quickly jumped on the bandwagon, putting up websites and adding SEO techniques that claimed to help you solve the problem but instead led straight to malicious links.