McAfee virus bug crashes Windows

Incompatibility between a recent virus-remedy file and the scan engine software is locking up Windows.
Written by Eric J. Bowden, Contributor
Incompatibility between a recent virus remedy file and the scan engine software locks up Windows.

Keeping virus scanning software files current is usually a good idea ... except for today.

Network Associates Inc. has confirmed a bug in the latest McAfee VirusScan's virus definition file that could cause many Windows systems to freeze during start up.

The problem is an incompatibility between a recent virus remedy file and the scan engine software in VirusScan.

For those bitten by this bug, the only solution is to boot Windows in Safe Mode and disable VirusScan's system scanning at start up. Then, when an upgraded version of the scan engine is applied to the system, the user can go back and re-enable startup scans.

The virus definition file in question is version 4.0.4102.

BugNet used KeyLabs to verify this bug. After downloading and installing the latest virus definition files, our computer system restarted without prompting, making us a little concerned right from the get go. The test systems appeared to be starting correctly, but as soon as we entered the logon passwords, the systems froze. Even Control+Alt+Delete wouldn't invoke the Task Manager. The only alternative was to hit the power button to restart the machine.

All Windows platforms could be affected by this bug if the installed version of the VirusScan has a scan engine version of 4.0.02. To check the version number, launch VirusScan and select About from the Help menu.

According to McAfee, the virus definition file contains a driver that emulates the virus. The two-year-old anti-virus scan engine does not understand the new virus definition which, in turn, causes the computer system to crash.

It is important to keep these engines updated so that users can keep up with the features of the latest virus definitions. McAfee also warns users that after upgrading the scan engine, they will likely find new viruses that were on their systems but previously undetected.

When asked why the update mechanism doesn't check for compatibility before applying the update, McAfee responded by saying they didn't know, but there is probably no reason why it couldn't. Given the severity of this bug, bundling future software upgrades with the updated virus definition file would be in order.

For those bitten by this bug, the only way to thaw the system freeze is to restart the computer in Safe Mode and disable startup system scans.

To do this, launch the McAfee VirusScan Scheduler. Right mouse click on McAfee VShield and uncheck both Enable System Scan and Enable Scanning of e-mail attachments.

Once this is done Windows will startup normally, albeit without virus protection. This will let the user download the latest product upgrades. Once the system is upgraded, then re-enable the scanning options.

For those that haven't been affected by these system hangs, our recommendation is to not update the virus definition file until the VirusScan software is patched.

The best way to get this upgrade is to download McAfee's SuperDAT updater. This program updates both the scanning engine and the virus definition at the same time.

Installation is painless. Simply download the SuperDAT and run the executable. After restarting the system you should be set with the latest scan engine and virus remedy file.

Editorial standards