McAfee virus definition crashes Windows

Incompatibility between a recent virus remedy file and the scan engine software locks up Windows

Keeping virus scanning software files current is usually a good idea... except for today. Network Associates has confirmed a bug in the latest McAfee VirusScan's virus definition file that could cause many Windows systems to freeze during start up.

The problem is an incompatibility between a recent virus remedy file and the scan engine software in VirusScan. For those bitten by this bug, the only solution is to boot Windows in Safe Mode and disable VirusScan's system scanning at start up. Then, when an upgraded version of the scan engine is applied to the system, the user can go back and re-enable startup scans.

The virus definition file in question is version 4.0.4102. BugNet used KeyLabs to verify this bug. After downloading and installing the latest virus definition files, our computer system restarted without prompting. The test systems appeared to be starting correctly, but as soon as the logon passwords were entered, the systems froze. Even Control+Alt+Delete wouldn't invoke the Task Manager. The only alternative was to hit the power button to restart the machine.

All Windows platforms could be affected by this bug if the installed version of the VirusScan has a scan engine version of 4.0.02. To check the version number, launch VirusScan and select About from the Help menu.

According to McAfee, the virus definition file contains a driver that emulates the virus. The two-year-old antivirus scan engine does not understand the new virus definition which, in turn, causes the computer system to crash. It is important to keep these engines updated so that users can keep up with the features of the latest virus definitions. McAfee also warns users that after upgrading the scan engine, they will likely find new viruses that were on their systems but previously undetected.

When asked why the update mechanism doesn't check for compatibility before applying the update, McAfee responded by saying they didn't know, but there is probably no reason why it couldn't. Given the severity of this bug, bundling future software upgrades with the updated virus definition file would be in order.

For those bitten by this bug, the only way to thaw the system freeze is to restart the computer in Safe Mode and disable startup system scans. To do this, launch the McAfee VirusScan Scheduler. Right mouse click on McAfee VShield and uncheck both Enable System Scan and Enable Scanning of email attachments. Once this is done Windows will startup normally, albeit without virus protection. This will let the user download the latest product upgrades. Once the system is upgraded then re-enable the scanning options.

For those that haven't been affected by these system hangs, our recommendation is to not update the virus definition file until the VirusScan software is patched. The best way to get this upgrade is to download McAfee's SuperDAT updater. This program updates both the scanning engine and the virus definition at the same time. Installation is painless. Simply download the SuperDAT and run the executable. After restarting the system you should be set with the latest scan engine and virus remedy file.

Take me to the Virus Workshop

Take me to ZDNet Enterprise

To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.