Mcafee DAT 5958 Fix

As many people are already aware, McAfee released DAT 5958 today. This DAT contained a fault, which caused issues in hosts running Windows XP SP3. The fault led to a false detection of the W32/Wecorl.A worm, which was an MS08-067 based worm. This resulted in McAfee nuking svchost.exe killing all win32 services on the machine. This results in a laundry list of problems. The way to fix machines impacted by this is simple:

1. Boot the machine into safe mode
2. Take the extra.dat file mcafee is providing and load it into c:\program files\common files\mcafee\engine
3. Copy svchost.exe from c:\windows\servicepackfiles\i386\svchost.exe to c:\windows\system32\svchost.exe and c:\windows\system32\dllcache\svchost.exe
4. Reboot

This should remove the faulty signature and replace the damaged svchost from the the servicepack files. This test has been tested and works within our company. We have rolled it into a quick exe package for ease of use.