Please read the announcement posted at McAfee's VirusScan Enterprise Forum:
'McAfee is aware of a w32/wecorl.a false positive with the 5958 DAT file dated April 21 at 2:00pm (GMT +1). McAfee advises NOT to download this DAT. Please disable pull tasks and update tasks.
Information updates will be given every 90 minutes through our Support Notification Service (SNS).
To sign up for SNS, go to: http://my.mcafee.com/content/SNS_Subscription_Center.
Update: McAfee has developed an EXTRA.DAT to suppress this detection. This EXTRA.DAT does NOT repair affected systems. See http://community.mcafee.com/docs/DOC-1374 for the EXTRA.DAT.
Details are in KB68780. '
See: EXTRA.DAT to suppress detection of Announcement: w32/wecorl.a false positive with the 5958 DAT file.
As Per: McAfee DAT 5958 Update Issues
Last Updated: 2010-04-21 16:39:47 UTC
by Guy Bruneau (Version: 1)
We have received several reports indicating some issues with McAfee DAT 5958 causing Windows XP SP3 clients to be locked out. It is affecting svchost.exe. Here is an example of the message:
The file C:WINDOWSsystem32svchost.exe contains the W32/Wecorl.a Virus. Undetermined clean error, OAS denied access and continued. Detected using Scan engine version 5400.1158 DAT version 5958.0000.
McAfee has posted additional information here.
Symptoms are: reboot loops and networking down. Trying to roll back to last version is difficult.
Early analysis leads us to believe the false positive only occurs on WinXP workstations with SP3 installed.
Dennis indicated that for him it appears to only affect systems connected to the internet and/or non-domain members. Workstations on the domain with the bad DAT appear do not appear to be affected.