McAfee Virus (false positive)

McAfee VSE 8.7 with DAT 5958 falsely detects C:\Windows\System32\svchost.exe as W32/Wecorl.a

It then deletes the file, which causes the following error:

System restart in 60 seconds: DCOM Server Process Launcher service terminated unexpectedly.

This can be aborted by typing shutdown -a

However if you do this, you will have lost your svchost.exe file. If you leave the machine to reboot it's likely that the svchost.exe file will be recreated, but it will then get detected again and deleted and another reboot will occur. This will also happen in safe mode if the file is scanned.

To resolve the issue, either rollback to DAT 5957 or upgrade to a newer DAT.

This can be tricky with a missing svchost.exe file though, as you will have no network and no USB drive support. The 5957 super dat can be installed with the /f option from a CD or the 5959 super dat can be installed by double clicking the file from a CD.

Once you are no longer on 5958 you can recover the svchost.exe file, either by restoring from the quarantine or copying from a known good machine.