McAfee has identified an issue where a specific DAT file version is causing a false positive detection of the w32/wecorl.a virus. When this false positive occurs, Svchost.exe is blocked and quarantined, which will cause the machine in question to shut down with a DCOM error, and can in some circumstances cause a blue-screen. This issue appears to only occur on Windows XP SP3 clients.
This issue is known to occur with version 5958 of the McAfee DAT file, released on April 21, 2010. McAfee has released an EXTRA.DAT file to suppress this false detection. After installing the EXTRA.DAT, you can restore the effected file from Quarantine within McAfee. To restore a file from Quarantine, please carry out the following steps:
1. Open the VirusScan Console.
2. Double-click Quarantine Manager Policy.
3. Click the Manager tab.
4. Right-click the required item and select Restore.
For more information, please refer to the following McAfee articles: