Many users of McAfee's virus scanning products are experiencing some real pain today due to a false positive virus alert (for the wecorl.a virus) that is resulting in dcom error reboots and in many cases the removal of the valid Windows svchost.exe from affected systems.

Despite a massive slew of articles and posts made on web sites today saying a new virus is in the wild and infecting computers (typically referring to this is a zero-day vulnerability), this is not in fact a virus outbreak, as anyone who knows how to use Google and has a remotely curious mind can discover in a matter of seconds. It’s an antivirus false-positive. The wecorl.a trojan is a couple years old, and this is not it. Even if it was a virus, it would not be zero-day.

In a nutshell, McAfee made a big mess with their AV update early this morning, and they are working feverishly to fix it. Read on.

First of all, if you're affected by the problem described below, information about a workaround fix and an update is available from McAfee at the McAfee Threat Center web site:

• False positive detection of w32/wecorl.a in 5958 DAT - http://vil.nai.com/vil/5958_false.htm

One of my own computers fell victim to this today, and I've been fighting with it since. I just got it back online, restored to normal and fully operational. My problem started at about 7am today and so I was figuring it out on my own, but the instructions McAfee has provided for the workaround/fix (linked above) are basically the same thing.

A DAT (virus definition 5958) file that appears was released earlier today has an issue that causes the valid Microsoft svchost.exe critical system file to be flagged as infected. It's not infected, though. This appears to impact primarily Windows XP SP3 computers, but it could be broader than that. As a result of the false flagging of the file, the McAfee AV software takes action, which can include doing nothing, quarantining the file, or in some cases removing it completely (that's what happened to mine).

If the file is quarantined or deleted, Windows stops working normally and a lot of the typical Windows functionality just isn't there anymore. Things like start menus, drag and drop capabilities, copy and paste in Explorer, and a whole lot more. You can still open Task Manager and launch new tasks manually, and the CMD window interface (command line shell) works just like always, so it's possible to get around to fix it up.

If you are running McAfee Virus Scan and have a signature file version 5958 (open the "about" dialog and look for the DAT version), then it appears you are affected. Rolling back to 5957.0000 (which was issued 4/20) will resolve the issue. There is also an "extra.dat" file available that can be dropped into the McAfee AV scanner's DAT directory while in safe mode, and then the computer should be restarted. Or if you're a business using EPO to centrally manage your AV system, you can push it out with that.

But if your svchost.exe file has been quarantined or deleted, you'll have to do some hands-on repair (at east for now, until a better solution is put together). The link at the top of this article walks you through what's needed.

This is a serious challenge today for McAfee. Their web sites appear to be badly overloaded and I have friends in the business who are waiting on hold with McAfee for extended periods on time. In speaking with people working at other (huge) companies, it's apparent the impact is huge and widespread. Thousands of people who should be working are dead in the water now, so to speak, with no computer to do their work on.

I hate to think what the financial impact of this is. It's got to be huge. Follow the link above and check it for updates from McAfee as time goes on.

Apple today announced a technical preview (for registered developers) of iPhone OS v4, which will be released to the public this summer.

It adds a whole slew of new features and capabilities, one of few of which will apply only to the latest models of the iPhone due to computing power requirements:

iPhone OS 4 will work with iPhone 3G, iPhone 3GS, and the second- and third-generation iPod touch this summer, and with iPad in the fall. Not all features are compatible with all devices. For example, multitasking is available only with iPhone 3GS and the third-generation iPod touch (32GB and 64GB models from late 2009).

The mail and multitasking capabilities will be big, so will the addition of eBooks (using the same store as the iPad) and the ability to organize apps on the screen into folders. Today you have to page through screen after screen, all on one “level,” but with the new OS that story changes.

At the enterprise level, there are some other substantial changes and improvements in areas such as app distribution (wireless app distribution for the enterprise is here) as well as security and device management – and all of these are important if Apple wants to make the iPhone something a secure and well-managed enterprise can leverage. Cisco and Juniper are working on SSL VPN apps to allow secure access to the enterprise, as well.

Oh, and they are adding their own advertising network to the iPhone app story, with a service called – shockingly – iAd. Go figure.

The iPad will get OS v4 this fall, according to Steve Jobs during a press Q&A session.

Too bad I don’t have a 3GS, so no multitasking for me until i replace this iPhone (which now sports a badly-cracked glass screen, but still works great).

TechCrunch reports today that Google is dog-fooding (using and testing internally) a desktop app that lets you make Google Voice calls.

Google announced the acquisition of Gizmo5 last year, a company with an app that provides Internet based calling software for mobile phones and land lines. At that time they pointed out the Gizmo5 folks would be joining the Google Voice team and working to enhance Google Voice for the future: “Gizmo5's engineers will be joining the Google Voice team to continue improving the Google Voice and Gizmo5 experience.”

This is something to look forward to. Google Voice is a great service, and filling in some of the gaps in the current offering would round it out quite well.

UPDATE: At Download Squad, their sources inside Google indicate that something is coming, as well: “…Google sources have confirmed this as well, saying "We're looking at a full, free, VOIP/SMS desktop client...It's amazing.”

Richard and I recently interviewed Nick Simons, a program manager at Microsoft who works on the Office Web Apps. He’s been there quite a while, and can say (with pride) that he killed Clippy, that annoying little character that thought he knew what you were trying to do, but often got it wrong and ultimately got removed from the office suite.

In our interview on RunAs Radio this week, Nick discusses Microsoft’s Office Web Apps and how people can use Office 2010 and the Web Apps to share and collaborate, and how it all integrates with SharePoint 2010 and Windows Live Skydrive.

He also briefly describes how they killed Clippy back in the day, and why.

Nick Simons Puts Office on the Web
RunAs Radio Show #155 -- 4/7/2010 (36 minutes)

• This week’s show page on RunAsRadio.com (with RSS feeds and various available file formats)
• Direct link to the MP3
• RSS feed to subscribe to the MP3 format

I have two different Exchange Servers and associated accounts open and active at the same time in my copy of Outlook 2010. That’s a new feature in the new version of Outlook, by the way: multiple Exchange accounts visible in one profile – Quite a great change over previous versions!

I’ve had a problem ever since installing this beta copy of Office 14, though. In the to-do bar (that sidebar thing on the right side of the Outlook window that shows you a bunch of info such as monthly calendars, upcoming appointments, contacts, tasks, etc.) the calendar from which appointments were being displayed was not the calendar I wanted. The info being shown there was not useful, because that calendar wasn’t the one I use.

So, I was trying to figure out how to change the calendar displayed there to the one associated with my other Exchange account. How Outlook chose which calendar to display, as far as I could tell, was a matter of which Exchange Server I set  up first when I installed Outlook.

I tried a number of things, including looking at every setting available in Outlook’s Options screens, changing the default mail account in the Outlook account properties dialog, and searching the registry for info, but in the end it was something much simpler. It took a bit of trial and error, but I finally figured it out.

What fixed it was calling up the account info screen (File > Info), then opening the “Account Settings” dialog, switching to the “Data Files” tab, highlighting the OST file associated with the account that contains the calendar I wanted to have displayed, and then clicking the “Set as Default” button. Then I closed the dialog box, shut down Outlook and restarted it, and lo and behold the correct calendar was showing. Freakin’ magic, I tell ya.

You’d think this solution might be a bit easier to find (I searched far and wide in the help and on the web), but at any rate it’s fixed now. And since I will probably forget the next time I need to do this, here it is recorded for posterity’s sake.

The Outlook Blog has a bunch of cool info about the Outlook 2010 version that users should find interesting and useful. Anyone know any other cool little tweaking tricks for Outlook 2010 that people should know about?

I drove down to Best Buy today to check out the iPads they had on display and for sale. It was about 1:30 p.m. when we arrived and they still had quite a few in stock, but only the 32GB and 64GB models. The 16GB iPads had sold out just before we arrived.

My impressions of the device were this: It was a little heavier than I thought it would be, and a little thicker feeling, but a nice size. It has a great display and is very snappy and responsive. The iPhone apps displayed at 2x resolution were generally pretty blocky looking, but useable at least until a higher-resolution version is released. I wouldn’t want to keep viewing some of them for too long just because it was hard to look at them that way for more than a few minutes. Maybe I’m just spoiled.

Why do I want one of these things? There are a variety of reasons, but one particular reason tops my list. I’m very much looking forward to running ForeFlight Mobile HD on the iPad in the future. The picture on the right shows a couple cool screens of the aviation application revamped for the iPad’s larger display. They’ve iPad-ified acreens for plates, maps, weather, downloads, and airport data. They’ll be adding a bunch of other iPad enhancements in a future update.

Anyhow, back to my check-out-the-iPad experience… The Best Buy sales guy said ( in a “you didn’t hear it from me” sort of way) that they would have another shipment of them in next Sunday. For what it’s worth. I asked for and got a paper from the guy entitling me to go to the front counter and pick up a 32GB model and continued to shop at the store. But, as I thought about it I kept returning to my position over the past few days: The iPad doesn’t have enough value for me without the 3G radio built in. I was considering buying one for use around the house, but just couldn’t justify buying two of these in the first month.

So, I returned the paper to the floor sales guy and said thanks, but I was going to wait for the 3G models. He nodded and said he understood.

It’s a cool device with a nice interface. It’s a lot like a big iPod Touch or iPhone, as the kids pointed out. But it also can do more than the smaller devices in terms of app capabilities and performance.

I’ll pick one up once the 3G models are out. For now, I’ll wait.