http://www.incidents.org/diary.html?storyid=8656 Signatures update 5958 locks out Windows XP SP3 clients deleting or putting in quarantine the file svchost.exe.

It is definitely not the first time an antivirus delete a critical file on an operating system (eg. AVG removing user32.dll, Symantec update that affected millions of PCs or BitDefender update that caused 64-bit Windows machines to stop working).

Looking at the different posts on various mailing-lists, it appears that some people now need to manually fix up to thousands of PCs depending of the size of their network.

It's time if it's not already done to review your antivirus procedures to include testing and deployment strategies: all signatures won't be deployed on all PCs at the same time. As well as documenting the process you need to follow if you have a new virus that is not detected, you need also to document what you can do if you have a false positive. And... keep your antivirus vendor support contact numbers up-to-date in case you need them!

If it's too late: http://vil.nai.com/vil/5958_false.htm