Users upset after CA anti-virus detects Windows system file as virus

This CA user forum was filled with comments from confused and upset customers after the software detected a Windows system file as a virus.

(Credit: Computer Associates)

Users of Computer Associates anti-virus software were complaining on Thursday after the company's anti-virus software mistakenly identified a Windows XP systems file as a virus.

Some customers were concerned that the Windows Service Pack 3 and files from the commercial Cygwin application files deleted when they couldn't find them. However, CA said the files were intact but quarantined and the file extensions were modified.

CA said it learned on Wednesday that its software had detected the file "Win32/AMalum.ZZQIA" as a false positive and was urging customers to update Signature 6606 to address the situation.

The CA advisory reads:

"CA Internet Security Suite users should restore affected files from quarantine using the GUI. CA Threat Manager customers should search local hard drives for files with the extension .AVB and manually rename to their original file extension by removing the appended text on the original file name."

Through its customer support CA also is offering a tool to search for the affected files and restore them to the original extension.

In the meantime, CA customers were griping on the CA forum. "Shame on CA for not being on top of this," one customer wrote. "Sure things happen, I've seen game patches erase hard drives, stuff happens. But it's what you do after that defines the value of your company."

"This latest nonsense with a false positive detection that causes damage to the operating system is the last straw for me. I have had continuing problems with CA AntiVirus crashing during email downloads with Thunderbirds," wrote another customer. "I am changing to Sophos. So far, it works fine and no false positives. ... I guess CA has gotten too big and forgotten that customer service is an an important part of doing business."

[BK216]

this is the first time i've ever heard of "Computer Associates anti-virus"

I thought you mean Comodo Anti-Virus for a sec...Anywho, Avast/MSE should be the only options you consider (unless you HAVE to pay for it, then go Nod32 or Kaspersky)

[Vegaman_Dan]

Computer Associates makes a popular enterprise level AV product called 'eTrust'.

[Forked_Tongue]

Agreed I use free Avast Home on all my user machines and pay for Nod32 on the homeserver, best of both worlds.

[slickuser]

I think it did the right thing ie. found XP as a virus....

[DMAN3k]

at least it doesn't get hacked in 3 seconds.

[ballmerisanape]

Your right.. that's way too long. All you have to do is connect it to a network! Now that's real plug and play!

[Vegaman_Dan]

Geez, losers sure show up fast to troll.

Yes, the Mac got hacked in a contest. So have Windows systems. They offer different features for different people.

Drop it.

[DMAN3k]

You would think that CA would actually test the patch on the target operating system before releasing it... CA sucks.

[Arrgster]

We use Sophos, never have a problem...

[rucknrun]

I use CA it is extremely lightweight. I also got it free with a new pc. Norton was bogging down some of my older machines.

I hope I don't get home and my media server is hosed cause of this.

[Orion Blastar]

So it is true, Windows really is a virus! Hirez proof of Microsoft Malware in Windows XP SP3 code.

Just kidding.

False positives are never that fun.

[stevemoss1]

Hmmm, I don't think CA made a mistake at all - was just doing it's job.

[fmcentire]

CA is just a cluster F*** of a system. We use some of their other systems where I work and they are a problem most of the time.

[sharmajunior]

Well it makes sense. What would one expect from people who have an Associates degree in computers (LOL). They need professionals to do the job, otherwise they would keep detecting system files as viruses.

[Vegaman_Dan]

We used to use CA for AV needs at my job. I recall when it detected it own definition files as a possible trojan and locked itself down hard. eTrust had taken itself out. Heh.

[gggg sssss]

CA is still in business? I thought they were all in jail. Nobody but a bunch of S/370 coders would buy this POS thinking they are recalling their glory days when CA actually mattered. Close the book on them now.

[Inconnux]

amazing... did they even test this on one system??? I would cancel my contract immediately if I ran this anti-virus.

I had been pulling my hair out trying to figure out how I managed to get a virus, until I saw this article. Computer Associates really dropped the ball on this one.

[photohiker]

It only took me 5 days to figure out that CA int. security suite was crap. (30Day guarantee) BS! I purchased in march of this year and still haven't gotten a refund. FAXED all required paperwork twice and somehow they keep loosing it. Outsourced help from India is a joke. can't get phone help unless you pay. Radio Shack and John Walsh should be truly embarrassed to have their names associated with this company.

[iwish40]

I used to have CA and it worked fine untill about 1 month before the Subscription update. I got hit with some kind of virus, my computer came to a 20 min or longer start-up time.
Nothing would hardly work.
I contacted the Microsoft support and it took them 4 DAYS to fix my computer (At NO CHARGE), then I installed Windows OneCare and it's been fine eversince.