An Avast virus definition file update late Wednesday accidentally marked hundreds of legitimate files as threats. The Czech Republic-based publisher Alwil responded quickly, issuing a fix less than six hours later, but some users are still dealing with the aftermath.
Restoring files improperly flagged as threats worked fine on my work computer, but not at home.
(Credit: Screenshot by Seth Rosenblatt/CNET)Going through Avast's forums, the Avast-written guide for rescuing files falsely marked as threats should be quite simple. Force an Avast update, then from the main interface go to Menu, then Virus Chest. Right-click on the file in the chest you want to resuscitate, choose Scan to double-check that it's not a threat, then right-click on it again and choose Restore. Avast cautions that if that fails, you can choose Extract to put the file back where it came from.
For some instances of the Avast 5 beta and Avast 4.8, this doesn't work. The best solution I've found is the most annoying: run the installation file again. This certainly takes longer, but right now I've been unable to find any other solution that can be applied across the board. The one saving grace about reinstalling is that, at least for the files on my home computer that were affected, I didn't need to reconfigure any of the settings. The KMPlayer, IOBit Smart Defrag, and Find and Run Robot all retained their previous DLLs and other settings.
Keep in mind that this isn't the first over-eager definition file update. Two of the more recent ones include an incident from July that saw an update from Computer Associates flag a Windows XP system file as a virus, and last year AVG falsely identified a file from security provider ZoneAlarm as a virus.
If you're continuing to have problems from the Avast update, let us know in the comments below.
(Credit:
Avast)
Czech Republic-based Avast issued an update late on Wednesday to its antivirus software that mistakenly flagged hundreds of innocent files as a Trojan. It fixed the situation five and a half hours later.
Falsely labeled as malware were programs from Adobe, Realtek, sound card drivers, and various media players, among others, according to a blog post on the Avast Support Center.
The errant update had been issued around 12:15 a.m. GMT. A new update was issued at 5:50 a.m. GMT that corrected the problem. Customers who did not use their computers between that time will most likely not be impacted, the company said.
The software was identifying the good files as the Win32:Delf-MZG Trojan, according to Avast.
Avast, based in Prague, did not respond to an e-mail late on Wednesday seeking comment.
False positives happen in the industry. In July, Computer Associates' antivirus software was falsely tagging a Windows XP system file as a virus, and last year AVG falsely identified a file from security provider ZoneAlarm as a virus.
(Credit:
AVG)
AVG's free antivirus product temporarily blocked users from getting to iTunes late last week, detecting it as a Trojan, the company said on Monday.
For about five hours on Friday starting around 4 p.m. PDT, AVG users couldn't access iTunes because of the false alarm.
"AVG discovered the false alarm in the virus signature engine relating to some localization components of iTunes (so not iTunes as a virus but rather some localization components of iTunes) and it was fixed within 5 hours," AVG spokesperson Siobhan MacDermott said in a statement. "AVG would like to apologize for any inconvenience to our users/customers."
AVG was alerted to the problem by customers, who were posting to the AVG and iTunes forums.
While irregular, false positives do happen. Last year, AVG flagged ZoneAlarm as malware and a Windows system file as a Trojan. And earlier this month, Computer Associates' antivirus software mistakenly identified a Windows XP systems file as a virus.
This CA user forum was filled with comments from confused and upset customers after the software detected a Windows system file as a virus.
(Credit: Computer Associates)Users of Computer Associates anti-virus software were complaining on Thursday after the company's anti-virus software mistakenly identified a Windows XP systems file as a virus.
Some customers were concerned that the Windows Service Pack 3 and files from the commercial Cygwin application files deleted when they couldn't find them. However, CA said the files were intact but quarantined and the file extensions were modified.
CA said it learned on Wednesday that its software had detected the file "Win32/AMalum.ZZQIA" as a false positive and was urging customers to update Signature 6606 to address the situation.
The CA advisory reads:
"CA Internet Security Suite users should restore affected files from quarantine using the GUI. CA Threat Manager customers should search local hard drives for files with the extension .AVB and manually rename to their original file extension by removing the appended text on the original file name."
Through its customer support CA also is offering a tool to search for the affected files and restore them to the original extension.
In the meantime, CA customers were griping on the CA forum. "Shame on CA for not being on top of this," one customer wrote. "Sure things happen, I've seen game patches erase hard drives, stuff happens. But it's what you do after that defines the value of your company."
"This latest nonsense with a false positive detection that causes damage to the operating system is the last straw for me. I have had continuing problems with CA AntiVirus crashing during email downloads with Thunderbirds," wrote another customer. "I am changing to Sophos. So far, it works fine and no false positives. ... I guess CA has gotten too big and forgotten that customer service is an an important part of doing business."
On Tuesday an update for AVG 8 suggested that a Windows system file is a Trojan horse, and users who delete the file form the system could leave their Windows XP systems endlessly rebooting or unable to reboot at all. The problem only affects users of AVG 8 products running the Dutch, French, Italian, Portuguese, and Spanish language versions of Windows XP. AVG immediately sent out a corrected update to its customers, including those using the free editions of AVG.
A representative for AVG said, "AVG is actively working to remedy the problem some users are experiencing related to the most recent update to commercial and free versions of AVG 7.5 and AVG 8.0 in some languages. A number of users who installed the update mistakenly received a warning that the Windows system file user32.dll product version 5.1.2600.3099 was infected with a Trojan virus and were prompted to delete a file essential to the operation of Windows XP."
In response, the Czech antivirus company has posted details and a fix tool on its site.
For users unable to use their Windows XP machines, AVG says they "should contact their AVG reseller or ask a friend to download the information and fix tool for them."
AVG has suffered some embarrassing glitches of late. Last month, an AVG update declared some ZoneAlarm firewall files to be part of a Trojan horse. In July AVG had to reconfigure its Linkscanner tool after various Web sites complained about the increased traffic as a result of the tool's proactive scanning for malware.
Grisoft, makers of AVG antivirus, on Wednesday released a new update addressing a false positive in another security product.
On Tuesday, AVG users reported desktops warnings that their desktop was infected with something called Trojan Agent r.CX. Some files within zlsSetup_70_483_000_en[1].exe, a compressed file containing dormant set-up files for Check Point's ZoneAlarm, apparently set off the alarm. The ZoneAlarm user forum soon filled with concerned users.
Grisoft did not respond to a request for comment.
Laura Yecies, vice president and general manager of Check Point's ZoneAlarm consumer division said, "as soon as Check Point learned that AVG's recent antivirus update was mistakenly flagging a ZoneAlarm file as a virus, we contacted AVG and they issued an update within hours that corrected the problem. AVG users will automatically get the update that corrects the issue."
In July, Grisoft modified its free AVG 8 due to complaints about a proactive scanning of a Web site feature. The feature that had been enabled in the paid version of the product did not scale with the free release causing spikes in Web traffic.
- prev
- 1
- next
