Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => USA Education Products => Topic started by: Sterling on May 06, 2015, 09:10:24 PM

Title: Win32:Kryptik-PFA
Post by: Sterling on May 06, 2015, 09:10:24 PM
I am all of a sudden receiving reports from several computers with the following message regarding Win32:Kryptik-PFA:

File "C:\Windows\System32\ZenLgn.dll" is infected by "Win32:Kryptik-PFA [Trj]" virus.
"File System Shield" task used
Version of current VPS file is 150506-3, 05/06/2015


How do I know if Avast truly resolved the issue, quarantined it or just left it untouched? 
Title: Re: Win32:Kryptik-PFA
Post by: JeffG on May 06, 2015, 09:21:43 PM
If you check the Avast End-Point forum this is apparently widespread.  Sounds like a bad Avast Virus Definition update.  Hopefully Avast is working on the issue.
Title: Re: Win32:Kryptik-PFA
Post by: ggathagan on May 06, 2015, 09:25:52 PM
I believe we have a problem with virus definition updates.
I received an identical quarantine notice for three DLL files, one from my email program and two from my video driver.
The email DLL has a file date of 14 November-2014. The other two files are dated 2-July-2014.
I disabled Avast via the shields control and restored the files from quarantine.

I hope this gets fixed quickly. I don't relish the thought of our IT staff having to go through the same issue with all 400 members of our organization.
Title: Re: Win32:Kryptik-PFA
Post by: Eddy on May 06, 2015, 09:34:25 PM
Submit it to avast as a possible false positive:
https://blog.avast.com/tag/false-positive/
Title: Re: Win32:Kryptik-PFA
Post by: Sterling on May 06, 2015, 09:43:30 PM
I will submit it as a false-positive but it is running ramped on many files. Do I need to submit it as a false positive for each file reported?
Title: Re: Win32:Kryptik-PFA
Post by: ederm on May 06, 2015, 10:02:01 PM
Same problem at our institution.... Not good... :(
Title: Re: Win32:Kryptik-PFA
Post by: phungn55 on May 06, 2015, 10:09:45 PM
So when we can have a solution to this false positive problem?
Title: Re: Win32:Kryptik-PFA
Post by: helpdesk22 on May 06, 2015, 10:10:48 PM
We are also experiencing the same issue -- since about 10:30AM Pacific.
Title: Re: Win32:Kryptik-PFA
Post by: sappelhans on May 06, 2015, 10:15:47 PM
Same here, we have thousands of messages with files being moved to chest and its even flagging the Chrome executable.
the Virus page at avast shows that
https://www.avast.com/en-us/virus-update-history shows ...

6.5.2015 - 150506-3
This VPS update contains only fixes to existing definitions or removal of false alarms.

but we are still getting thousands of notifications.
Title: Re: Win32:Kryptik-PFA
Post by: edanderson on May 06, 2015, 10:18:42 PM
There's some discussion here, too: https://forum.avast.com/index.php?topic=170705.0

Based on the discussion here I'm changed the "Action" on my "File System Shield" to "Do Nothing" across the board (at the root of my "Computer Catalog"). This stopped the files from being put into the "Virus Chest" but I'm still receiving notifications.