Avast WEBforum
Other => Viruses and worms => Topic started by: Tsimmes on December 03, 2009, 02:11:59 AM
-
Avast updated itself about 15 minutes ago and within two minutes began reporting many, many instances of Win32:Delf-MZG in many of my files, including those that had been on my computer for a very long time. I did a boot scan with instructions to move malware to the chest and before I knew it almost twenty files had been moved before I stopped the boot scan. Something seems very wrong here--can these all be false positives?
-
Latest VPS file (4091203-0) is detecting the following files as having Win32:Delf-MZG.
TUGZip\TzShell.dll
TUGZip\TzUpdate.exe
TUGZip\TzSFX.exe
TUGZip\TzScript.exe
TUGZip\TUGZip.exe
ACER eSettings\awcomm.dll
Spybot\SDHelper.dll
Spybot\UninsSrv.dll
Skype\Plugin Manager\skypePM.exe
... More?
Definitely looks like false positives. Needs to be fixed.
-
The same thing happened to me. Apparently Skype decided to turn bad on us.
-
Okay. Looks like this isn;t my computer. Too bad I moved that supposed trojan to the chest. It disabled my anti-spyware programs. Is there some way to reverse that? Worse comes to worse, I can just re-install them.
-
Lots of folks on DSLreports.com stating same thing. I had it claim speedfan, Anydvd and Alcohol120 all had exact same Malware (Win32:Delf-MZG[Trj])
Hopefully this will get fixed soon...
-
C:\Program Files\Skype\Plugin Manager\skypePM.exe
So I am not the only one with this problem, I suppose :P
-
Many PCs in our office are also picking this up. We are actually a software development house and circumstantial evidence is pointing to some Delphi code being flagged as a virus.
All of the software we write is now being flagged as being infected by the Win32:Delp-MZG Trojan - this is obviously a BIG problem for us - I've advised our Tech Support team to be ready for an influx of calls.
Lee.
-
This problem has occurred before. It sucks. I know.
Spyware Doctor for me, but thats it.
Taking no action seems to be alright.
-
i have updated my avast home antivirus just few minutes ago on both my desktop and laptop computer running win xp pro and media version and after booting up avast have detected several scr and exe files (so many , including trusted files cybersitter,skype pm,speedmypc, renamemaster,searchandrecover files) having been infected by 2 trojans?? . :(
win32.delf.mzg (trj)
win32.zbot.mkk (trj)
, i think this is false positive error from avast update dec 03, 2009.
please fix.:'(
thanks
-
Hi there,
This happened with me too, after up to date this early morning and then avast detected some file at my windows and avast library file was infected by this variant trojan :
avast! [User]: File "C:\Program Files\Alwil Software\Avast5\redemption.dll" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "C:\Windows\Installer\6976fe.msi|>Product.CAB|>PluginManagerExe" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "C:\Windows\Installer\6976fe.msi|>Product.CAB|>PluginManagerUtils" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "C:\Windows\Installer\6976fe.msi|>Product.CAB|>PluginManagerExe" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "C:\Program Files\Skype\Plugin Manager\skypePM.exe" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
Some file has been quarantined by avast, but some file deleted by avast. ??? ???
Is it FP or real infected?
For quarantined files, i submit it already to avast with avast 5 features.
-
Avast detected KMplayer as a virus... come on!!! KM player is just a ovie player... i clicked on teh "not do anything" button, but it blocked the KMPLAYEr so i unninstalled it and when i tried to install it again i got like 10 virus alerts, and i didnt even clicked on anything i just closed them, but it is still blocked can't seem to make it work. It also said that a screensaver was a trojan, come on it's .SCR it's not a trojan! can someone fix this?
-
Same issue here guys. It flagged files from Skype, Online Armor so far...I've been choosing 'Take no Action since it's obvious they're F/P's. Just be sure and read the file name carefully before choosing 'Take no action'.
-
Well it's almost 10 PM Eastern time and Avast is still going crazy on programs I've used for years. Plus, getting this forum to appear on my screen as very difficult - takes forever to show up if it does at all.
Is a change in virus database being worked on?
-
Hi Vlk, Igor, Pavel,
Please do something, before everyone faced the same problem like me. All of my tools and even my system also application detected as Win32:Delf-MZG [Trj].
And mostly deleted by avast.
avast! [User]: File "D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\helper.dll" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\Update.exe|>[Armadillo]" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\Update.exe|>[Armadillo]" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\PCToolsAntiVirusExtension.dll" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\PCTAVHook.dll" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\Upgrade.exe" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\hideipng.exe|>{app}\hideipng.exe" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\ophcrack-win32-installer-3.3.1.exe|>$INSTDIR\pwdump\servpw64.exe" is infected by "Win32:PUP-gen [PUP]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\SmitfraudFix.exe|>SmitfraudFix\dumphive.exe" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\SmitfraudFix.exe|>SmitfraudFix\swreg.exe|>[UPX]" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\SmitfraudFix.exe|>SmitfraudFix\swxcacls.exe|>[UPX]" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\X-Lite3_29712.exe|>{app}\eyeLook.dll" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\TrojanKiller\trojankiller-setup.exe|>{app}\trojankiller.exe" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\TrojanKiller\trojankiller-setup.exe|>{app}\checkfile.exe" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
avast! [User]: File "D:\Yanto\Utilities\Aplications\Trojan Remover\trjsetup681.exe|>{app}\Rmvtrjan.exe|>[Armadillo]" is infected by "Win32:Delf-MZG [Trj]" virus.
"%3" task used
Version of current VPS file is 091203-0, 12/03/2009
And many more.......what is going wrong guys.....i need to unstinstall avast here....
-
Same here with SpySweeper running VPS version "091203-0, 12/03/2009".
The following files were flagged under the following 4 Webroot sub-folders:
C:\Program Files\Webroot\Spy Sweeper\
ClientHelper.dll
Core.msi
language.dll
lockbox.dll
SafeSweeper.exe
SpySweeperUI.exe
SSCtxMnu.dll
VersionInfo.dll
ziptv06.dll
C:\Program Files\Webroot\Spy Sweeper\Cleanup\
CtxCleanup.exe
WashEngine.exe
WcCtxMnu.dll
C:\Program Files\Webroot\Spy Sweeper\Core.msi\Data1.cab\
lockbox.dll
ziptv06.dll
wrlzma.dll
C:\Program Files\Webroot\Spy Sweeper\Core.msi\
ISSetupFile.SetupFile2
My current workaround is to stop then disable (at startup) the following 2 Webroot services via Run ... services.msc:
Webroot Client Service
Webroot Spy Sweeper Engine
as well as disable the SpySweeperUI.exe file to load at Windows startup.
I will keep them this way until ALWIL re-issues the VPS to no longer flag these false positives.
-
Hi Guys,
My customer in indonesia, has been screaming about this...anybody please concern about this...please.....if you don't want to lose those customer.
We have aware our customer to not download the VPS update first.
-
I just got a warning concerning IOBit360's file as follows: 12/2/2009 9:32:00 PM SYSTEM 1620 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\IObit\IObit Security 360\is360mon.dll" file.
Took no action after browsing this Forum - good response so far, folks, appreciate the effort here :) I did see that avast 'updated' just moments prior to this alert, so I was a bit leery of believing its actuality. I bet it will be fixed soon (fingers crossed!!)
And I just started using avast two days ago, LOL... seeing how slow the Forum is atm I bet there's LOTS of traffic on this ;)
Alex
-
>:( :o please fix this problem asap. It is a huge issue having yoy guys giving us a stuffed up virus definition. A program is now rendered useless because of you. Thanks heaps
-
OMG...I thought I was the only one. I have had 19 warnings (all trojan) since I have updated my Avast today. I am freaking out and I could only delete them because I scanned in safe mode. Please let me know what is going on.
God Bless
Karmel
Avast updated itself about 15 minutes ago and within two minutes began reporting many, many instances of Win32:Delf-MZG in many of my files, including those that had been on my computer for a very long time. I did a boot scan with instructions to move malware to the chest and before I knew it almost twenty files had been moved before I stopped the boot scan. Something seems very wrong here--can these all be false positives?
-
Same here, only so far the only warning I received was from Avant itself, and my Avast moved it to chest, disabled it, and then removed it from my list. I tried a reinstall, virus warning, on an earlier version of Avant, Avast again tossed it into hiding. I haven't gotten the warning on any other program yet, haven't tried for fear now that it will disable everything. My computer has been offline all day, and then tonight soon as I turned it on, this happened, and it was fine last night. I lost all my favorites, important links I had bookmarked for easy access due to owning an online scrap store, and now I can't access anything without first looking it up, and I don't like chrome or IE...I want my Avant back...with no virus warnings!
-
Many PCs in our office are also picking this up. We are actually a software development house and circumstantial evidence is pointing to some Delphi code being flagged as a virus.
All of the software we write is now being flagged as being infected by the Win32:Delp-MZG Trojan - this is obviously a BIG problem for us - I've advised our Tech Support team to be ready for an influx of calls.
Lee.
I can confirm this. Avast just locked me out of my audio production tools which were coded in Delphi. it also locked me out of all of the Delphi coded VST instruments I have. Im pissed. I hit the "do nothing" button, but dissabled avast, because I cant take this bullshit. tempted to go back to AVG now.
-
Hi, my avast! program updated its virus database around 3 hours ago. Not long after that, avast! warned that it had detected a trojan horse in the Spybot application extension file SDHelper.dll. After that, Spybot reported 3 registry changes, 2 of which I denied:
• 3/12/2009 2:10:27 PM Allowed (based on authenticode whitelist) value "{53707962-6F74-2D53-2644-206D7942484F}" (new data: "") deleted in Browser Helper Object!
• 3/12/2009 2:10:35 PM Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /M:110b04264564
") changed in Session manager!
• 3/12/2009 2:10:38 PM Denied (based on user decision) value "ExcludeFromKnownDlls" (new data: "") deleted in Session manager!
The last two logs above (the ones I denied), have repeated over and over again in the Spybot log file for the last 3 hours, as you can see here:
• 3/12/2009 2:10:39 PM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
aswBoot.exe /M:110b04264564
") changed in Session manager!
• 3/12/2009 2:10:39 PM Denied (based on user blacklist) value "ExcludeFromKnownDlls" (new data: "") deleted in Session manager!
Something is obviously keen to change registry values…
Anyway, I tried moving the SDHelper.dll file to the chest, but that didn’t work. I was also unable to delete the file. What should I do?
P.S. Man, there’s a lot of traffic on this website!
-
The latest definitions are online since 45 minutes: 091203-1
-
I have been working on a local server (Wamp) for over two years now. With a big system update for my site that (I am a week late and now) GONE. It and many of my prgs got kicked tonight. I hope you people here at Avast have some way of getting them back, because from what I have been reading, I'm not the only one pissed! Pure bullshit!
-
VPS update 091203-1 fixed this issue. go update ur avast :)
-
Download the new definitions, go to the chest and restore all the files that have been moved there today, problem fixed.
Rescan to make sure.
Of course, if you chose "delete" instead of "move to chest", then tough luck.
-
The new update "discovered" win32 zbot-mkk in 2 trusted programs on my PC. Irfan View and Damn Nfo Viewer were both disabled. I had to turn Avast off as it was continuing to found other viruses. How about a fix for this one? :'(
-
Hi ALWIl Team,
Just advice,
Next time if you guys would like to launch or release a new signature, please try it first at your inside labs. ;)
So some people, which have critical application not screw up just because 1 AV definition.
Good job
-
avast!, don't let this happen again. I lost several program files to deletion, since the 'move to chest' function stopped working. I've spent ages repairing all of the damaged programs. I will seriously reconsider using this antivirus software.
-
ya , i already have many software deleted cannot work
-
Official statement here: http://forum.avast.com/index.php?topic=51647
-
Thank you for the official statement although, personally taking 5 hours to release the patch is too long. With 100 million users I would think there would be at least 1 person keeping an eye on things whilst you sleep. I mean seriously, you don't release an update of any kind without first testing it. Please never let this happen again. I have strongly considered changing anti virus programs because of this. I may still so have fun with that. You're very lucky it happened whilst the US was sleeping. If it had happened whilst they were awake you would have had mayhem. I mean the forums hardly loaded when the US was sleeping and there was a problem, let alone if they had been awake.
I hope these how to's come out quickly and that they will solve issues of where files were moved to the chest
-
Not everyone sleeps at night in the USA. My "day" is "Night" and came on just before Midnight MST to work online. My automatic AVAST updated as normal without any alerts showing.
Then I visited a forum where a poster reported the trojan about 8 pm MST (Dec. 2). I disabled my AVAST...just in case... and came here. Apparently my update included the repair. If I came online several hours earlier, I would have been "hit" as well.
I have to give "kudos" to the AVAST team who made the repair within this five hours. However inconveinent it may be waiting to long....better a thorough hunting down than a "quick, stopgap fix".
-
Hi Sparky13,
I agreed with you too,
Your country is lucky not screw up with this problem, but in my country indonesia for user avast they are screw up with this problem.
And back to us to asked about this problem. :( :( :(
Please in the future, before release a new signature update just make sure it internally.
-
well, that sucked.
Boot scan "caught" more than a dozen instances of "Win32:Delf-MZG [Trj]," mostly from lightweight appz. When it started flagging stuff like my soundcard drivers I canceled the scan and decided to look here for more info . Glad that I did.
Luckily, I have only a few minor appz to reinstall.
glad to see that the problem's been fixed.
-
Oh man...tell me about it. :-\
Luckily, I too only had to reinstall a few things. (Even reinstalled my sound card drivers straight from disc) I about freaked out. :o
I did uninstall Avast and reinstalled it, so fortunately, it updated to the correct defs. But boy oh boy, there for a while I was like "what the heck?"
Anyway, thanks Avast for fixing this monster ASAP. :)
-
hmmm - I've got the last update (091203-1) and STILL getting the warnings??
-
I also had problems with the update and followed Avast's recommendations and moved the files to the chest.
I them did the later update and restored each file in the chest.
The problem is that when I do an update now, Avast has to submit and download certain files in order to complete the update and it takes a really long time. Very frustrating.
I don't know if Avast itself is now corrupted.
Any advice. Should I uninstall Avast and then reinstall?
Think that would fix the problem?
Thanks for any help.
First problem since having Avast but a big hassle.
kenf
-
hmmm - I've got the last update (091203-1) and STILL getting the warnings??
You may have real virus but please send it to the chest.
I also had problems with the update and followed Avast's recommendations and moved the files to the chest.
I them did the later update and restored each file in the chest.
The problem is that when I do an update now, Avast has to submit and download certain files in order to complete the update and it takes a really long time. Very frustrating.
I don't know if Avast itself is now corrupted.
Any advice. Should I uninstall Avast and then reinstall?
Think that would fix the problem?
Thanks for any help.
First problem since having Avast but a big hassle.
kenf
Avast! should be O.K. Simply, Avast! is working as it is supposed to be: Avast! tries to upload these files while updating. At least, it won't harm your system. However, in this circumstance, it must be tough to the servers. And yet, Vlk recommended to keep them...
-
hmmm - I've got the last update (091203-1) and STILL getting the warnings??
You may have real virus but please send it to the chest.
I also had problems with the update and followed Avast's recommendations and moved the files to the chest.
I them did the later update and restored each file in the chest.
The problem is that when I do an update now, Avast has to submit and download certain files in order to complete the update and it takes a really long time. Very frustrating.
I don't know if Avast itself is now corrupted.
Any advice. Should I uninstall Avast and then reinstall?
Think that would fix the problem?
Thanks for any help.
First problem since having Avast but a big hassle.
kenf
Avast! should be O.K. Simply, Avast! is working as it is supposed to be: Avast! tries to upload these files while updating. At least, it won't harm your system. However, in this circumstance, it must be tough to the servers. And yet, Vlk recommended to keep them...
You mean that Win32:Delf-MZG was a false positive before but now its real? AVG time
-
Some problem still remain in new update, because still getting warnings about Win32:Zbot-MKK for a few files (for example opera.exe). I think problem that Avast using old VPS 091203-0 in some case, because when I received warnings, it have message that use VPS 091203-0. But I updated to 091203-1 already
-
I checked my update logs to see which virus database VPS and time it was automatically updated December 2. This is what I found (Times are in Mountain Standard Time USA)
12/2/2009 2:14:58 AM ......The virus database (VPS 091201-1) was automatically updated.
12/2/2009 11:40:59 PM .....The virus database (VPS 091203-1) was automatically updated.
So, I am assuming my AVAST is ok then.
-
brian943
can you please advise the original file name and path/s of the warnings you are currently getting?
I was thinking a few minutes ago that it would be an ideal time for malware makers to produce new variants of these particular ones and unleash them. I hope they haven't. But I'm not especially evil, and if I thought of it, bet your bottom dollar they have, too.
-
Hi,
maybe there is/was running some scan on background, so the VPS didn't updated.
Milos
-
Hi Sparky13,
I agreed with you too,
Your country is lucky not screw up with this problem, but in my country indonesia for user avast they are screw up with this problem.
And back to us to asked about this problem. :( :( :(
Please in the future, before release a new signature update just make sure it internally.
Agreed, I don't see why they couldn't have just tested it on one simple computer ???
Not everyone sleeps at night in the USA. My "day" is "Night" and came on just before Midnight MST to work online.
I was more referring to the standard hours that Americans are asleep
I have to give "kudos" to the AVAST team who made the repair within this five hours. However inconveinent it may be waiting to long....better a thorough hunting down than a "quick, stopgap fix".
I just don't understand a 5 hour wait. I mean all they had to do was take us all back to the old virus definitions. That would have solved the problem. Then they can get onto the fix for the virus definitions they attempted to release. I just don't understand why it took 5 hours for the fix. I mean I understand that maybe it took them an hour to realise there actually was a problem but then they could have easily fixed the problem and if they couldn't they make an emergency call to the boss so it can be fixed ASAP.
-
Well, for me, I was online when the offending update installed. Then, when I went to shut down ( I always run TuneUp Utilities 2009 before turning off my computer) all the bells and whistles went off! Long story short...in addition to some program files, the boot scan detected many Windows system files as infected and the only option that would work was to delete the files (I could not "move to chest" nor "repair"). It turns out that deleting some of those files DID affect system operation. System restore does not work now, so I am left with a complete OS re-install. I am NOT happy about this. Fortunately, my other computers were off-line when this occured. I have set the rest of my computers to "manual update" for now until this whole mess is long behind us.
(No reply to this post is required or invited. I'm just venting because now I have to take a day to completely restore what WAS a perfectly running computer. I run Avast, MBAM, and Super Anti-Spyware routinely, and the chances of real trojans on my equipment is VERY slim. Anyone posting comments about me having real threats will be claiming that none of theses defense programs actually work.)
-
Hi,
maybe there is/was running some scan on background, so the VPS didn't updated.
Milos
No, VPS updated ok, because most of files that have warnings before, begin to work ok after update.
But some file was still warnings about Zbot-MKK, because of old 091203-0 update. I solved it be reinstall AVAST and update it again, now all work fine.
-
(No reply to this post is required or invited. I'm just venting because now I have to take a day to completely restore what WAS a perfectly running computer. I run Avast, MBAM, and Super Anti-Spyware routinely, and the chances of real trojans on my equipment is VERY slim. Anyone posting comments about me having real threats will be claiming that none of theses defense programs actually work.)
Hi Mickey,
thanks for your post. Till now, we thought the problem didn't affect any Microsoft (operating system) files. But you're saying otherwise. Do you still have the avast logs? It would be very interesting to look at these.
They are located in the <avast>\data\log directory (usually in C:\program files\alwil software\avast4).
Thanks much
Vlk
-
I have a warning about a Trojan that I haven't seen listed here yet. It is called NWMultiTouch.dll. From what I can tell it is from a Registry Booster program I installed from Uniblue. Unfortunately I count on Avast to keep things straight for me. I've used Avast for years and think it is the best program available for protection. This is the first time I've ever had a question about something it has detected. I cannot find any information about the above .dll file being a malicious file. I am running the most current update from Avast of 091203-1.
edit: I guess I should mention I am running Windows 7 home premium, if that makes a difference?
-
avast!, don't let this happen again ... I will seriously reconsider using this antivirus software.
To be honest, I originally agreed with "Forward ...". I still remember the last major false positive issue with LogMeIn (http://forum.avast.com/index.php?topic=31255.0) 2 years ago (Nov 2007), but was able to forgive avast for its over-zealousness. However, this latest FP represented a STRIKE 2 (in baseball lingo). Not good.
Now, I have really enjoyed using and promoting avast since March 2005 (http://forum.eprompter.com/index.php?showtopic=336) and I was not looking forward to a STRIKE 3 because I thought I would have to look elsewhere.
Just to be fair to avast, I was curioius to know if false positives occurred "elsewhere" too, since "the grass is not always greener on the other side" as the expression goes.
What I found was (I must admit) quite surprising. Several of the BIG 10 anti-virus (http://antivirus.about.com/od/antivirussoftwarereviews/tp/aatpavwin.htm) applications also have their share of FP problems:
AVG: http://www.google.ca/search?q=site:forums.avg.com+false+positive (http://www.google.ca/search?q=site:forums.avg.com+false+positive)
Norton Internet Security: http://www.google.ca/search?q=site:community.norton.com+false+positive (http://www.google.ca/search?q=site:community.norton.com+false+positive)
Avira AntiVir: http://www.google.ca/search?q=site:forum.avira.com+false+positive (http://www.google.ca/search?q=site:forum.avira.com+false+positive)
McAfee: http://www.google.ca/search?q=site:community.mcafee.com+false+positive (http://www.google.ca/search?q=site:community.mcafee.com+false+positive)
Kaspersky: http://www.google.ca/search?q=site:forum.kaspersky.com+false+positive (http://www.google.ca/search?q=site:forum.kaspersky.com+false+positive)
Panda: http://www.google.ca/search?q=site:support.pandasecurity.com+false+positive (http://www.google.ca/search?q=site:support.pandasecurity.com+false+positive)
BitDefender: http://forum.bitdefender.com/index.php?showforum=138 (http://forum.bitdefender.com/index.php?showforum=138)
Eset Nod32: http://www.wilderssecurity.com/search.php?searchid=3265226 (http://www.wilderssecurity.com/search.php?searchid=3265226)
The take-away lesson here is that FP's are going to happen regardless of the security product.
I remain confident that ALWIL does its best not to release VPS signatures that will create the type of havoc this last one did. The developers aren't stupid ... they don't want to lose any users to stuff like this. So, I guess we users can be confident knowing that this VPS serves as a reminder that ALWIL must remain vigilant that their updates don't go untested before going into wide release.
Thanks ALWIL for providing me and my friends with years of great AV support. I still think your app rocks ... just as I did back in 2005.
Keep doing what you do because you do it well ...!! ;D
-
I have a warning about a Trojan that I haven't seen listed here yet. It is called NWMultiTouch.dll. From what I can tell it is from a Registry Booster program I installed from Uniblue. Unfortunately I count on Avast to keep things straight for me. I've used Avast for years and think it is the best program available for protection. This is the first time I've ever had a question about something it has detected. I cannot find any information about the above .dll file being a malicious file. I am running the most current update from Avast of 091203-1.
edit: I guess I should mention I am running Windows 7 home premium, if that makes a difference?
Hello,
you can send us (virus@avast.com) the file to analyze, Put "false positive" to mail subject.
Thank you,
Milos
-
avast!, don't let this happen again. I lost several program files to deletion, since the 'move to chest' function stopped working. I've spent ages repairing all of the damaged programs. I will seriously reconsider using this antivirus software.
same thing to me,i have just started using avast...and iam damn scared to continue with it..how can avast be so careless after so many years of goodwill?
-
I was also hit by the false positives.
For me, it caused me to NOT be able to go online for some reason. I was finally able to get back online and get my AVAST updated.
I accidentally deleted the supposed infected file- it was a dll- ezsvc7.dll
Anyone know what this file is or what its purpose is???
-
Hello, I have also deleted 19 files. Please let me know how to add them back.
Thanks in advance
God Bless
Karmel
-
This link was posted in the official statement to restore virus chested files;
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=376
Also, to those having warnings of other viruses. Download and run another anti-virus and scan the files
-
The odd thing about the FP is, I was gaming during the time (it was an MMO using ahnlab hackshield) and after about 10 alerts from avast! it came up saying it had been effected by a speedhack and was shutting down.. so I had literally no reason to think it was a FP...Deleted most of the files stated in the warnings.
-
I have a warning about a Trojan that I haven't seen listed here yet. It is called NWMultiTouch.dll. From what I can tell it is from a Registry Booster program I installed from Uniblue. Unfortunately I count on Avast to keep things straight for me. I've used Avast for years and think it is the best program available for protection. This is the first time I've ever had a question about something it has detected. I cannot find any information about the above .dll file being a malicious file. I am running the most current update from Avast of 091203-1.
edit: I guess I should mention I am running Windows 7 home premium, if that makes a difference?
Hello,
you can send us (virus@avast.com) the file to analyze, Put "false positive" to mail subject.
Thank you,
Milos
I have now sent the log as you requested Milos. It seems my machine is running fine. I was incorrect in what I thought the file was from though. After looking at the log again it appears to be a DellDock file. In any case I've sent the log as you requested. Thank you for posting Milos. It is good to know someone is listening.
-
Hello, I have also deleted 19 files. Please let me know how to add them back.
Thanks in advance
God Bless
Karmel
You can identify what files were deleted in the logs. If they were program files, you'll have to reinstall/repair the affected programs.
-
Even bigger problem--The fix does not work for me because 1) my Avast freezes when I try to open it and 2) Avast didn't give me the option of quarantining the "infected" file (now known to have been a false-positive) into the virus chest - it only allowed me to delete the file.
So I can't restore a file that was completely deleted and not quarantined (is360mon.dll, from IOBit Security 360), and I can't run a program that no longer works (Avast). Which means I cannot install the VPS update.
Now, like many here, half of my programs don't run, and Windows freezes when I try anything (even, sadly, trying to burn files onto a CD causes my computer to freeze up). Reverting to a prior Vista restore point doesn't work, and attempting to repair the boot up, both done throught he Vista CD, doesn't work.
What now?
-
Ugamark,
Was the IOBit file the only one deleted? Was anything else quarantined?
If the answers to the above are "yes" and "no", (respectively) see if IOBit security can be uninstalled then re-installed.
I have a strong suspicion there was more deleted or quarantined than you are saying, due to the Avast "freezing" you report.
Was any other AV installed before Avast? (Or installed now, even if inactive)?
Did the restore actually work but fail to fix the problem, or simply fail to work? (System restore was unable to ...)
-
Tarq57,
Thank you for the response. On second glance, you are correct on your assumptions. First, these were the entries (times 19-20) from the IOBit software file false-positive:
12/2/2009 8:21:18 PM 1259814078 SYSTEM 1736 Sign of "Win32:Delf-MZG [Trj]" has been found in "C:\Program Files\IObit\IObit Security 360\is360mon.dll" file.
12/2/2009 8:21:22 PM 1259814082 Mark 6980 Function setifaceUpdatePackages() has failed. Return code is 0x2000000A, dwRes is 2000000A.
But it also flagged a few items in my Google Chrome cache, and then some random error entries, which I am not sure whether they are part of the problem. For example:
12/2/2009 7:17:44 PM 1259810264 SYSTEM 1736 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\Users\Mark\AppData\Roaming\Microsoft\Office\Recent\JW Outlines.LNK (C:\Users\Mark\AppData\Roaming\Microsoft\Office\Recent\JW Outlines.LNK) returning error, 00000026.
Nothing was quarantined, so I have nothing to restore.
I do have several antispyware/malware programs on my computer (But Avast is my only antiVIRUS program), including Spyware Terminator, which now no longer runs at startup as a result of the Avast false-positive.
And you are correct--the restore was successful, but it did not fix anything and my computer runs no better. My computer freezes when any Windows-generated prompt must come up (i.e., deleting a file, it freezes when the O/S would normally confirm the deletion).
-
How I'd try and proceed would first be to try and get the database updated. Try pausing all the providers, and/or selecting "stop on access protection." If it is stopped, it may, relieved of its load, be possible to update it. Once updated, start everything up again.
If no luck there,attempt a repair of Avast via the control panel programs application.
Locate the entry for Avast, select "change" then "repair". Normally takes about a minute. Once that is done, see if it can be updated.
I think what may be happening is that Avast still thinks the files it flagged are malware, and is preventing any such file running, even though the "no action" response has been made.(And maybe in so doing it is consuming all your resources, thus freezing on attempting to open the GUI.) So trying to get the latest (or at least, not the corrupt) database is probably the most important thing to do.
Once that is done hopefully things will improve, radically. (It's guesswork on my part, tell the truth. Semi-educated guesswork. But it makes sense.)
If Avast can not be repaired, it may be necessary to remove it completely, use a special tool, and re-install. (Instructions late, if required.)
Let me know how the repair goes, first.
-
Tarq--Your advice was brilliant. PROBLEM SOLVED!!! For reference, to anyone who encounters similar problems, I did a "Stop Provider" of all Avast protection (from the right-click menu of the task tray icon), then restarted the computer (at which time, all missing startup programs returned), updated Avast, and then re-updated Vista (because I had reverted my o/s to an earlier restore point). THANK YOU so much for your expertise.
-
You are very welcome. Really glad it achieved a good fix. :)
Wish it was as straightforward for all affected users!
Now you need to check you quarantine, re-scan any file that may have found its way there during the problem period, if it re-scans clean, restore it. If for any reason it fails to restore, try extracting it too the original location.
Just a bit of housekeeping. Hopefully nothing further will be needed.
Any problems with any program, it's likely re-installing the program will fix it.