Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: pscraja on December 03, 2009, 05:23:13 AM
-
I am using avast home.
Only yesterday, I had run avast and cleared. Today when I opened the system, avast has showed several files infested with Win32:Delf-MZG trojan.
Is this a false positive? I didn't want to take a risk and hence I did scanning the main windows system folder as well as utilities partition.
When I ran, It runs to several hundred. When I click to quarantine, it doesn't move the file. but gives a message that there is no space. I had then selected move/rename. When the disk is having almost 8gb of space in the partition, why avast says that there is no space in the disc. I have attached the snapshot of the message.
Is there a trojan removal tool for this trojan or should dI go thro' scanning all the drives?
Kindly advise. Thank you.
pscraja
-
I will bet my incredibly devalued house that this is a false positive. Here's why:
1. Updated 2 PCs manually (this is why I don't do automatic virus def. updates) and rebooted. The PC running Win XP Pro immediately showed avast! warnings for the above trojan for apps I've been running for years (e.g., Atomic Clock Sync, PowerStrip, MagicDisc, Net Activity Diagram, AutoGK during a boot-time scan.... yeah, I canceled that nonsense immediately)
NB: avast! running on Vista Home Premium DID NOT throw up a boot-time warning on Atomic Clock Sync, even though that app starts at boot, but a manual scan of Atomic.exe claimed the trojan was present... so, avast! on Vista failure???
2. A PC that is running an earlier version of the VPS file (pre-Dec. 3, 2009) displays no boot-time warnings, nor finds said trojan on a manual scan of Atomic.exe.
Thankfully I only moved a few things to the Virus Chest, but restore didn't do much (said it restored successfully, but attempting to start Atomic.exe didn't work). Also couldn't copy the Atomic Clock Sync installer from a NAS to local HDD until disabling avast's on-access scanner(s). Install was fine after that, of course.
Until this is fixed (hopefully on Dec. 4) the solution is No Action or Continue when that trojan is "found." May be prudent not to ignore claims of other viruses found, however.
Hope that helps.
Helluva first post. forum.avast.com was so hammered I didn't think I'd be able to register ;-)
-
Hey, I signed on here to post about my problem and I see that I'm not alone! I have the exact same problem that you and some others do. I hope the admins reply soon about this problem - I can't let Avast keep destroying my programs.
I just got an email from my friend - who also has this problem!
-
Same issue here.
I have lost several programs so far.
When reinstalling them Avast goes off again and if I ignore it, I cannot access the programs and am told I do not have permission to use them. I rarely come here for help but this is getting serious as others here can attest. I have highly recommended and installed Avast on many of my local friends computers. Ive been getting calls from them for over an hour now asking me what to do.
-
I updated the virus defs to version 091203-1 and I think that works.
-
Bruce, have you tried scanning to see if you are still getting the alerts after getting the new update?
-
I too was getting lots of false positives :( ... on winSCP, Spybot ... etc.
After updating 091203-1 they seem to have stopped :).
-
this is ridiculous.
Too bad I uninstalled it already and switched to AVG. This caused a lot of stress and panic tonight. 8 hours worth.
-
:) :) i was scared at this morning - 10 programs was infected..... but false alarme - :)
-
Question: has anyone else found that now when they right click on an icon (i.e. on the desktop or in a folder) - adobe acrobat 9 windows installer tries to open up?
This is really annoying me and I was relieved that it wasn't a virus causing these false positives, but I'm wondering if I do have a virus - I've already scanned and no bad results. And after I uninstalled avast, and used AVG now, still no relevant results and it's still doing this problem.
Tried system restore but that didn't have an effect on it - so I reversed it back.
Anyone help?
thx.
-
Uninstall Adobe reader.
I use Foxit reader that is better than Adobe reader
Download it here
http://www.filehippo.com/download_foxit/
-
that's not going to solve the problem lol.
and it's not the reader, it's acrobat.
-
I also use Foxit Reader...much safer. I only use FireFox now anyway. With the new Avast update VPS - 091203-1, everything seems to be working fine now. I was able to restore everything from the Virus Chest (most of my PC!!!), but as a just in case, I installed Prevx (cloud-based) for layered protection and it seems compatible with Avast so far.
-
and also - if i click delete or right click and choose delete for a file, the installer pops up again - what's going on?
-
Hello GoldenGoose100,
have you updated to the latest version 091203-1 ?
thanks
nmb
-
hi nmb,
i uninstalled avast before the fix came out. =/
I have AVG now - the right click problem is still there.
I see someone else had this problem last year here: http://forums.techguy.org/all-other-software/752708-acrobat-installer-appears-everytime-i.html which I'm reading now
can't seem to get rid of this.
~ GoldenGoose100
-
re install adobe and see if it comes back?
nmb
-
uninstalling acrobat right now - but it's taking forever.
meanwhile I found this: This seems like the exact problem I'm having and towards bottom there are good solutions I think.
http://forums.whirlpool.net.au/forum-replies-archive.cfm/906404.html
-
sorry, I don't read other forums and post. I post based on my knowledge.
just use the adobe installer and try to install over the current installation, instead of uninstalling and then installing.
thanks
nmb
-
that's fair nmb, but in the middle of my adobe acrobat uninstallation (which I already had started before u posted your last message just above this one), the context menu to convert file to pdf was removed from right click menus - and i'm not having this problem anymore. So searching through google worked out there.
I don't know what this was caused by, but if it was a virus that got in around this avast false positive mess, I don't think it's left my system yet. I dunno.
(and sry to kinda hijack this thread, I hope it helps someone who just might have the same strange problem)
-
I knew the problem was because of the right click context menu. that was the reason I asked you to re install.
you are welcome. sorry what happened because of the false positive.
thanks
nmb
-
ah ha! very nice :)
but my question is, did this context menu problem suddenly arise because of the avast mix up or do i have some virus of some sort happening? i don't want to worry that there still may be some kind of problem.
-
if adobe files were flagged as virus(fp's) and was moved to chest, as some claim, then yes it was because of the avast false detections. that is the reason I have asked for forgiveness in my previous post.
thanks
nmb
-
Ah, no problem mate. You've helped greatly - and I can finally finish this stress and sleep! I've pretty much been sorting this bizarre twist out (plus my headset microphone decided to die today) for the last 12 hours almost straight.
Thanks so much again and good luck to everyone
~ GoldenGoose100
-
you are welcome GoldenGoose100.
nmb
-
Win32:Delf-MZG[trj]
I first ran into this trojan threat when trying to verify a file integrity. Avast! antiviral told me that my Filealyzer was infected. I quarantined the trojan and uninstalled Filealyzer. I then ran a standard scan, and found that it had also apparently infected a eyeLook.dll in X-Lite, an audio deck patch, something in vinyl deck, and four restore files. I went online to try to find out more about this trojan and found speculation about false positives, so I restored the files from quarantine. This morning I updated the Avast! iAVS to current version 091203-1, re-ran the scan, and found ten infected files, (the original seven, plus three more in the windows restore system). Trojans do stuff like this. I don't think that this is a false positive!
-
Theo, it is a false positive (if the virus name is really "Win32:Delf-MZG").
The latest definitions (091203-1) shouldn't be flagging any files with this virus name though -- the definition was completely removed from it.
Are you sure you have the latest?
Thanks
Vlk
-
during reboot with the bad virus def update avast shoved 159 false positive files into the 'moved' folder (i.e. moved instead of "moved to chest") in addition to the dozen of so that it put in the chest. All of these files are now labeled with a .vir extension. Is there a way to automatically restore these?
Thanks...
-
Had this issue last night on my GF's laptop, everything was being flagged Win32:Delf-MZG[trj]. I knew Avast was messed up because what it was flagging has been on her system forever, like Spybot for one. I clicked no action for all of them and then scanned with Eset online scanner, nothing found. Glad they got this fixed, even when you click no action it still modifies the file it seems. It completely destroyed the Spybot installation.
-
No, "No action" certainly doesn't modify the file.
Yes, it doesn't allow it to be loaded - but after the virus database is updated, it's possible to restart the affected program (OK, if it's an auto-start program, it might be better to restart the computer to get into the "ordinary" state).
-
No, "No action" certainly doesn't modify the file.
Yes, it doesn't allow it to be loaded - but after the virus database is updated, it's possible to restart the affected program (OK, if it's an auto-start program, it might be better to restart the computer to get into the "ordinary" state).
I clicked "no action" on every warning, turned off Avast's shields, couldn't start Spybot one of the files couldn't be found. Granted I hadn't ran Spybot on the laptop for a long time but it worked the last time I used it. Who knows, I uninstalled it anyway, don't need it.
-
Hello, It is OK but when the files were restored, they remain in the quarantine zone (or double). Do you can safely remove it for now there is nothing in the quarantine zone? ? ?
Thank you very much
Bernez
-
Hello, It is OK but when the files were restored, they remain in the quarantine zone (or double). Do you can safely remove it for now there is nothing in the quarantine zone? ? ?
In theory, you can remove them safely but there are always the possibility of human errors. So, please make sure that the applications related with the files work properly before deleting them.
-
Rumpel OK, I'll wait a few days to see if everything works perfectly before deleting
Thank you very much
Bernez
-
The Restore and Extract options for that matter, is actually a copy and paste, a copy will remain in the chest.
After you Restored. check the original location it was sent to and if present then you can delete the copy in the chest. This is the reason a copy is left in the chest (I believe), to ensure that the extract/restore succeed, otherwise you could be left with no copy.
-
Yes, but when you're not a computer specialist, it is not always easy to find the original file to see if restoration is made........
-
No need to be an expert, if the copy of the file is in the chest as it should be, then the location will be listed under the Original Location Heading ;D
Or you can right click on it and select properties and it will show what the original location is and more detailed information.
-
I too fell for the old Delf-MZG, totally wiped my system out, afraid to restart, most files it could not repair, so I rescanned and deleted...that was the second mistake, now in restoring most of my software, cannot due to date sensitive freeware and such, also deleted several files from Win 32 system folder :-[...so I am up s*** Creek without a paddle! I have not restarted, am moving files to large thumb drive and putting in new system...I guess its time to redo this one and sell it, new one has been built for about 3 months now...so this pushes me into switching over to it...only good thing to come from this...I understand it was a false positive, but too little too late for me! But Avast has always been good for me and does an excellent job so I am keeping it. OH WELL! :-\
-
Apttec55, can we help you in anything? Everybody is terrible sorry with the fact...
-
No, but I do much appreciate the offer, my luck to just happen to be on the computer during that 5 hour period of time when this occurred...just one of those things. It will force me to move and start using my new system here...thats good. I am always reluctant to start up a new system but this time I will move old Sata drive to new system as no 2 and be able to move a lot of software that way...its XP Home, the new system is XP Pro, so looking forward to starting it up..its an AMD Quad Core 9550, glad to get away from this Athlon 2800...its been a good one. Thanks again. Ric
-
You're welcome. Feel free to come back any time you need help or just to change experiences 8)
-
A Davidr Of course, I understand that, unfortunately, all records are such as :C:\System Volume Information\restore{_5259299F-BD84-4AB7-8D71-4A5979BD915A}\RP530
and when I access it, Windows tells me: "Access Denied" but that's OK, I'll leave it doubles the area of food
Thank you again to all
Bernez
-
The C:\System Volume Information is a windows protected area under the control of system restore and that is why windows blocks it.
- Infected/Suspect Restore Points - There really is little benefit in chasing a detection in the system volume information folder. It is only there because it had previously been deleted or moved from the system folders and this is a back-up created by system restore.
- Worst case scenario it isn't infected and you delete it, you can't use that restore point in the future, not much of a loss and the older the restore point is the less of an issue it is.
- So if there is any suspicion about a restore point then it is best removed from the system volume information folder or it could bite you in the rear at some point in the future when you use system restore if it included that restore point.
So unfortunately you won't be able to restore any of these restore points which happened to get caught up in the Win32:Delf-MZG FP, but because of the above this is a less serious loss. So personally I would call it a day on those detected restore points and delete them from the avast chest.
-
To DavidR It's OK, thank you for all these explanations and for the time you take on this forum
-
You're welcome.
-
Hello to all,
I am just passing on my experience with the defective update issue. I provide IT support services in Miami, FL USA. I have for the last several years recommended to home users the Avast anti-virus software without any hesitation and will, for most users, continue to do so. I also have several business clients running the Pro version or SBS packages. Across a base of a couple hundred PCs I have so far experienced issues with 12 computers, mostly home users. It seems that if they were actively using the computer during the time window that the errant detection file was in place they had a much higher likelihood of messing things up by deleting files that were flagged. Since Avast's default is to prompt the user to select an action - most end-users pick 'delete' it seems. Oddly enough, in all nearly all cases my users experienced problem that made their computers unusable - but easily correctable. Most could not work when booting normally and logging in as themselves or as local administrator (yes, all of my home PC users have a separate admin account even on XP). It seems various programs that drop tray icons never load and on first use of IE or Windows Explorer the PC would become unresponsive and require a hard poweroff. Booting into Safe Mode and uninstalling Avast corrected the lockup/performance problem in every case - 10 on XP and 1 on Vista. In all cases where I had the chance to do a remote session prior to the uninstall in safe mode (only 5 of them) there were no files in the chest but most reported having deleted something. In all cases the computers continued to behave properly - at some point I imagine I may run into a problem with a specific program like Spybot or Adobe reader, where something my have to be reinstalled. Avast can be reinstalled afterward works without issue as well.
While this problem was obviously quite nasty I believe that Alwil's response has been good and that they are serious about reducing the probability of it happening again. Compared to McAfee's massive, at least once a year screw ups I would give Avast the nod on reliability and still highly recommend it.
I hope this information is useful to someone that may still be struggling with a PC that is not behaving properly after being affected by the issue.
Regards,
-felipe