Avast WEBforum

Other => General Topics => Topic started by: Vlk on December 04, 2009, 05:54:41 PM

Title: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Vlk on December 04, 2009, 05:54:41 PM
Hi,

I decided to explain in a bit more detail what happened during that Wednesday night when we released the bad definitions that started flagging thousands of innocent programs as Trojans.

Normally, we have two definition updates a day. Usually one in the morning, and one in the afternoon/evening (unless there's some emergency). The actual release process is well defined, and features multiple QA checks that ensure that the definitions we roll out don't cause any [major] problems. For example, every definitions that we push out have to pass a false positive (FP) test on our extensive cleansets. The cleansets currently contain terabytes of data from hundreds of thousands of applications (we run many tests in parallel but still the test takes at least an hour to complete). Every single FP on this test set is a reason for the definitions to go back to the virus lab and be revised (and after a fix is made, a new full cleanset test is performed, until all is fine).

Now, given what I've just described, how could it happen that we released definitions that produced so many FP's? Were we so unlucky so that none of the affected applications was included in the cleanset? (i.e. is the cleanset so poor?)

No. In fact, an analysis done later showed that with the definitions in question (VPS 091203-0), we detected over 50 thousand unique samples from the cleansets as viruses!

The problem was that the FP test was not performed at all before the definitions were pushed out.


On December 2, roughly 9pm we had a normal (scheduled) VPS update 091202-1. The update was working fine for most users, no FP's or anything. However, due to a bug in it, the update wasn't working correctly in some Avast v5.0 (beta) installations. On these computers, the avast service wouldn't start after a reboot. Remember that avast 5 is still in beta and bugs like this can (and do) occur.

Soon after releasing the 091202-1, we noticed the problems with v5 and after doing some analysis, a decision was made to release another update that would fix the problem. It was around 1am local time and the situation was a bit stressful because v5 users were experiencing the issue and something had to be done fast. One of the persons not normally responsible for releasing VPS updates (but equipped with the knowledge of how it's technically done) went ahead and released the out-of-band update. However, unfortunately, he didn't follow the prescribed process and used wrong input files to generate the VPS. Files that were just prepared for testing - but were never really tested. :(

Anyway, after the update was released (at around 12:30am GMT, i.e. 1:30 local time here in Prague) there still was a chance to get some early warnings that the update is a fiasco and needs to be rolled back immediately. The irony is that the person was checking for at least one more hour whether there's anything wrong, but the internal systems used to flag any anomalies (such as increased load on the FP reporting servers) weren't showing anything special at this time. Should he have checked the forum he'd certainly notice the buzz that just started happening here, but unfortunately, he didn't do so.

The responsible people were alerted not earlier than at 5:15am local time when the problem was already of massive size. It took 75 more minutes to release the cure.


What's the conclusion? We will certainly be improving the process further so that such a thing is not possible anymore. In fact, this is our first major issue of this type, so we feel that even the current process works well, but only if it's strictly followed. But we need to make sure that it is really enforced in every possible case.

Furthermore, we're thinking of some additional early warning systems. If for example the evangelists here on the forum had a phone number to call in case of emergency, the problem could have been contained much much faster and the harm done would be incomparably smaller. Automated alerting systems have their place, but in many cases, a human decision is the best. And better to be alerted falsely ten times than not alerted at all.

The overall process will also be completely revised, and crisis management plans defined. We plan to do this over the next week, and I'll be sharing the outcome of this with you.


Looking back, we feel really sorry for what happened. We have learned a lot from this incident and are making sure it will never, ever happen again.

So, if you believe in second chances, please stay with avast. We screwed and we know it but we have to look forward and keep fighting. The virus writers don't sleep.


Thanks
Vlk
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: logos on December 04, 2009, 06:00:00 PM
OK VLK, thank you very much for taking the time to post this. I requested it in another thread and I'm glad you did it  ;) ... as I was also wondering why an update was released in the middle of the night, which isn't usual with avast, especially when an update was released just a few hours before. Now I see what happened...
 As far as I'm concerned, I consider such errors human, and I won't stigmatize Avast for this. So, np here, sticking to and with Avast  ;)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: lindawing on December 04, 2009, 06:25:11 PM
Thank you, Vik! That was about what I figured, in that I knew there MUST be something strange that had happened somewhere in the processing, because that third update came through only a short time after my second update! The little notice came up, and I immediately remarked to my son, "Wow! Avast! NEVER updates three times a day...there must be something strange going on!" Then just as immediately, the popups began...YIKES!

Thankfully, I didn't delete anything, and (even though it didn't help things later) I was able to restore everything from the chest (about 10 items). I am now going to do a full uninstall and clean install, because I'm having internet browser problems when the Standard Shield is active. I have a feeling that will cure my final problem after the big snafu.

At any rate, I want to thank you all for being so quick to work this out, and I'm totally confident that any new system you put in place will be great. In all the years I have been using Avast!, I have never, ever had this type of problem before, and here at the forum, I've found it very easy to get questions answered and help quickly delivered. You and the team are very, very friendly and efficient. I would never leave you just because this happened. I put my trust in your product a long time ago, and I don't believe it was misplaced.

Thank you again.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: twl845 on December 04, 2009, 06:38:34 PM
Let yesterday stay in the past. You guys at Avast are the best. Especially the employee who learned from the experience and taught everyone else that even the best can make mistakes.  ;)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: sunsets on December 04, 2009, 06:53:45 PM
Vlk,

Thank you for taking the time to explain what happened. I will continue to use Avast.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: enddays on December 04, 2009, 07:12:07 PM
I am staying with Avast  ;)  We are all human and can make mistakes, but it takes a big man to say sorry Vlk
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: RejZoR on December 04, 2009, 07:17:17 PM
Thx Vlk. But i found your decision to remedy avast! 5 update problems a bit strange. avast! 5 is still in beta and every even major bug can be excusable. Also less users use it compared to stable 4.8.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: pinnacle on December 04, 2009, 07:24:28 PM
vlk, I accept the the detailed information mistakes can happen.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Vlk on December 04, 2009, 07:52:48 PM
Thx Vlk. But i found your decision to remedy avast! 5 update problems a bit strange. avast! 5 is still in beta and every even major bug can be excusable. Also less users use it compared to stable 4.8.

With an update frequency of twice a day, a 3rd update seemed like a natural thing to do (an easy fix). And, of course, if it were executed correctly, there would be no problem.

We can speculate whether it was a right or wrong decision but I don't it really matters.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: lindawing on December 04, 2009, 08:14:45 PM
Might I just insert that Vlk didn't create the problem, nor has he laid the blame on anyone specific. He's simply stated what happened, and has apologized for it.

Vlk, would you please read this:

http://forum.avast.com/index.php?topic=51745.msg437873#msg437873

I still can't use any internet browser with the Standard Shield activated.

Thanks.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: MikeBCda on December 04, 2009, 09:39:47 PM
Hi and thanks, Vlk.

In one of the zillion threads relating to this (sorry can't find it easily, but you may have already seen it), there was an interesting suggestion for a preferably-automatic work-around, in effect permitting the user to "downgrade" back to the previous installed version of the database.  I agreed that it might be an idea for your crew to look into, although I agree the repair you did was admirably prompt.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: polonus on December 04, 2009, 10:03:19 PM
Hi MikeBCda,

Well that could be a good idea that avast could come up with a sort of system snapshot with a good functioning version of avast5 to go back to whenever an incident of this magnitude might affect us (hopefully never),

polonus

Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: logos on December 04, 2009, 10:19:29 PM
good thing would be at least to generate a windows restore point (just) before an update is applied, tens of programs are doing that at setup time (sometimes initiated by Windows itself, sometimes by the programs), Windows Defender as well as MSE are doing it too when they get updated (also manually  ;) )...so why not avast ?

 the problem that remains  being if system files necessary for the restore to complete have been sent to Chest  ;D ...restore them first... yeah... :) that's a case per case situation, can't give here the universal solution.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: John_E on December 04, 2009, 11:00:00 PM
Vlk - Thank you for taking the time to explain what happened. As a "regular" user this gives me peace of mind to know the details and realize the likelihood is small this will happen again anytime soon.

I'm not sure how many other companies would do this. Covering up mistakes seems much to frequent these days with all products and services.

John in STL
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 04, 2009, 11:12:21 PM
Thanks for the explanation Vlk.
As usual, we can trust when the company acknowledges.
A telephone number will allow Evangelists to warn.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Winter_Nights on December 04, 2009, 11:32:03 PM
Thank you very much for the explanation, Vlk.   :)
I will continue to use avast! as my antivirus program.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: maniac2003 on December 04, 2009, 11:35:10 PM
Thanks Vlk for explaining, luckily no harm was done here on 3 systems and my aunte had no problems either (notebook was off) :P
I'm glad you guys found out what caused it and take measures so that it never ever can happen again.
I will continue to use and spread Avast!
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: bob3160 on December 05, 2009, 03:49:15 AM
Thanks for the detailed explanation Vlk.
Leave avast! ??? Who, me ???
I don't think that's ever very likely to happen. :)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Philo on December 05, 2009, 07:07:27 AM
I for one will be staying with Avast!.

   As a person who works in a managerial position, I have an intimate understanding of processes and the repercussions of not following them. Unfortunately, people in these positions find that they more often than not end up "People-Proofing" the system, (what ever that system may be). Rarely is the fault in the process itself. More often than not its the "Human-Factor" I.E. the person/people who DID NOT follow said process.

   I, like many, was bit by this particular issue. However once the problem was properly understood, the fix was relatively easy. A simple roll-back to Tuesday and then manual updating of my system.

   However, I did learn an invaluable lesson, one that frankly I should have already known. That is, always check the simple stuff first.
 
   I was freaking out when a quick scan with the faulty update informed me of multiple win32 infections. I was doing boot-time scans, full scans w/archiving in safe mode, etc. Finally, I just walked away. The next day in school, I discussed the issue with several different professors. I received recommendations from "Wipe the whole drive and start over" to complex, in depth system fixes.

   The last professor I spoke with asked me, "Did you check your anti-virus providers Website to see if there's been any issue with the program?" LOL Duh......
   As humans are imperfect, so shall be the products of their labors. With that in mind I will continue to use Avast! and recommend it to all of my friends. I have been more satisfied with Avast! than any other Malware fighter I have ever used to date.

~Tuebor~
Philo
Loyal Avast! User
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Rednose on December 05, 2009, 07:21:51 AM
Thank you for the explanation Vlk :)

It must be awful for you guys too, especially for the colleague this happened to :-\

Greetz, Red.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Tsimmes on December 05, 2009, 07:55:11 AM
@Vlk,
Thanks for the explanation, I think it demonstrates yours and Avast's genuine concern for its users. It's appreciated and I will continue to use Avast. I was fortunate in that I use Acronis True Image to back up my computer every few days. After Avast launched a boot scan that I hadn't requested, my computer was still operable but many programs no longer worked and I could not restore numerous files from the chest. Rather than going through an arduous extraction process from the chest, I booted to my Acronis restore disc and restored a three day old image. I would recommend that every computer user own and use some form of imaging software.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Tarq57 on December 05, 2009, 09:29:06 AM
Quote from: Tsimmes
< I would recommend that every computer user own and use some form of imaging software.
+1.
Having an awareness to investigate detections prior to blithely deleting them might be a pretty good way of going on, too.
[edit] Tsimes, that wasn't directed at you; more at "the world at large" who so often do this.

I am somewhat confused about Avast launching an un-commanded boot scan.
You are (at least) the second user to report this. I didn't know that it was possible.
My version prompted me to restart for a boot scan, an offer I was able to politely decline.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: logos on December 05, 2009, 10:23:15 AM
Quote
I would recommend that every computer user own and use some form of imaging software

it's already the case  ;D just 99,99% of newbies on Windows don't know it  ;)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Omega40 on December 05, 2009, 11:01:08 AM
Many blessings to Vlk and the Avast! staff for their honesty and forthright in presenting this problem.
I am still here and will continue to do so.
<3

ps..I use Acronis.  ;D
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Rumpel on December 05, 2009, 11:06:50 AM
Thank you for the detailed explanation, Vlk.  I guess I relatively had a good grasp on what was going on.

I think I was one of those who happened to be aware of the anomaly at the early stage.  However, I could do nothing since, without doubt, the only cure was the release of a fixed VPS.  The boards were pretty crowded at that time and sded had already posted the best temporary solution: disabling Standard Shield and waiting for the update, which happened to be what I had done to one of our PCs.  What I could have done was just to point out the thread but it was almost impossible to browse the boards, not to mention posting...

I think it's a good idea to ask evangelists for cooperation.  For even I could have made a phone call.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: igor on December 05, 2009, 11:14:08 AM
I am somewhat confused about Avast launching an un-commanded boot scan.
You are (at least) the second user to report this. I didn't know that it was possible.

It's not - such a functionality isn't there...  ???
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Tarq57 on December 05, 2009, 11:16:36 AM
I thought not, igor, so somehow, maybe, someone has misinterpreted what happened, perhaps. Or inadvertently pressed the enter key in response to the prompt, perhaps.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: soundgrammar on December 05, 2009, 11:46:11 AM
Hi

Not sure if this has been covered elsewhere, but having read Vlk's explanation, could someone give some more detail on how best to set up avast so that if a false positive does occur (human error or sod's law) the impact can be minimised and recovery is well managed.

Like most people, I'm no expert, so forgive the obvious questions - this is a wake up call for the sleep walkers...

So for instance, how best to set up avast so that:

1. automatic sending of doubtful files to the locker is manual rather than automatic. Mine is set this way, but I have no idea where the options are...
2. Taking updates at certain times rather than when unattended.
3. How best to set up the locker etc so that overfilling does not cause further worse problems
4. How to recover files vaulted due to false positive
5. Implications for safety with any of these options
6. some detection of a "flood" by avast could indicate a FP

This is not an exhaustive list, and I'm in no position to say these are the right set up options or questions - but maybe the experts can come up with the right questions to follow up.

And such info needs to be maintained as options for best practice (not one size fits all), clearly visible and maintained, not buried away with so much other good stuff in the deepest bowels of the forum.

Regards

Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: logos on December 05, 2009, 12:13:52 PM
@ soundgrammar: this is no help thread here  ;)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 05, 2009, 12:38:22 PM
1. automatic sending of doubtful files to the locker is manual rather than automatic. Mine is set this way, but I have no idea where the options are...
I've changed my mind. First I thought the user must be asked in any case. But I agree a lot of users will simply delete the files instead of sending them to Chest. Now I think files needed to boot, at least on Safe Mode, in any language, need to be preserved. How to do this? I don't know, just my wish. My fear is seeing avast sending a necessary file to boot to Chest. I can't recover it... neither in Safe Mode.

2. Taking updates at certain times rather than when unattended.
I don't think this helps. I would set automatic updates for engine and virus definitions. The correction also comes with a new virus definitions package. You can't "check" if the update is ok before applying it... it's not reasonable, nobody wants this, neither Alwil.

3. How best to set up the locker etc so that overfilling does not cause further worse problems
I don't mind to set the Chest for higher values than the defaults. But the defaults are enough for most situations.

4. How to recover files vaulted due to false positive
Restore then withing Chest (right click them).

5. Implications for safety with any of these options
If you update your virus definitions, they are correct and the false positive is corrected, you will restore a clean file to its place.
With avast4 you can scan file within Chest. With avast5 beta it's not working yet.

6. some detection of a "flood" by avast could indicate a FP
??? Can you elaborate?

Better will be start a new thread to discuss like Logon said.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Mele20 on December 05, 2009, 02:26:22 PM
I also appreciate the detailed explanation of what happened. It is not often that one finds a company willing to be forthright and honest about something like this. I also feel for the human who made the mistake.

I'd like to say that I believe this incident is absolute proof that the "ignore" choice for the real time scanner must be reinstated in ver 5. I got both an upgrade to ver 5 beta 3 and the bad definitions at the same time. If there had been an ignore button nothing bad could have happened. The ignore button rather than only two choices (delete or move to chest) is essential in a situation like this. Yet, I only had those two choices that I knew would disastrous. I have never felt quite so helpless as I was not in control and that should never be. The user should always be in complete control and no program should take that from them. Please add "ignore" back in ver 5.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Shiw Liang on December 05, 2009, 04:10:13 PM
Vlk thank you for the explanation and the fast work ;D,
Human makes mistake and by learning through their mistakes that they improve ;)
Even if this happen I will never remove avast because it gave me a great protection till now^^

Avast is the best for me!

Cheering you up,
Shiw Liang
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: logos on December 05, 2009, 04:11:13 PM
so sh let you out of the Chest ? cool  8)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: GhOstMaStEr on December 05, 2009, 04:32:02 PM
i had to close my Cyber Cafe shop when this FP occur.. :-(
It happen Around 11am until 3pm the FP is fix(local time).. Suddenly all pc in the shop shouting "WARNING,Virus had been detected!!" (44pc)
I had to check each PC one by one for any file than been move to chest or even worst deleted. . . . . .
Cost me alot of time and MONEY for that day. Tell me,what should i do in this situation?
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Chris Thomas on December 05, 2009, 05:33:36 PM
I am staying with Avast ;)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: soundgrammar on December 05, 2009, 06:25:27 PM
Hi again

I don't know the structure of the forum very well, but let me know the best place to discuss how best to get user feedback on how best to set up and use avast to get the best out of it and handle real world issues like false positives and other things that go wrong in our highly complex computer setups where we are always unwittingly on the edge of the next catastrophe.

Even from the couple of responses I've learned a lot, but let's take this to the right place, wherever that is...

Quick response on the "flood" question: if my normal rate of detection of viruses etc is say once a month then if avast suddenly finds lots at once (the rate of detection increases rapidly) then either I have a really bad attack, or something else has gone horribly wrong. This type of approach could be taken into account. If I had an option for avast! to just pop out a little reminder that the infection rate just went berserk it might just stop me from panic.

Regards
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: logos on December 05, 2009, 06:28:46 PM
Hi again

I don't know the structure of the forum very well...

browse it  ;)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 05, 2009, 06:31:42 PM
If I had an option for avast! to just pop out a little reminder that the infection rate just went berserk it might just stop me from panic.
Could you elaborate? What do you have in mind?
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 05, 2009, 06:40:06 PM
Tell me,what should i do in this situation?
Keep the calm. Send files to Chest rather than direct delete. Ask for help in the forums. Try to contact other forum members or the staff.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: AZKID on December 05, 2009, 09:46:14 PM
Thank you Vik for the detailed info regarding the cause of the FP by Avast. I have learned a lot. As many other end users have stated ... I too will stay with Avast as my AV program. This was the first time in 10 years of using AV software that I encountered a FP and hopefully the last time. Thanks again Vik.

Richard W
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Mikos on December 05, 2009, 10:27:22 PM
Thanks VLK for explaining. People make mistakes... As most people say, let it stay in the past. The most important thing is we all learned. By the way, without failure, there won't be any successes. Since this happened, I will now expect Avast to be even better. I like people who learn from their mistakes, especially if they are man enough to tell me they made a mistake. I'm staying with Avast. :)



Mikos
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Abraxas on December 06, 2009, 04:22:55 PM
i had to close my Cyber Cafe shop when this FP occur.. :-(
It happen Around 11am until 3pm the FP is fix(local time).. Suddenly all pc in the shop shouting "WARNING,Virus had been detected!!" (44pc)
I had to check each PC one by one for any file than been move to chest or even worst deleted. . . . . .
Cost me alot of time and MONEY for that day. Tell me,what should i do in this situation?
GhOstMaStEr this Forum is made up of volunteer ¨helpers" who are not specifically employed by Alwil software. As far as your question above I can only suggest looking at the Home page http://www.avast.com/ and deciding whom you feel best to contact.
Alwil employees do read and participate on the Forum, and I would have thought a contact for people like yourselves would have been posted. If you really are concerned as I said find appropriate contact from Alwil homepage.
All the best !

Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 06, 2009, 06:58:04 PM
Does anybody know if we can have avast EULA after installing?
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Tarq57 on December 06, 2009, 09:49:59 PM
Quote from: Tech
Does anybody know if we can have avast EULA after installing?
The license is in "C:\Program Files\Alwil Software\Avast4\ENGLISH License.txt", if that is what you are asking.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: hegedusa on December 07, 2009, 12:00:45 AM
This sort of thing regularly happens with symantec and mcafee.  We repair computers for homes and businesses, and very frequently find computers with antiviruses from "the big boys" which have made systems go wrong one way or another  - either internet explorer won't start, internet is slow, or internet not accessible, or in extreme case the computer won't start.  And yet people stay with these packages. Why? because they think they have to and don't know any different. We have over 1000 installations with Avast, and haven't had a single problem in over five years. Our customers like Avast so much they recommend it to their friends. Just keep up the excellent work!
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issu
Post by: ibell63 on December 07, 2009, 04:41:49 AM
Thanks for the explanation VLK.  I think avast! is an excellent antivirus and none of this has changed that.  I think one thing that should be pointed out however, is that since avast! 5 is in beta, and therefore inherently somewhat risky to run (as it's beta software), maybe when there's an issue with a VPS that only has to do with beta installations of avast, perhaps it might not be as important to rush out a fix, since the users of beta software should not expect perfect performance and reliability from it and it shouldn't be run on important systems.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Dwarden on December 07, 2009, 10:09:14 AM
i find very interesting suggestion of person here who mentioned that if 'unstandard' out of loop / emergency/ crisis update(s) are released that system restore point is generated before applied and each file 'catched' after that until 'next' normal cycle update will be autocloned into chest ... :)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: CmdrX3 on December 07, 2009, 12:19:17 PM
I love avast and certainly won't be changing. Sometimes s**t just happens and as the saying goes "to err is human". Hopefully their will be no repercussions for the engineer that caused the issue other than a good slap on the wrist. He should however be made to buy a rather large case of beer for those who had to fix the problems. You seem to indicate the problem occured on the v5 Beta version due to a bug, and if so begs the question to the gentleman who had the problems in his Cyber Cafe, what on earth were you doing running a beta version security program (or ANY beta program) on live public machines.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 07, 2009, 12:37:41 PM
Quote from: Tech
Does anybody know if we can have avast EULA after installing?
The license is in "C:\Program Files\Alwil Software\Avast4\ENGLISH License.txt", if that is what you are asking.
I was looking on the beta... couldn't find.
Which is the warranty and the conditions that avast free is released? I mean, related to the losses generated by their error.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: MikeBCda on December 07, 2009, 07:30:29 PM
Tech, I haven't read the license agreement for 4.x, and I imagine that 5, being beta, is strictly "as-is" with no liability whatsoever on the part of Alwil.  But of course they've got an excellent record of fixing problems quite rapidly.

I'd guess that when 5 is finalized, the license for it will be pretty much what's more or less universal in the software field, even in paid commercial products -- legal liability will be limited to replacement, if appropriate, of avast only.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 07, 2009, 07:54:47 PM
Thanks Mike. It makes sense. Just that people think they can have every warranty of everything...
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: lindawing on December 07, 2009, 10:51:28 PM
I think 99.9% of the people who even knew that this FP thing happened (probably most people never even knew of it, because of the timing) are going to be sensible and understand how RARE this has been for Avast!

When running Norton or McAfee, years ago, I had those kinds of problems ALL THE TIME!!! Sheesh! It seemed there was hardly a week that would go by without some major problem being traced back to one of those programs! Avast!, on the other hand, simply keeps working away and protecting--usually quite quietly and effectively. This is the first time it's ever SCARED me with something like this, and I really doubt there will be something of similar proportions in a LONG, long time, from this team!

I'm now running the Pro version, and have turned off Spyware Doctor, which turned out to be the ACTUAL culprit of my browsers not wanting to run correctly. Spyware Doctor has given me nothing BUT problems since I purchased a 3-computer license for our family computers, back in June. Avast!, on the other hand, has not given me a SINGLE problem in all that time. Now my machine is running smoothly and efficiently once again, with JUST Avast! in place.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: 3grrrs on December 10, 2009, 05:49:21 AM
I am continuing to use Avast, but I have lost one computer to the error. After it went through some prog dll files it started on some system files, and not being too computer savvy, I followed the advice of Avast and kept moving "trojans" into the virus chest. When I finally thought to question it, and tried to restore, it didn't restore some files, and I am only able to get into that computer using safe mode. Restore is not working, I didn't save the info I should have re which files couldn't be restored from avast's virus chest, and will probably have to take that computer somewhere to be fixed. My smaller, older computer is still okay. Sigh.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: shae_32 on December 10, 2009, 06:24:13 AM
Uh-oh, 3grrrs.  :(

Do you happen to have the Windows CD? If so, you could choose to repair Windows. It will replace the Windows files ONLY with the ones on the CD. Just a thought. I'm sorry that happened. :(
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: mcarr on December 13, 2009, 05:54:46 PM
Vik:  I just emailed you. I'm new to the forum.  I followed too quickly the process of outlined to fix the win32:delf-mzg by putting it in the chest, checking it, and restoring the file.  Now, one of my computers shut down and came back up with a blue screen.  I am not a tech-geek, but figure I will have to contact my computer guy and pay him again.  Is there any further advice?  I have relied upon AVAST for years.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 13, 2009, 06:46:55 PM
Now, one of my computers shut down and came back up with a blue screen.
Can you zip and upload the file c:\windows\memory.dmp to ftp://ftp.avast.com/incoming for analysis.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: teknologenius on December 14, 2009, 05:18:45 AM
Dear Vlk,

I registered to the forum to post and tell you guys thanks for all you do; Avast works great for me and I really appreciate all your efforts and great software.  I use 4.8 and so I wasn't affected, but I'm very impressed anyway by your response.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: 3grrrs on December 15, 2009, 06:39:05 AM
thanks shae_32,

no I don't have the windows disc, just the back up I made on a half dozen CDs when the thing was new. It came with windows installed. I was going to try doing a rescue function, but don't want to lose all the settings, etc. Restore is dead,  :'( , so can't go that way. It has to be something fairly simple. I get wallpaper, no desk top stuff. But every so often I get a flash of the desk top as it was before the avast fiasco. It's just a flash .. gone in a blink. I'm just not savvy enough to figure it out.

So, I s'pose I could try the CDs, but I really don't want to lose all the settings, networks, etc.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: EBathory on December 15, 2009, 03:39:47 PM
I just want to add my support and appreciation for AVAST.  I was surprised how quickly some people became angry.  Everyone makes mistakes!  After all, Microsoft makes them all the time  ::)  Hail, Patch Tuesday!

Keep up the good work.  AVAST--Still the Best!
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Ocelot on December 16, 2009, 03:08:52 PM
Vik:  I just emailed you. I'm new to the forum.  I followed too quickly the process of outlined to fix the win32:delf-mzg by putting it in the chest, checking it, and restoring the file.  Now, one of my computers shut down and came back up with a blue screen.  I am not a tech-geek, but figure I will have to contact my computer guy and pay him again.  Is there any further advice?  I have relied upon AVAST for years.

I have the same problem - is there no fix for it? It won't boot up in Safe Mode, normal mode, allow access to DOS and the tech guys I emailed at Avast only seem to know the fix which involves the computer actually booting up.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 16, 2009, 03:10:59 PM
Ocelot, which was the virus name? When does this occur? Why are you relating your problem with this particular thread of December 3th false positive occurrence?
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Ocelot on December 16, 2009, 03:16:04 PM
I didn't get time to note the name, just that it was a Trojan and it occured as I booted up after the false positive update so I would guess that was the problem. Once I got it out of the boot-blue screen-reboot cycle it did have an error message about a file that needed deleting, but I can't check exactly what as its on my home computer and I am currently in an internet cafe.

I can get in to the computer using Linux on a disc, but I don't know what to do after that in terms of sorting this out - I know a bit about computers but I'm not an expert.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 16, 2009, 03:20:08 PM
avast logs should have kept that info.
The report file is created automatically in <avast4>\Data\Report\aswBoot.txt
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Ocelot on December 16, 2009, 03:26:16 PM
avast logs should have kept that info.
The report file is created automatically in <avast4>\Data\Report\aswBoot.txt

Where would I find that?

Would installing a copy of the latest version of Avast from a memory stick solve the problem by overwriting it?
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Lisandro on December 16, 2009, 03:31:52 PM
Where would I find that?
Sorry, I've forgot you can't boot.

Would installing a copy of the latest version of Avast from a memory stick solve the problem by overwriting it?
If you can't boot... no, you can't install avast without booting.

Overinstallation can solve the problem and you won't lose your programs, settings, data, files, etc.
Just choose 'Repair' installation of Windows and install 'over' the old installation.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;315341
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314058
http://support.microsoft.com/?scid=kb%3Ben-us%3B315341&x=15&y=0
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/doug92.mspx
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Ocelot on December 16, 2009, 03:37:54 PM
Thanks - I have found the original discs for the computer (its ten year old plus, and second hand - I inherit old computers from family members as I know enough to get an extra few years of work out of them, same as I know enough to run Avast not McAfee or Norton as I've learnt my lessons with them! One of them spun a hard drive so hard it cracked it, and I'd paid for that software), it won't let me run a repair only a reinstall.

If I run the Safe Mode, it hangs on the line after the one ending with mup.sys (I have another computer that has the relatively common problem of sticking at mup.sys, hence why I mentally noted it) and there we stay.

Its an option, when all else fails...

I'm just glad the Linux has allowed me to copy the majority of my files.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: lindawing on December 17, 2009, 02:51:43 AM
Ocelot--I was glad to read that you were able to get most of your things backed up. You could also take your hard drive out and have your documents and other info taken off, at a computer tech place. My son and I reinstall systems for people all the time. We have an adapter set that allows us to hook up any hard drive (even laptop hard drives) to one of our computers, scan the contents for viruses, etc., and then safely copy everything into a holding folder on one of our extra exterior hard drives that we keep specifically for that purpose. A tech place should be able to do the same thing...for a small fee (I would expect maybe $50). They would probably save your information to a few CDs or DVDs, or if you buy an extra hard drive, to that, and then you can keep that installed on your computer for later (I keep My Documents on my G drive just for this type of instance. Even when my system goes, there's very little I have to try to pull from my C drive to save. Mostly I can just disconnect my exterior drives and make a clean system, then connect everything back up again, and voila! I'm back in business.

Once you have saved your info, it's a snap to reinstall Windows (any type), and then you have a nice, clean computer once again. Put in any other programs you need, then start restoring your documents, etc. That way you'll still have a backup in place, at least of your current status, as well.

Good luck!
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Ocelot on December 19, 2009, 08:14:51 PM
I have had somebody look at it (a professional) but they couldn't do much in the time they had, but that's who resurrected it through Linux so I could copy stuff - they are doing it for free as I couldn't afford to take it in to shop.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: brianthesnail on December 27, 2009, 06:09:42 PM
hi there
         are you also aware of any issues with yahoo mail and yahoo homepage......i have been using avast free for god knows how long(approx 5 years ) and never had a problem in all that time...well thats until today
         upon trying to get my mail (yahoo mail ) i kept on receiving virus alerts ( i-frame...yeildmanager ect ) and even worried that my complete home network was infected....however from a bit of research online i have discovered you guys released a bad defenition update..
         so whats the deal ?
         are avast gonna sort this out..and will i be able to return to using avast ( using avg at the moment ) ...and when will the update be released ?
          any help will be much appreciated
                  thanks again and happy new year  !
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: CharleyO on December 27, 2009, 07:20:55 PM
***

Welcome to the forums, brianthesnail.   :)

I think that has already been resolved. Has your avast updated lately?

EDIT : see the below thread.

http://forum.avast.com/index.php?topic=52696.0


***
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: spokes on January 30, 2010, 06:42:46 PM
Please can someone check the various reports of apparently false positives of win32:malware-gen which have appeared in the past 48 hours, to see if a repeat of fp issue has not recurred? Ta much  ;D
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: logos on January 30, 2010, 08:05:25 PM
Please can someone check the various reports of apparently false positives of win32:malware-gen which have appeared in the past 48 hours, to see if a repeat of fp issue has not recurred? Ta much  ;D
what repeat ??? nothing here  ::) and I did a full scan today.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: bob3160 on January 30, 2010, 08:08:01 PM
No bells and whistles here either.
Maybe spokes has an actual  infections ???
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: spokes on January 31, 2010, 10:40:41 AM
I (and several others) reported similar fp's in other forum sections, which were quickly corrected in subsequent database updates. As of this morning I am clear. Thanks to Avast for quick response but I thought it was worth mentioning here in case similar reports were made in the near future.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: bob3160 on January 31, 2010, 03:43:22 PM
I (and several others) reported similar fp's in other forum sections, which were quickly corrected in subsequent database updates. As of this morning I am clear. Thanks to Avast for quick response but I thought it was worth mentioning here in case similar reports were made in the near future.
Next time, start a new thread instead of reviving an old out dated one. :)
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: spokes on January 31, 2010, 05:41:22 PM
I (and several others) reported similar fp's in other forum sections, which were quickly corrected in subsequent database updates. As of this morning I am clear. Thanks to Avast for quick response but I thought it was worth mentioning here in case similar reports were made in the near future.
Next time, start a new thread instead of reviving an old out dated one. :)
Thank you for your obvious comment  ::) but since there were already several reports of win32:malware-gen (and more since then) I thought I might get a more concerned response by posting on a stickied thread which referred to a similar issue of fp's.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: logos on January 31, 2010, 05:49:58 PM
since it relates to a new event, no.
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: kirana on August 03, 2010, 05:56:45 AM
Thank you for your obvious comment   ::) ???
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: Asyn on August 03, 2010, 12:13:36 PM
Thank you for your obvious comment   ::) ???

You posted to an outdated topic...! ;)
asyn
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: bob3160 on August 03, 2010, 04:16:25 PM
Thank you for your obvious comment   ::) ???

You posted to an outdated topic...! ;)
asyn

That's one way to get those needed 20 posts......  :(
Title: Re: An attemt to explain what went on that Wed night (a follow-up on the FP issue)
Post by: somza on August 27, 2010, 08:36:46 AM
I think that has already been resolved ;D