Author Topic: Win32:Kryptik-PFA (Read 5683 times)

REDACTED · « **on:** May 06, 2015, 09:10:24 PM »

I am all of a sudden receiving reports from several computers with the following message regarding Win32:Kryptik-PFA:

File "C:\Windows\System32\ZenLgn.dll" is infected by "Win32:Kryptik-PFA [Trj]" virus.
"File System Shield" task used
Version of current VPS file is 150506-3, 05/06/2015

How do I know if Avast truly resolved the issue, quarantined it or just left it untouched?

REDACTED · « **Reply #1 on:** May 06, 2015, 09:21:43 PM »

If you check the Avast End-Point forum this is apparently widespread. Sounds like a bad Avast Virus Definition update. Hopefully Avast is working on the issue.

REDACTED · « **Reply #2 on:** May 06, 2015, 09:25:52 PM »

I believe we have a problem with virus definition updates.
I received an identical quarantine notice for three DLL files, one from my email program and two from my video driver.
The email DLL has a file date of 14 November-2014. The other two files are dated 2-July-2014.
I disabled Avast via the shields control and restored the files from quarantine.

I hope this gets fixed quickly. I don't relish the thought of our IT staff having to go through the same issue with all 400 members of our organization.

Eddy · « **Reply #3 on:** May 06, 2015, 09:34:25 PM »

Submit it to avast as a possible false positive:
https://blog.avast.com/tag/false-positive/

REDACTED · « **Reply #4 on:** May 06, 2015, 09:43:30 PM »

I will submit it as a false-positive but it is running ramped on many files. Do I need to submit it as a false positive for each file reported?

REDACTED · « **Reply #5 on:** May 06, 2015, 10:02:01 PM »

Same problem at our institution.... Not good...

REDACTED · « **Reply #6 on:** May 06, 2015, 10:09:45 PM »

So when we can have a solution to this false positive problem?

REDACTED · « **Reply #7 on:** May 06, 2015, 10:10:48 PM »

We are also experiencing the same issue -- since about 10:30AM Pacific.

REDACTED · « **Reply #8 on:** May 06, 2015, 10:15:47 PM »

Same here, we have thousands of messages with files being moved to chest and its even flagging the Chrome executable.
the Virus page at avast shows that
https://www.avast.com/en-us/virus-update-history shows ...

6.5.2015 - 150506-3
This VPS update contains only fixes to existing definitions or removal of false alarms.

but we are still getting thousands of notifications.

REDACTED · « **Reply #9 on:** May 06, 2015, 10:18:42 PM »

There's some discussion here, too: https://forum.avast.com/index.php?topic=170705.0

Based on the discussion here I'm changed the "Action" on my "File System Shield" to "Do Nothing" across the board (at the root of my "Computer Catalog"). This stopped the files from being put into the "Virus Chest" but I'm still receiving notifications.

Author Topic: Win32:Kryptik-PFA (Read 5683 times)

REDACTED

Win32:Kryptik-PFA

REDACTED

Re: Win32:Kryptik-PFA

REDACTED

Re: Win32:Kryptik-PFA

Eddy

Re: Win32:Kryptik-PFA

REDACTED

Re: Win32:Kryptik-PFA

REDACTED

Re: Win32:Kryptik-PFA

REDACTED

Re: Win32:Kryptik-PFA

REDACTED

Re: Win32:Kryptik-PFA

REDACTED

Re: Win32:Kryptik-PFA

REDACTED

Re: Win32:Kryptik-PFA