Author Topic: Kryptik-PFA [Trj]  (Read 36463 times)

0 Members and 1 Guest are viewing this topic.

Offline CSEIT

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #15 on: May 06, 2015, 09:13:37 PM »
64 bit

Offline Jose5016

  • Newbie
  • *
  • Posts: 5
Re: Kryptik-PFA [Trj]
« Reply #16 on: May 06, 2015, 09:15:04 PM »
It looks like this is going to be a chance to exercise an "Auxiliary Task" to restore previously-detected files from the "Virus Chest" that are no longer detected *once* Avast updates the definitions.  >sigh<

Please post how you do this if it works for you. I wonder if there is a way to rollback the definitions for all of the clients from the console to prevent the issue from spreading? Does anybody have a recovery plan for a situation like this you would like to share?

This is happening on most of our systems which are a mix of Win 7 and 8.1 64-bit, but luckily it is not flagging any important files that are affecting our users.

Offline JeffG

  • Newbie
  • *
  • Posts: 2
Re: Kryptik-PFA [Trj]
« Reply #17 on: May 06, 2015, 09:15:49 PM »
 ??? ???Same Here :'(

Offline Jim85

  • Jr. Member
  • **
  • Posts: 53
Re: Kryptik-PFA [Trj]
« Reply #18 on: May 06, 2015, 09:16:13 PM »
We're seeing this on 32-bit and 64-bit, Windows 7 and Windows 8 (and 8.1).  It's killing DLL files associated with Office 2010 and Office 2013 - we can't use Excel, Outlook, Word, etc.

Offline pps789

  • Newbie
  • *
  • Posts: 1
Re: Kryptik-PFA [Trj]
« Reply #19 on: May 06, 2015, 09:20:12 PM »
same here. win 8.1 64bit.

Offline edanderson

  • Newbie
  • *
  • Posts: 8
Re: Kryptik-PFA [Trj]
« Reply #20 on: May 06, 2015, 09:21:20 PM »
Based on what I'm hearing here I'm changing the "Action" on my "File System Shield" to "Do Nothing" across the board (at the root of my "Computer Catalog"). Hopefully this setting gets out to client computers quickly. (The last thing I want is for Office apps, Chrome, etc to start breaking). So far this hasn't been user-visible to anybody yet (or, at least, the Helpdesk isn't blowing-up.)

Offline Bassmaster

  • Jr. Member
  • **
  • Posts: 82
Re: Kryptik-PFA [Trj]
« Reply #21 on: May 06, 2015, 09:33:30 PM »
I'm only seeing it on windows 8.1 all 64 bit.

Offline Jim85

  • Jr. Member
  • **
  • Posts: 53
Re: Kryptik-PFA [Trj]
« Reply #22 on: May 06, 2015, 09:34:33 PM »
Good call Ed - I'm changing my settings as well.  I think about 20% of my users are affected right now, hopefully this stems the tide until Avast releases an emergency definition to solve this.

Offline ChrisYoungCCS

  • Newbie
  • *
  • Posts: 9
Re: Kryptik-PFA [Trj]
« Reply #23 on: May 06, 2015, 09:40:48 PM »
The exclusions we put in for Chrome were:

*\chrome.exe
chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

...and so far so good! Ed, I made the change you just suggested as well. Evidently there is NO TELLING what this is going to flag. From Office to Chrome to system .DLL files, nothing appears to be safe. Unfortunately the best move we can make now is to "disable" the AV altogether.

Offline Sterling

  • Newbie
  • *
  • Posts: 4
Re: Kryptik-PFA [Trj]
« Reply #24 on: May 06, 2015, 09:52:57 PM »
We are seeing it in our school district on a large percentage of our Windows 7 Pro computers that are 32 and 64 bit machines.  Avast has been rebooting the computers and scanning through the boot process.  I hope this can be resolved quickly as I feel like a plague has broken out.
« Last Edit: May 06, 2015, 09:55:55 PM by Sterling »

Offline edanderson

  • Newbie
  • *
  • Posts: 8
Re: Kryptik-PFA [Trj]
« Reply #25 on: May 06, 2015, 10:00:06 PM »
We just started getting hits on addt'l files:

  • C:\Windows\winsxs\x86_smarttech.activation2.vc120.1.0_e7e76aadd9f46776_1.0.1.0_none_938d1f756d28f795\activation2-vc120-mt-s-x86.dll
    C:\Program Files\Common Files\SMART Technologies\MyScript-6.0.0\engine\MyScriptEngine.dll
    C:\Program Files\SMART Technologies\Education Software\SDC330Dll.dll

So far the "No Action" is working and I'm not getting files being placed into the "Virus Chest" anymore.

Offline nannunannu

  • Full Member
  • ***
  • Posts: 199
Re: Kryptik-PFA [Trj]
« Reply #26 on: May 06, 2015, 10:06:31 PM »
150506-3 is a killer...  Intel storage drivers, sierra wireless drivers, Dell Desktop Authority, parts of internet explorer and chrome...  Just to name a few...

Really bad stuff going on...

Offline Jim85

  • Jr. Member
  • **
  • Posts: 53
Re: Kryptik-PFA [Trj]
« Reply #27 on: May 06, 2015, 10:07:48 PM »
Ed's settings are working for us as well - annoying that it keeps telling you you're infected, but at least it's not damaging anything.

We are consistently seeing igdusc32.dll from the Office 2013 software.  It causes Office software to fail loading.  A repair of Office seems to solve it.

Offline jjunc

  • Newbie
  • *
  • Posts: 8
Re: Kryptik-PFA [Trj]
« Reply #28 on: May 06, 2015, 10:08:22 PM »
Is there a way to revert back to the VPS version before 150506-3, 150506-0?  I didn't receive any hits on anyone with the 150506-0 version.  The no action worked for me as a temporary measure, but not a good idea to run that way.  I guess I could just turn off auto-syncing mirror before restoring the previous version.

Offline AndrewR24

  • Newbie
  • *
  • Posts: 3
Re: Kryptik-PFA [Trj]
« Reply #29 on: May 06, 2015, 10:11:49 PM »
Same issue here, flagging on Nvidia drivers and LibreOffice files so far. Disabled the File System Shield until they fix this mess.

Hoping most of our mobiles get disabled before it starts breaking about 100 laptops/tablets..
« Last Edit: May 06, 2015, 10:14:09 PM by AndrewR24 »