Author Topic: Kryptik-PFA [Trj]  (Read 35129 times)

0 Members and 1 Guest are viewing this topic.

Offline qwit2win

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #30 on: May 06, 2015, 10:20:02 PM »
Agreed

The exclusions we put in for Chrome were:

*\chrome.exe
chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

...and so far so good! Ed, I made the change you just suggested as well. Evidently there is NO TELLING what this is going to flag. From Office to Chrome to system .DLL files, nothing appears to be safe. Unfortunately the best move we can make now is to "disable" the AV altogether.

Offline Jim85

  • Jr. Member
  • **
  • Posts: 53
Re: Kryptik-PFA [Trj]
« Reply #31 on: May 06, 2015, 10:22:09 PM »
I find this ironic:  https://www.avast.com/en-us/virus-update-history

6.5.2015 - 150506-3

This VPS update contains only fixes to existing definitions or removal of false alarms.

Yeah - "removal of false alarms" didn't go so well.

Offline sappelhans

  • Newbie
  • *
  • Posts: 3
Re: Kryptik-PFA [Trj]
« Reply #32 on: May 06, 2015, 10:23:08 PM »
Same here, we have thousands of messages with files being moved to chest and its even flagging the Chrome executable.
the Virus page at avast shows that
https://www.avast.com/en-us/virus-update-history shows ...

6.5.2015 - 150506-3
This VPS update contains only fixes to existing definitions or removal of false alarms.

but we are still getting thousands of notifications.

Offline nannunannu

  • Full Member
  • ***
  • Posts: 199
Re: Kryptik-PFA [Trj]
« Reply #33 on: May 06, 2015, 10:27:16 PM »
I find this ironic:  https://www.avast.com/en-us/virus-update-history

6.5.2015 - 150506-3

This VPS update contains only fixes to existing definitions or removal of false alarms.

Yeah - "removal of false alarms" didn't go so well.

Wow, May is a pretty strange month...   The 4th was "Starwars Day", the 5th was "Cinco de Mayo", I didn't realize the 6th was "tragically opposite day"...

Offline sappelhans

  • Newbie
  • *
  • Posts: 3
Re: Kryptik-PFA [Trj]
« Reply #34 on: May 06, 2015, 10:30:43 PM »
We have totally disabled the "File System Shield" for now.
USA - Midwest.

lots of Intel Graphics dlls, seems like dlls all across the board.

Offline lloyd hollins

  • Newbie
  • *
  • Posts: 2
Re: Kryptik-PFA [Trj]
« Reply #35 on: May 06, 2015, 10:36:57 PM »
My School district of 300 computers just got hit also

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1126
Re: Kryptik-PFA [Trj]
« Reply #36 on: May 06, 2015, 10:38:59 PM »
Hi all,
Thanks for the info, we are very well aware of this detection and we are currently investigating what happened. Measures have been already taken to mitigate the impact of this (what appears to be) false positive.
Sorry for any inconvenience - we will surely let you know more info as soon as possible!

Offline nannunannu

  • Full Member
  • ***
  • Posts: 199
Re: Kryptik-PFA [Trj]
« Reply #37 on: May 06, 2015, 10:41:24 PM »
Hi all,
Thanks for the info, we are very well aware of this detection and we are currently investigating what happened. Measures have been already taken to mitigate the impact of this (what appears to be) false positive.
Sorry for any inconvenience - we will surely let you know more info as soon as possible!

Can you please rollback to 150506-0 to the mirrors so we can re-enable real time file system shields while you investigate the matter further?

Offline Infratech Solutions

  • Avast Reseller
  • Super Poster
  • *
  • Posts: 1673
  • www.infratech.es
    • La web de Avast para España
Re: Kryptik-PFA [Trj]
« Reply #38 on: May 06, 2015, 10:45:05 PM »
Quote
Can you please rollback to 150506-0 to the mirrors so we can re-enable real time file system shields while you investigate the matter further?

+1
La web de Avast antivirus para España: www.infratech.es/avast.
Hazte distribuidor de Avast: https://www.infratech.es/avast/distribuir-avast.html.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1126
Re: Kryptik-PFA [Trj]
« Reply #39 on: May 06, 2015, 10:51:20 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Offline qwit2win

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #40 on: May 06, 2015, 10:52:52 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

Offline nannunannu

  • Full Member
  • ***
  • Posts: 199
Re: Kryptik-PFA [Trj]
« Reply #41 on: May 06, 2015, 10:53:13 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can we manually "downgrade the mirror" on SOA console if we download the VPS package from here:  https://www.avast.com/download-update


??

Offline nannunannu

  • Full Member
  • ***
  • Posts: 199
Re: Kryptik-PFA [Trj]
« Reply #42 on: May 06, 2015, 10:53:48 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

Yes, even better....  Re-relase -0 as -4, and let us all get the fix... 

Offline CSEIT

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #43 on: May 06, 2015, 10:56:51 PM »
We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

Yes, even better....  Re-relase -0 as -4, and let us all get the fix...

This, please.

Offline qwit2win

  • Newbie
  • *
  • Posts: 6
Re: Kryptik-PFA [Trj]
« Reply #44 on: May 06, 2015, 10:57:02 PM »
Exactly.

We already performed a rollback; however, this does not help those who already have the new VPS. Rollback merely stops new users from downloading the "-3" VPS.

Can't you release "new" that are the same as the previous release? then it will overwrite the bad ones.

Yes, even better....  Re-relase -0 as -4, and let us all get the fix...