Author Topic: Win32:Kryptik-PFA [Trj] - False Positive ?  (Read 58957 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Win32:Kryptik-PFA [Trj] - False Positive ?
« on: May 06, 2015, 08:56:43 PM »
Hi,

My File System Shield as started moving files to my chest this afternoon.
Most notably my Lightshot.exe program that allows me to do screenshots.

When I scan with Avast I get 256 infected files.
MBAM does not find anything.
SAS does not find anything.

They cannot be repaired.

When trying to reinstall Lightshot, it blocks it.
Here is the screenshot :

http://prntscr.com/72a5q1 - Popup
http://prntscr.com/72a5yp - Virus Chest



Offline Michael504

  • Newbie
  • *
  • Posts: 6
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #1 on: May 06, 2015, 09:09:20 PM »
Hi,

My File System Shield as started moving files to my chest this afternoon.
Most notably my Lightshot.exe program that allows me to do screenshots.

When I scan with Avast I get 256 infected files.
MBAM does not find anything.
SAS does not find anything.

They cannot be repaired.

When trying to reinstall Lightshot, it blocks it.
Here is the screenshot :

http://prntscr.com/72a5q1 - Popup
http://prntscr.com/72a5yp - Virus Chest

I am having this same issue as of 1330 CST, Brand new computer reporting this Trojan in the Gobi wireless software on an Lenovo X1 Carbon. Definitely a false positive, need it fixed too.
« Last Edit: May 06, 2015, 09:28:55 PM by Michael504 »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #2 on: May 06, 2015, 09:13:18 PM »
Quote
I am having this same issue as of 1330 CST, Brand new copmuter reporting this trojan in the Gobi wireless software on an Lenovo X1 Carbon. Definitely a false positive, need it fixed too.
if you think so, right click file(s) in chest and report to avast lab as FP

Offline kevrianate

  • Jr. Member
  • **
  • Posts: 25
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #3 on: May 06, 2015, 09:14:23 PM »
I have two computers that just started showing this same issue with the business edition.  I have submitted a file from TortoiseGit that was showing as being infected.
« Last Edit: May 06, 2015, 09:23:17 PM by kevrianate »

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #4 on: May 06, 2015, 09:19:37 PM »
I also have several stations reporting the same, running the business edition also.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #5 on: May 06, 2015, 09:20:12 PM »
Tons of false positive at the college I work for.  I mean hundreds.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #6 on: May 06, 2015, 09:24:36 PM »
We also are having a wide spread report of this happening on our college campus. It seems like it started at the same time the latest definition came out. Thinking a bad set of updates are the cause.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #7 on: May 06, 2015, 09:29:15 PM »
Same is happening to us. First report was at 11:49am PDT. I'm getting multiple notifications reporting various files as infected by Kryptik-PFA. Most of the reports are saying that it's our KACE KDeploy.exe agent that is infected.

Definitely looks like a bad definition update.

Offline mmanous

  • Newbie
  • *
  • Posts: 2
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #8 on: May 06, 2015, 09:32:09 PM »
Same here. First started around 2:43 EST when people started getting VPS file 150506-3

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #9 on: May 06, 2015, 09:36:19 PM »
We even called Avast and we were told they can't help us and we need to submit a ticket. We said we think it is due to the update and its a false positive and they said then you can write a exclude statement for it. Since it is flagging tons of files, that would be a endless battle. If you guys have not created a ticket yet, I would suggest putting one in so we can have extra pressure for them to fix the latest batch of updates.

Offline kevrianate

  • Jr. Member
  • **
  • Posts: 25
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #10 on: May 06, 2015, 09:37:09 PM »
Same here. First started around 2:43 EST when people started getting VPS file 150506-3

That is the same version as I have.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #11 on: May 06, 2015, 09:39:55 PM »
Same version here also:  150506-3  Anyone come up with anything besides adding exclusions, which as was posted is an endless battle because its different files on each machine.   

Offline Michael504

  • Newbie
  • *
  • Posts: 6
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #12 on: May 06, 2015, 09:40:19 PM »
Same Version Here

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #13 on: May 06, 2015, 09:40:51 PM »
Oh good, it's not just us :P

We're getting it on dozens of machines and hundreds of files as well, so excluding or reporting the files will do no good. I have a feeling that cleaning up after this false positive will be more work than cleaning up an actual trojan...

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #14 on: May 06, 2015, 09:42:30 PM »
Having the same issue here.   Dozens of files are flagged.  Happened soon after today's update.