Author Topic: Win32:Kryptik-PFA [Trj] - False Positive ?  (Read 58971 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #30 on: May 06, 2015, 10:14:30 PM »
Be sure to open a support ticket so that they know this is a serious, wide-spread issue!

Offline MegaRich

  • Newbie
  • *
  • Posts: 8
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #31 on: May 06, 2015, 10:16:17 PM »
You think that having iTunes and firefox wiped out is bad, it's removed all the NVidia drivers from a sizeable chunk of the computers I have deployed.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #32 on: May 06, 2015, 10:23:13 PM »

Please send a ticket to AVAST Support. Hard to tell if they're monitoring this
They are, several from avast team have been online and read it .... so you can be sure they are busy at the virus lab now


REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #33 on: May 06, 2015, 10:24:47 PM »
Like others have said in this forum, go into Avast settings and turn off 'File System Shield.' When Avast pushes a good update, turn it back on.
« Last Edit: May 06, 2015, 10:27:42 PM by CK - KHQ »

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #34 on: May 06, 2015, 10:25:43 PM »
I am so thankful to find this thread. fortunately it didn't start showing up until after school got out, so hopefully there will be an update and it will be ready to go in the morning.

Offline Halifax Library

  • Newbie
  • *
  • Posts: 5
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #35 on: May 06, 2015, 10:30:45 PM »
It quarantined nvapi.dll on one machine and nvd3dum.dll on my own workstation an hour ago.  Fortunately just the two so far, but I had to do a system restore to get my monitor to work again--to say nothing of the near heart attack I almost had when I saw it "spreading" through the network and ran to air gap our servers.  :)
Good to see I'm not alone; thanks for setting my mind at ease.

PS: Just took one of my servers out while I was typing this.  Going to be a long day, methinks.

Offline rmarfil

  • Newbie
  • *
  • Posts: 4
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #36 on: May 06, 2015, 10:35:47 PM »
And as dsstdf mentioned, after an update comes out you can restore false positives from chest using admin console.

Under Client-side task create new Updating task and for Task Type select Manipulate Virus Chest and under Virus Chest check the first box.

Should say " Restore all files from Infected folder of the Virus Chest in which no infection is detected using current virus database
(useful after false positive incident)

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #37 on: May 06, 2015, 10:36:52 PM »
Does anyone know a way to turn of the File System Shield globally through the AEA? Being at a campus with lots of pc's that get managed from there I was hoping we could do this in one spot and then turn it back on globally as well.

If anyone knows where this is found, that would be great.
thanks
« Last Edit: May 06, 2015, 10:39:53 PM by Viking15 »

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #38 on: May 06, 2015, 10:37:31 PM »
Fortunately, we're still in pilot phase with the AEA product.  Our clients have version 150506-3, my regular (IT technician's) PC showed this alert too.  Ran a boot time scan which deleted a bunch of files -- it's amazing how many executables can be deleted and you still have a functioning PC!  :P It appears to have mostly attacked my ATI video card driver files, Chrome files, and Adobe Flash files.

MBAM scan came back clean.  Pretty sure this is just a bad vdb update -- false positive.

Offline rmarfil

  • Newbie
  • *
  • Posts: 4
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #39 on: May 06, 2015, 10:38:54 PM »
Right Click Computer Catalog or specific group and then properties.  Click on File System Shield and uncheck box for Enable File System Shield.


Does anyone know a way to turn of the File System Shield globally through the EAS? Being at a campus with lots of pc's that get managed from there I was hoping we could do this in one spot and then turn it back on globally as well.

If anyone knows where this is found, that would be great.
thanks

Offline BudG

  • Newbie
  • *
  • Posts: 13
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #40 on: May 06, 2015, 10:39:25 PM »
Just received this from Avast Support Ticket I had created:

06 May 2015 22:35

Hello,

 We are currently aware of a problem that's causing false positives to all our clients.
 We're working on a fix, and will push it out ASAP.

 Thank you for your patience,
 Avast Corporate

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #41 on: May 06, 2015, 10:41:53 PM »
Me too. Same message.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #42 on: May 06, 2015, 10:42:31 PM »
Robert West,
Right click on Computer Catalog
Click on properties.
Click on File System Shield
Uncheck Enable File System Shield

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #43 on: May 06, 2015, 10:49:16 PM »
This is simply unacceptable and AVAST needs to fix this immediately, I am glad that so far we have not rolled out to the entire campus. This is the type of thing that causes people to find a new product as the warm and fuzzy feeling is definitely not there at this time.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #44 on: May 06, 2015, 10:51:18 PM »
Thanks for the tip dsstdf.  Will do.