Author Topic: Win32:Kryptik-PFA [Trj] - False Positive ?  (Read 58960 times)

0 Members and 2 Guests are viewing this topic.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user

Offline Michael504

  • Newbie
  • *
  • Posts: 6
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #46 on: May 06, 2015, 10:57:21 PM »
Go to your virus chest and restore those files AFTER turning of the file shield, there is nothing wrong with them

Fortunately, we're still in pilot phase with the AEA product.  Our clients have version 150506-3, my regular (IT technician's) PC showed this alert too.  Ran a boot time scan which deleted a bunch of files -- it's amazing how many executables can be deleted and you still have a functioning PC!  :P It appears to have mostly attacked my ATI video card driver files, Chrome files, and Adobe Flash files.

MBAM scan came back clean.  Pretty sure this is just a bad vdb update -- false positive.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #47 on: May 06, 2015, 11:05:41 PM »
is there anything I can do? I restarted my pc and ran avast and deleted a ton of files, then at some point it asked me if I wanted to delete stuff in the windows system which I declined and stopped the scan. It deleted a ton of stuff from my drivers, I saw something about chrome, opera and skype too.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #48 on: May 06, 2015, 11:06:03 PM »
I hope they fix it soon.  I partially destoryed  one computer because i let it delete everything during a boot scan.  Then i started to realize.  Hey something was up.  When all the sudden my whole network started to get the same virus hit.

My remote users using Logmein were all locked out.  And on those systems.  They barely do anything except word processing remotely.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #49 on: May 06, 2015, 11:07:11 PM »
Hello from Russia with the same problem. Thanks to this forum for the description of the problem.  :(

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #50 on: May 06, 2015, 11:07:50 PM »
This bad definition file has wreaked more havoc than any other virus/trojan I've dealt with.

Users, through no fault of their own, try and do the right thing and quarantine/move to chest/delete the "infected" files and essentially make their PC's unusable.

It will be a long day/night for many of us.

Even if they release an updated definition, we will still all be dealing with the fallout for hours if not days.

Here is a reply from a ticket I submitted earlier.

//
Hello,

We are currently aware of a problem that's causing false positives to all our clients.
We're working on a fix, and will push it out ASAP.

Thank you for your patience,

Max Marak
Avast Corporate
//

Offline BudG

  • Newbie
  • *
  • Posts: 13
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #51 on: May 06, 2015, 11:08:48 PM »
Also check out this forum thread...

https://forum.avast.com/index.php?topic=170705.45


Offline schester

  • Newbie
  • *
  • Posts: 7
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #52 on: May 06, 2015, 11:10:58 PM »
Having problems here with a number of computers. Those that aren't restarted seem to be OK, but if they run a boot time scan that seems to be the start of the real problems.

Anyone have a good fix for what was destroyed during the boot time scan? I don't know yet what the user may have specified to do with the files, but it sounds like at least one computer isn't booting now.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #53 on: May 06, 2015, 11:12:23 PM »
@Avast Lab: any news about this?
The best things in life are free.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #54 on: May 06, 2015, 11:14:45 PM »
So far it's only hit two of the machines I have here, but in both cases it's flagged ATI driver dll files causing the ATI display manager to throw a fit.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #55 on: May 06, 2015, 11:17:30 PM »
This is a mess, really bad we need this fixed NOW.....

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #56 on: May 06, 2015, 11:22:43 PM »
Calling an all-hands-on deck here at my department.

This is REALLY bad - second-guessing our decision to go Avast at this point.


REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #57 on: May 06, 2015, 11:28:14 PM »
is there a resolution to this. I have over 30 computers on the network went all down after they got this message. Avast says you have to clean the machine we click yes it restarted the machine and all i get is a blank screen on all of them

Offline Halifax Library

  • Newbie
  • *
  • Posts: 5
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #58 on: May 06, 2015, 11:29:20 PM »
I'm not going to criticize too much; every AV vendor has had major false positive incidents.  This one has been the most disruptive I've personally had to deal with, though.

If you've decided not to turn off file system shield, make sure you tell your end users to click "No" if Avast asks to schedule a boot time scan and restart.  Otherwise, you'll probably end up having to do a System Restore (or worse) to get your machine back to a usable state.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #59 on: May 06, 2015, 11:32:38 PM »
I took the action of notifying them not to have it do the reboot/scan and then went into the AEA and set it so that the Shield took no action on anything related to file scans.  I have it emailing me the notifications so I have a list of computers I may need to visit.  Just waiting on the updated definition now.