Author Topic: Win32:Kryptik-PFA [Trj] - False Positive ?  (Read 58958 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #90 on: May 07, 2015, 04:38:13 PM »
I agree that "mistakes happen" , especially with this type of software.

However, Avast owes it to their users to explain why this happened, and what they are doing to prevent it in the future.   This was not some minor problem... but was a very serious issue that had a large impact for many paying customers.   If Avast expects us to STAY as their customers, they need to respond and help us understand what they are doing internally to prevent this from happening again.

Further, considering how obviously broken that definition update was, it is clear that Avast does not do any testing of their updates prior to pushing them to production release.   That's not great.

« Last Edit: May 07, 2015, 04:39:46 PM by john-genus »

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #91 on: May 07, 2015, 07:34:30 PM »
Well, my laptop is "working fine", running like nothing happened, but still my intel/nvidia drivers aren't running, or at least when I try to open them it gives me an error, like there are missing files and stuff, my cousin which happens to be a tech with this stuff is going to help me, but for sure I'm changing my AV, avast worked well for me, but this is just a no, even though my laptop is "fine", it isnt. I'm one of the people that had to reboot and had files deleted thinking it would help.

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #92 on: May 07, 2015, 07:54:57 PM »
BTW - this happened before.  December 2009:

"On Thursday 12.3.2009 avast! had a bad false positive issue. At around 12:15 AM GMT (4:15 PM PST) we released VPS update 091203-0 which started flagging hundreds of innocent files as a 'Win32:Delf-MZG' Trojan (or, in less common cases, as 'Win32:Zbot-MKK). Among the files affected were high-profile programs produced by Adobe, Realtek, sound card drivers, various media players etc." - A VPS update 5 hours later solved it.

On April 2011, a VPS update was causing WebShield to report widespread viruses on random websites.  Was fixed 5 hours later with a new VPS update.

Again in March 2013 - Avast accidentally flagged Adobe Acrobat as a virus and killed the software for many users - fortunately a repair of the Acrobat software resolved it after a VPS update (3 hour response time).

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #93 on: May 07, 2015, 10:05:32 PM »
This is a disgrace and not something I expect from my anti virus software. This has created me untold work because I trusted Avast and means I have totally wasted my week trying to fix this rubbish. I truly find it unbelievable and it beggars belief how it got through your release management processes. Yours, a very disgruntled customer. If you put as much effort into ensuring this sort of thing doesn't happen as you have into scrambling the verification this would not happen, I am sure.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #94 on: May 07, 2015, 10:53:20 PM »
This is a disgrace and not something I expect from my anti virus software. This has created me untold work because I trusted Avast and means I have totally wasted my week trying to fix this rubbish. I truly find it unbelievable and it beggars belief how it got through your release management processes. Yours, a very disgruntled customer. If you put as much effort into ensuring this sort of thing doesn't happen as you have into scrambling the verification this would not happen, I am sure.
This doesn't happen often but unfortunately I don't know an AV that it hasn't happened to.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet


Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #96 on: May 07, 2015, 11:19:40 PM »
Panda had a big one some weeks ago

www.404techsupport.com/2015/03/panda-cloud-and-antivirus-false-positive-hits-hard/

www.theregister.co.uk/2015/03/11/panda_antivirus_update_self_pwn/
I don't think we need to rehash the occurrences.
It's bad enough when it happens and, as I said it's happened to all of them.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline kevrianate

  • Jr. Member
  • **
  • Posts: 25
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #97 on: May 08, 2015, 04:03:56 PM »
Has ANYBODY received a reply on any of their support tickets on this issue?  That is not settling well with me.

Edit: My bad, I did receive a "we are working on it" response but not a "we have fixed our screwup" response.
« Last Edit: May 08, 2015, 04:35:52 PM by kevrianate »

REDACTED

  • Guest
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #98 on: May 11, 2015, 02:00:47 AM »
It's not just one "bad" update. The last version of Avast 8.x family was stable, fast, had a good UI, wasn't filled with upsells and ads.

That's the version I used on mine, my father's and mother's computers.

Several weeks ago it flagged WS_FTP's DRM module on father's computer as a virus.

Then, more recently, it quarantined Opera browser and some other executables on mother's computer.

At about the same time, it flagged random NVidia driver DLLs on my computer as well.

I restored all files from quarantine and immediately got rid of Avast on all machines. This is planned obsolescence, a move to force us to upgrade to 9.x.

At first, I gave it a shot. Then I loaded the latest 9.x version and saw that it not only kept the messy and yet somehow function-reduced UI from earlier 9.x releases, but it's full of upsells and then an ad pulled out of system tray asking me to buy Avast...

And of course, on my sister's PC, which had "automatic program update" enabled, despite having an initially minimalistic install of 8.x, 9.x came along and installed "grime fighter" and all the other garbage.

That's not how upgrades are supposed to work.

Goodbye Avast, you were good while you were good. Now you joined the ranks of pretty much every other "free" antivirus which are, at best, "potentially unwanted programs" themselves.

« Last Edit: May 11, 2015, 02:08:53 AM by temporaldisturbance »

Offline Chad-bisd

  • Hopeful, yet discontent
  • Jr. Member
  • **
  • Posts: 49
    • Beckville ISD
Re: Win32:Kryptik-PFA [Trj] - False Positive ?
« Reply #99 on: May 11, 2015, 08:49:24 PM »
So far I've lost my lightspeed mobile filter and user agent as well as chrome.dll now.  It's taking out computers 1 by 1 now.  Originally thought this was the 150506-3 update, but now even 150511-0 update is killing stuff.