Author Topic: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu  (Read 35705 times)

0 Members and 1 Guest are viewing this topic.

Offline websnail

  • Newbie
  • *
  • Posts: 7
Just a heads up...

Within seconds of the VPS completing a database update Avast immediately identified:

c:\program files\webroot\webrootsecurity\spysweeperui.exe
c:\program files\mamutu\a2handler.dll

as being the Win32:Delf-MZG[Trj] trojan...

Bearing in mind these are both programs that have been working just fine for quite some time, I feel pretty confident this is one of those rogue VPS updates that wasn't quite as thorough as it might have been.

Offline James_Fergason

  • Newbie
  • *
  • Posts: 1
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #1 on: December 03, 2009, 02:16:56 AM »
I just got the same by trying to update CA Yahoo Anti-Spy

Offline mrmxx

  • Newbie
  • *
  • Posts: 1
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #2 on: December 03, 2009, 02:38:52 AM »
I go the same with older "special" version of The Bat!. Few minutes after that I got the same alert about some html editor and PSpad text editor  ???

Offline smokethapimp

  • Full Member
  • ***
  • Posts: 133
  • Better to Shred, than to be Shred dead
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #3 on: December 03, 2009, 02:40:10 AM »
Add to the Win32:Delf-MZG[Trj] False Positive List.......

A-Squared Free

SpyBot Search and Destroy

SpywareDoctor.

Seriously, what's up with this? ???

Offline cjohnsen

  • Newbie
  • *
  • Posts: 3
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #4 on: December 03, 2009, 02:47:29 AM »
add e/pop professional (WiredRed) to the list.

Offline grynlar

  • Newbie
  • *
  • Posts: 6
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #5 on: December 03, 2009, 03:03:48 AM »
I got the same thing with it updating the avast prog to the latest just a few minutes ago. All of a sudden pspad, skype-pm, wordweb, hardware audio program realtekhd and quite a few others.
ran mbab and sas and they didn't report anything. When I was running mbab avast kept reporting errors and mbab said nothing was wrong.

llariel

  • Guest
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #6 on: December 03, 2009, 03:40:37 AM »
the same critical FP in many programs and extensions. In my computer detect PowerArchiver as Delf:mzg

Offline irwstetj

  • Newbie
  • *
  • Posts: 2
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #7 on: December 03, 2009, 04:01:09 AM »
SpyBotSD, Realtek audio driver, MailWasher Pro, some Adobe components which I've been using for some years now. After all that long now detected as trojan even for the paid licensed ones ?!?
What da hell is going on ??? ??? ??? This is insane !!!

Offline jellybean

  • Newbie
  • *
  • Posts: 1
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #8 on: December 03, 2009, 05:44:12 AM »
Add WeatherEye.dll from The Weather Network.  Somethings messed up with the latest update me thinks.  ???

Offline Bwana

  • Newbie
  • *
  • Posts: 1
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #9 on: December 03, 2009, 06:23:04 AM »
Also add JingProject_nat.dll from Techsmith's Jing Project screen capture program...

This is getting ugly fast...


Offline SeSkoAnd

  • Newbie
  • *
  • Posts: 2
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #10 on: December 03, 2009, 07:48:23 AM »
Also add Cobian Backup 9.5.1.212 from CobianSoft and AutoExit For
Windows HomeServer(SengCore.dll) from ASoft.

Offline Ziva

  • Newbie
  • *
  • Posts: 1
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #11 on: December 03, 2009, 07:52:13 AM »
The same here as well. After the update I got the warnings, and thinking it was legit I clicked on the option to put the virus in the chest. First it said access denied then it said it needed to scan after a re-boot. So I allowed it to re-boot. It scanned and scanned and scanned my system making it seem like a virus had run amok. When it finally finished I ended up with over 40 so-called infected files in the chest.

Webroots SpySweeper and IObit 360 Security are now toast. A scan with Malwarebyte's, which was already installed, showed no problem. I figure MBAM wasn't affected because it doesn't update automatically or run in real time as SpySweeper and IObit do.

When I realized this had to be a false positive I tried restoring the files from the virus chest, but Avast would not cooperate. I highlighted each file one at a time and clicked restore but nothing happened. Judging from the postings in other forums this issue with Avast is wide-spread. I hope Avast will be able to post a solution on how to restore things back to they were. I for one cannot afford to take my PC in for repairs.

Offline random_account

  • Newbie
  • *
  • Posts: 1
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #12 on: December 03, 2009, 07:58:53 AM »
I have just experienced the same problem, but it looks as if a fix is out for this already. I just updated my iAVS and Program, and now it is not reporting any occurrances of DELF-MZG  :D

Offline SeSkoAnd

  • Newbie
  • *
  • Posts: 2
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #13 on: December 03, 2009, 08:00:49 AM »
A new VPS update (091203-1) has been publihed. The false poitive detections seems to be gone now.

Offline honey88foru

  • Newbie
  • *
  • Posts: 1
Re: False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu
« Reply #14 on: December 03, 2009, 08:18:31 AM »
Add MediaMonkey (http://www.mediamonkey.com/) and USBSafelyRemove (http://safelyremove.com/) to that list.

I still have the standard shield paused cuz I just switched on my PC and it killed Spybot. I just tried to update and it says already up to date.

Guess I'll wait...