False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu

[VikingBabe]

I came online just before Midnight and my automatic AVAST update came up normally. There were no alerts.  Did my normal work until I visited a forum where to find word about this trojan.

The poster reported this on Dec. 2, 8:17pm (MST) to anyone using AVAST there.   After reading the warning, I disabled my AVAST (to be safe) until I knew a "repair" was made and came here.  Sooooo, my update included the repair and  missed being struck if I had gone online a few hours earlier.

Whew!  Thanks to the AVAST team for working so quickly and getting the "fix" out.

[ShellyCat]

I have just experienced the same problem, but it looks as if a fix is out for this already. I just updated my iAVS and Program, and now it is not reporting any occurrances of DELF-MZG  

It took me a few hours to get to this point, because Avast (or maybe I thought the virus) really slowed my system drastically when I tried to start "Edit Pad Lite". So I let it scan and remove to chest...
...I made sure none of the files were critical. Some were installers for MySQL, Realtek drivers, even similar executables hidden in my System Restore points! Also a couple programs like EditPadLite, ImgBurn, and DevC++. (Also, I don't have it, but people are reporting Avast thinks Spybot S&D is infected, too.)

Now I see it's a false positive, but people on Yahoo! Answers are saying Avast will keep finding stuff over and over again, so go ahead and move reported files to chest, then restore them after the bug is fixed. Avast updated just before I logged in here, so all should be fine, I hope!

[Tarq57]

ShellyCat, just make sure that you re-scan each quarantined file, and restore it when it scans clean.
Do this earlier rather than later.

[SteelerFan]

Yea, I got hit hard on this (well my wifes laptop did anyway) thought crap was hittin the fan. i couldnt even get her icons, start menu etc to load up when the computer was restarted. Had to go in safe mode and run anti virus programs there. i ran avast and sure enough, i had the Delf-MZG [Trj] showing up ALL OVER THE PLACE. i allowed it to restart and run a scan as it re-booted and it came up with about 70-some "infected files" once the scan was over the computer turned on and everything seemed to be back to normal except the files that were put into the quarantine needed to be scanned and restored after i performed the update.

everything seems to be okay now. (im assuming the files were restored? i clicked restore and it said it was successful but the files were still showing up in the quarantine.)

By the way, this website saved my life because I normally try to delete the infected files (at first it was in other anti-virus/ anti-malware programs) but then it showed in bigger files that i was not comfortable pressing the delete button... glad i didnt now. after surfing the web trying to find out what this "Delf-MZG [Trj]" is, i found this website and noticed a lot of people were saying to quarantine and re-scan after the update because of the false-positive.    Thank you!!

[Sesame]

While browsing in the beta board, I came across the threads about the false positives.  I also noticed that Prague was midnight.  So, I stopped the update of Avast! 5 and went to a family member's room to do the same only to find the VPS had already been updated to 91203-0.  Simply, I turned off Standard Shield.  After the release of 91203-1, I turned it on.

Personally, I'm not surprised so many people are tempted to delete suspected files immediately rather than sending to the chest.  In fact, that's why I set Avast! 4.8 to automatically send them to the chest on my family member's computer.  I hope Alwil team will make Avast! 5 more user-friendly...I know I can configure it for the others but, after seeing so many people are not accustomed to how to deal with detection, I guess it would be suitable for them to do something with it...

[SteelerFan]

While browsing in the beta board, I came across the threads about the false positives.  I also noticed that Prague was midnight.  So, I stopped the update of Avast! 5 and went to a family member's room to do the same only to find the VPS had already been updated to 91203-0.  Simply, I turned off Standard Shield.  After the release of 91203-1, I turned it on.

Personally, I'm not surprised so many people are tempted to delete suspected files immediately rather than sending to the chest.  In fact, that's why I set Avast! 4.8 to automatically send them to the chest on my family member's computer.  I hope Alwil team will make Avast! 5 more user-friendly...I know I can configure it for the others but, after seeing so many people are not accustomed to how to deal with detection, I guess it would be suitable for them to do something with it...

yea, i gotta admit, i was really nervous when it repeatedly came up saying that there was a Trojan. no matter what i hit when the warning screen came up, it would just come up again and again. thats when all he11 broke lose and stuff wouldn't respond and i couldnt get anything to cooperate. I tried to reboot the computer and all the stuff happened that i said above. I didnt know what the heck was going on.

[shae_32]

I have to agree with you Rumpel. Please, please make the next version of Avast auto-quarantine and see if there's a way to let us know what file it is, I mean what software it's associated with. (If that made sense. Kindsa early here in TX. LOL)

Anyway, am glad I didn't have any major disasters from this, but lesson learned well.

[SteelerFan]

Im pretty new to using Avast! what is supposed to happen once you restore the files in the "infected" section of the chest? will they stay in there or are they supposed to empty off the list?

just wanna make sure that it did what its supposed to do. thanks for any help!


UPDATE... found the answer to my own question... http://forum.avast.com/index.php?topic=51643.msg436955#msg436955

[Tarq57]

Cool. well done. Once you are confident they have been restored, they can be deleted from the chest.
Only process the "infected" section of the chest.

[SteelerFan]

Yep, thanks! I'm glad this website exists...

Also, this may be unrelated but when i tried to shut down, it couldnt do it the whole way. I have XP and when it got to the blue screen where it has the Windows XP "Shutting Down..." it just kinda got stuck there. is that something that maybe may have been messed up?
i did a hard re-boot ( i think thats what its called) and everything loads up okay. Just can't do the shut down properly.

[ret]

I have the same problem with windows not closing or even going to screensaver.   According to the bright red warning notice at the top the coders will have a fix for this hopefully.

ret

[Tarq57]

How long are you guys leaving it before trying a power off?
Try leaving it at least two minutes.

[ret]

In answer to your how long did I leave it I can tell you it had been in the shutdown mode for 9 hours before I unplugged it.  I have since done a disk error check with no results.  I have now set the screensaver to 1 minute and the desktop sidebar is flashing occasionally but the screensaver fails to activate.   What pisses me off is this pc does not have a xp disk, but instead a partitioned hard drive with xp on it and no way to reload missing files that I am aware of.


Just an update.   Did a restore point and now the pc shuts off and restarts normally.  Still cannot get the screensaver to activate.   More reading to be done.

Last update.   Got things running normally again.   Selected another theme for screensaver and it is working find.   Still somebody at Avast needs a kick in the pants.

[SteelerFan]

How long are you guys leaving it before trying a power off?
Try leaving it at least two minutes.

well the first time it got stuck for about 5 minutes. i did the hard re-boot (?) and then it shut down fine the second time i tried (although it still took longer than usual)

[websnail]

Well that was "fun"

Seems I wasn't completely mad then after all...

My system needed a restore point to 2 days back to sort it out as it borked my network settings thanks to some behind the scenes settings I'd included to take care of things without bothering to tell me... Lesson learned there!