Numerous Trojan warnings since last update.

[Mickey Way]

Well, for me, I was online when the offending update installed.  Then, when I went to shut down ( I always run TuneUp Utilities 2009 before turning off my computer) all the bells and whistles went off! Long story short...in addition to some program files, the boot scan detected many Windows system files as infected and the only option that would work was to delete the files (I could not "move to chest" nor "repair").  It turns out that deleting some of those files DID affect system operation.  System restore does not work now, so I am left with a complete OS re-install.  I am NOT happy about this.  Fortunately, my other computers were off-line when this occured.  I have set the rest of my computers to "manual update" for now until this whole mess is long behind us.

(No reply to this post is required or invited.  I'm just venting because now I have to take a day to completely restore what WAS a perfectly running computer. I run Avast, MBAM, and Super Anti-Spyware routinely, and the chances of real trojans on my equipment is VERY slim.  Anyone posting comments about me having real threats will be claiming that none of theses defense programs actually work.)

[vhunter]

Hi,
maybe there is/was running some scan on background, so the VPS didn't updated.

Milos

No, VPS updated ok, because most of files that have warnings before, begin to work ok after update.
But some file was still warnings about Zbot-MKK, because of old 091203-0 update. I solved it be reinstall AVAST and update it again, now all work fine.       

[Vlk]

(No reply to this post is required or invited.  I'm just venting because now I have to take a day to completely restore what WAS a perfectly running computer. I run Avast, MBAM, and Super Anti-Spyware routinely, and the chances of real trojans on my equipment is VERY slim.  Anyone posting comments about me having real threats will be claiming that none of theses defense programs actually work.)

Hi Mickey,

thanks for your post. Till now, we thought the problem didn't affect any Microsoft (operating system) files. But you're saying otherwise. Do you still have the avast logs? It would be very interesting to look at these.

They are located in the <avast>\data\log directory (usually in C:\program files\alwil software\avast4).


Thanks much
Vlk

[Beeb]

I have a warning about a Trojan that I haven't seen listed here yet. It is called NWMultiTouch.dll. From what I can tell it is from a Registry Booster program I installed from Uniblue. Unfortunately I count on Avast to keep things straight for me. I've used Avast for years and think it is the best program available for protection. This is the first time I've ever had a question about something it has detected. I cannot find any information about the above .dll file being a malicious file. I am running the most current update from Avast of 091203-1.

edit: I guess I should mention I am running Windows 7 home premium, if that makes a difference?

[Ximinez]

avast!, don't let this happen again ... I will seriously reconsider using this antivirus software.

To be honest, I originally agreed with "Forward ...". I still remember the last major false positive issue with LogMeIn 2 years ago (Nov 2007), but was able to forgive avast for its over-zealousness. However, this latest FP represented a STRIKE 2 (in baseball lingo). Not good.

Now, I have really enjoyed using and promoting avast since March 2005 and I was not looking forward to a STRIKE 3 because I thought I would have to look elsewhere.

Just to be fair to avast, I was curioius to know if false positives occurred "elsewhere" too, since "the grass is not always greener on the other side" as the expression goes.

What I found was (I must admit) quite surprising. Several of the BIG 10 anti-virus applications also have their share of FP problems:

AVG: http://www.google.ca/search?q=site:forums.avg.com+false+positive
Norton Internet Security: http://www.google.ca/search?q=site:community.norton.com+false+positive
Avira AntiVir: http://www.google.ca/search?q=site:forum.avira.com+false+positive
McAfee: http://www.google.ca/search?q=site:community.mcafee.com+false+positive
Kaspersky: http://www.google.ca/search?q=site:forum.kaspersky.com+false+positive
Panda: http://www.google.ca/search?q=site:support.pandasecurity.com+false+positive
BitDefender: http://forum.bitdefender.com/index.php?showforum=138
Eset Nod32: http://www.wilderssecurity.com/search.php?searchid=3265226

The take-away lesson here is that FP's are going to happen regardless of the security product.

I remain confident that ALWIL does its best not to release VPS signatures that will create the type of havoc this last one did. The developers aren't stupid ... they don't want to lose any users to stuff like this. So, I guess we users can be confident knowing that this VPS serves as a reminder that ALWIL must remain vigilant that their updates don't go untested before going into wide release.

Thanks ALWIL for providing me and my friends with years of great AV support. I still think your app rocks ... just as I did back in 2005.

Keep doing what you do because you do it well ...!!

[Milos]

I have a warning about a Trojan that I haven't seen listed here yet. It is called NWMultiTouch.dll. From what I can tell it is from a Registry Booster program I installed from Uniblue. Unfortunately I count on Avast to keep things straight for me. I've used Avast for years and think it is the best program available for protection. This is the first time I've ever had a question about something it has detected. I cannot find any information about the above .dll file being a malicious file. I am running the most current update from Avast of 091203-1.

edit: I guess I should mention I am running Windows 7 home premium, if that makes a difference?

Hello,
you can send us (virus@avast.com) the file to analyze, Put "false positive" to mail subject.

Thank you,
Milos

[t.goswami]

avast!, don't let this happen again. I lost several program files to deletion, since the 'move to chest' function stopped working. I've spent ages repairing all of the damaged programs. I will seriously reconsider using this antivirus software.

                                                                                                                                                                                 same thing to me,i have just started using avast...and iam damn scared to continue with it..how can avast be so careless after so many years of goodwill?                

[drw]

I was also hit by the false positives.

For me, it caused me to NOT be able to go online for some reason. I was finally able to get back online and get my AVAST updated.

I accidentally deleted the supposed infected file- it was a dll- ezsvc7.dll

Anyone know what this file is or what its purpose is???

[Karmel83]

Hello, I have also deleted 19 files. Please let me know how to add them back.

Thanks in advance

God Bless

Karmel

[REDACTED]

This link was posted in the official statement to restore virus chested files;

http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=376

Also, to those having warnings of other viruses. Download and run another anti-virus and scan the files

[bran34]

The odd thing about the FP is, I was gaming during the time (it was an MMO using ahnlab hackshield) and after about 10 alerts from avast! it came up saying it had been effected by a speedhack and was shutting down.. so I had literally no reason to think it was a FP...Deleted most of the files stated in the warnings.

[Beeb]

I have a warning about a Trojan that I haven't seen listed here yet. It is called NWMultiTouch.dll. From what I can tell it is from a Registry Booster program I installed from Uniblue. Unfortunately I count on Avast to keep things straight for me. I've used Avast for years and think it is the best program available for protection. This is the first time I've ever had a question about something it has detected. I cannot find any information about the above .dll file being a malicious file. I am running the most current update from Avast of 091203-1.

edit: I guess I should mention I am running Windows 7 home premium, if that makes a difference?

Hello,
you can send us (virus@avast.com) the file to analyze, Put "false positive" to mail subject.

Thank you,
Milos

I have now sent the log as you requested Milos. It seems my machine is running fine. I was incorrect in what I thought the file was from though. After looking at the log again it appears to be a DellDock file. In any case I've sent the log as you requested. Thank you for posting Milos. It is good to know someone is listening.

[Forward Unto Dawn]

Hello, I have also deleted 19 files. Please let me know how to add them back.

Thanks in advance

God Bless

Karmel

You can identify what files were deleted in the logs. If they were program files, you'll have to reinstall/repair the affected programs.

[Ugamark]

Even bigger problem--The fix does not work for me because 1) my Avast freezes when I try to open it and 2) Avast didn't give me the option of quarantining the "infected" file (now known to have been a false-positive) into the virus chest - it only allowed me to delete the file.

So I can't restore a file that was completely deleted and not quarantined (is360mon.dll, from IOBit Security 360), and I can't run a program that no longer works (Avast).  Which means I cannot install the VPS update.

Now, like many here, half of my programs don't run, and Windows freezes when I try anything (even, sadly, trying to burn files onto a CD causes my computer to freeze up).  Reverting to a prior Vista restore point doesn't work, and attempting to repair the boot up, both done throught he Vista CD, doesn't work.

What now?

[Tarq57]

Ugamark,
Was the IOBit file the only one deleted? Was anything else quarantined?

If the answers to the above are "yes" and "no", (respectively) see if IOBit security can be uninstalled then re-installed.

I have a strong suspicion there was more deleted or quarantined than you are saying, due to the Avast "freezing" you report.
Was any other AV installed before Avast? (Or installed now, even if inactive)?

Did the restore actually work but fail to fix the problem, or simply fail to work? (System restore was unable to ...)