Author Topic: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))  (Read 45237 times)

0 Members and 1 Guest are viewing this topic.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #15 on: December 03, 2009, 10:36:16 AM »
Rangersfan527, can you list the files "unable to be restored, if there aren't too many?

The "System volume information " ones relate to system restore ponts. If they cannot be restored, you have (basically) lost system restore, until a new restore point is created. No great loss, if you can get Windows to boot OK.
Regarding "C:\WINDOWS\CREATOR", how many of these files are there, and do they have names like "remind_XP.exe"? If so, it looks to me like that might not matter too much; appears to be a reminder to purchase software from the manufacturer of the computer. Which is probably HP?
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline trenton24

  • Newbie
  • *
  • Posts: 1
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #16 on: December 03, 2009, 10:43:54 AM »
I agree, rant justified! It should have been tested before release. I am one of the lucky ones, only a few programs broken. I'd be cursing avast to hell if I had to do a full restore from backup - its always nerve racking.

Offline Frasier

  • Newbie
  • *
  • Posts: 7
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #17 on: December 03, 2009, 10:46:45 AM »
There really should be an offcial info on the main website in all of the supported languages - how do you think, how many people do know English well enough to find this forum, or even were enough computer-literate to not destroy their system accidentally? It is just too big thing to hide under the carpet. A lot of people have their PC almost 24/24h on, with auto updates, so they got hitted. Folks even are not sure if it is safe to reboot the system...
Personally I just feel sorry for all those people who took these alarms seriously and simply trusted Avast. I've recomended your software to tens of people, as a reliable substitute of paid ones (in at least two cases this converted to a paid version in small companies). You see, people do make mistakes, but in case of an organization, when troubles come it is important to watch how a crisis is handled. Am I angry? No, just think I will have to change antivir after trusting Avastfor 4-5years, unless Avast will not be afraid to take the responsibility, and just face all these angry people... You can post an info about millions of clients, or contest in a window while updating - why not push an information about this mistake there? So EVERYONE could see it.
Guys, I do have some experience in marketing/PR, you are doing business in a senstitive area, where trust is the basic factor (even more important than in case of financial institutions), so please do not mess it up. Take the blame, takethe hit, but save the reputation.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #18 on: December 03, 2009, 10:59:40 AM »
Hey guys, yeah the rant may be justified, but what's the point sounding off right now?
Alwil aren't going to try and sweep this under the carpet.
As has been said, it's too big. People have lost their OS's. Maybe thousands.

I'm confident there will be a full apology/report of what happened/audit etc published when they know it themselves.
How about holding off, at least til then?
I'll bet they are being as hard on themselves as anyone else will be. And I'll bet they know exactly how serious it is. At the moment, they are working on help guide/fixes for those affected, and no doubt analyzing the mistake/failure/what-ever-it-was. (No-one, at least outside the company, knows, yet.)
That would appear to be the correct priority to me.

When a plane crashes, months or even years elapse before the accident report is released.
But always there are those that are ready to blame the dead pilot even before the preliminary report is out, which usually takes 2-6 weeks.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline Rangersfan527

  • Newbie
  • *
  • Posts: 8
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #19 on: December 03, 2009, 11:30:41 AM »
Rangersfan527, can you list the files "unable to be restored, if there aren't too many?

The "System volume information " ones relate to system restore ponts. If they cannot be restored, you have (basically) lost system restore, until a new restore point is created. No great loss, if you can get Windows to boot OK.
Regarding "C:\WINDOWS\CREATOR", how many of these files are there, and do they have names like "remind_XP.exe"? If so, it looks to me like that might not matter too much; appears to be a reminder to purchase software from the manufacturer of the computer. Which is probably HP?

Yes my computer is an HP.

The files unable to be restored shown by avast are:

C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swreg.exe
C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swxcacls.exe
C:\hp\recovery\wizard\SWR_Wizard.exe
C:\WINDOWS\system32\swreg.exe
C:\WINDOWS\system32\swxcacls.exe
Also 3 System restore points.

The C:\WINDOWS\CREATOR file wasn't listed as an error in restoring, so avast says it's restored but the original file name was C:\WINDOWS\CREATOR\WNASPINT.DLL

As for the other files that avast said were restored, I don't know if they really were. Would doing a system restore to say Tuesday be the best move?

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #20 on: December 03, 2009, 11:34:32 AM »
What error message (or code) did you get for these files?
If at first you don't succeed, then skydiving's not for you.

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #21 on: December 03, 2009, 11:46:01 AM »
It's just a mistake?

Sorry I just crushed your kid with my SUV.  It was a mistake.  It's called being human.

A mistake is dropping a glass of milk.  Destroying operating systems all over the world qualifies as something more than a mistake.

Crumply, with all respect, do you have any question (e.g. need help fixing the mess caused by the buggy avast update) --or did you register on the forum just to rant?

We have assessed the situation and we believe that in the vast majority of cases, we can undo the mess (or at least advice how to do it).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #22 on: December 03, 2009, 11:47:33 AM »
Right.
You will have to re-install /re-download Smitfraudfix if you still need to use that program. (I think the version changes regularly, and it is best used under guidance.)
It probably will not work any more. Four files relate to it.

Of the remaining files, the HP recovery wizard is a worry. I haven't the foggiest how important it is, as a feature of your computer. Suspect that it can not be restored because the original location is part of the (normally) protected area of the disk, relating to the recovery console.
This may be important.
If you can extract/send to a folder, and wait for more expert input, that would be wise. You may have to get in touch with HP about this one.
Worst case scenario with not having it available, is that you go to restore factory settings, it won't be able to do so.

The system restore points are, likewise, in a protected area of the disk. You can probably consider them nuked.

I definitely would not use system restore at this point. It can not re-create files that are missing, (Such as the wizard for the recovery console.) but may do more harm than good, even if you can find a restore point that works. (We know that 3 of them won't.)

Is there any reason given for the inability to restore the hp wizard file? Original location not defined?

Best wait for more expert help, sorry. And do not delete those files from the chest. But at least your computer should be functioning normally?
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline Rangersfan527

  • Newbie
  • *
  • Posts: 8
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #23 on: December 03, 2009, 11:55:47 AM »
What error message (or code) did you get for these files?

FileID: 0000000044  Program cannot restore the following file, because the original location is not defined: C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swxcacls.exe
FileID: 0000000043  Program cannot restore the following file, because the original location is not defined: C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swreg.exe
FileID: 0000000057  Program cannot restore the following file, because the original location is not defined: C:\hp\recovery\wizard\SWR_Wizard.exe
FileID: 0000000138  Program cannot restore the following file, because the original location is not defined: C:\WINDOWS\system32\swxcacls.exe
FileID: 0000000137  Program cannot restore the following file, because the original location is not defined: C:\WINDOWS\system32\swreg.exe
FileID: 0000000113  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023644.exe
FileID: 0000000104  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023635.exe
FileID: 0000000094  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023625.exe

Offline jesydney

  • Newbie
  • *
  • Posts: 6
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #24 on: December 03, 2009, 11:56:36 AM »
 :'( :'(Avast, this is a extremely serious error but apology accepted. PLEASE, please do not do this again. It is annoying.

This is one of the reason that I DUMPED, anything from symantec. Please do not follow in their footsteps like Trendmicro, Bitdefender, CA and second worst of the lot Macafee.

Avast has been excellent for so many years. I've used Avast for so many years that I've lost count. I've told all my friends and family. Have also managed to disinfect their computers without resorting to reinstall winlows.

In Australia, its especially bad, time difference while avast sends out the update, we are awake and using the pc.

Fortunately, I just recently had Acronis take a full image of my system. BTW I do not keep my data files in the same drive. So I had to re-image back, take out the LAN connection to stop Avast from updating so I can tell Avast to stop autoupdate in the settings.

So AVAST please do an inhouse test before sending it to the update server.
 ;) Continue the good work tho'..

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #25 on: December 03, 2009, 11:59:49 AM »
What error message (or code) did you get for these files?

FileID: 0000000044  Program cannot restore the following file, because the original location is not defined: C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swxcacls.exe
FileID: 0000000043  Program cannot restore the following file, because the original location is not defined: C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swreg.exe
FileID: 0000000057  Program cannot restore the following file, because the original location is not defined: C:\hp\recovery\wizard\SWR_Wizard.exe
FileID: 0000000138  Program cannot restore the following file, because the original location is not defined: C:\WINDOWS\system32\swxcacls.exe
FileID: 0000000137  Program cannot restore the following file, because the original location is not defined: C:\WINDOWS\system32\swreg.exe
FileID: 0000000113  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023644.exe
FileID: 0000000104  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023635.exe
FileID: 0000000094  Program cannot restore the following file, because the original location is not defined: C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP376\A0023625.exe

Interesting. I'd recommend using the "Extract" feature (instead of "Restore") and put the files in their respective locations manually. At least for the files outside System Volume Information, it should work OK.

Now for the files in System Volume Information is may be a bigger problem because you won't have access rights to write to this location (only the SYSTEM account has them). But the files are not important anyway, unless you plan to do a system restore (in which case it wouldn't restore the three executables)..

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Jonathan - FrostHost.org

  • Newbie
  • *
  • Posts: 6
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #26 on: December 03, 2009, 12:03:52 PM »
Interesting, i had this alert on 2 of my games,

CrossFire and San Andreas multi-player.

Offline Tarq57

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3694
  • If at first you don’t succeed; call it version 1.0
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #27 on: December 03, 2009, 12:09:59 PM »
VLK,
How is RangersFan to know the original location for "C:\hp\recovery\wizard\SWR_Wizard.exe"? Is there a clear path available via Windows explorer to move this?
I was worried it might be a protected/read only area.
WindowsXP Home SP3,Avast Free 5.1.889,Windows Firewall, Autorun Eater,Firefox w/Noscript+ /Adblock+/Better Privacy, IE8 all zones except MS Update set to "untrusted" settings,MVPS Host file.SecuniaPSI.

Offline MSMStud

  • Newbie
  • *
  • Posts: 2
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #28 on: December 03, 2009, 12:25:00 PM »
Hey guys, yeah the rant may be justified, but what's the point sounding off right now?
Alwil aren't going to try and sweep this under the carpet.

Must...not...use...all caps...

The point is this is nowhere on the web EXCEPT on blogs and forums.

This needed to be on the front page of AVAST.COM hours ago.

At your job outrage might not be triggered by destroying others productivity, but at mine (and VLK's) readily acknowledging my error in a well-communicated fashion ASAP would be the respectable thing to do.

 >:(

Crumply, with all respect, do you have any question (e.g. need help fixing the mess caused by the buggy avast update) --or did you register on the forum just to rant?
:o
Indignance buffer engaged. Will purge in 10...9...8...
Thank you for being the sole PR on this, and perhaps the most courteous and attentive Avast/Alwill web presence. I recognize errors happen, and I am a leeching parasitic freebie user, so let me say I do not equate your error with murder/manslaughter.

Indignance overflow. Grab  a life-vest.
We recognize you have a choice in trolls and flamers, and appreciate your time. There are 20.5 moderators in line ahead of you. Your sanity will be addressed after we've spewed pea soup on all callers we perceive as vicariously accountable.

Furthermore, you blew up the world. And the moon.
« Last Edit: December 03, 2009, 12:44:47 PM by MSMStud »

Offline bggm

  • Newbie
  • *
  • Posts: 4
Re: If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))
« Reply #29 on: December 03, 2009, 12:26:34 PM »
I was always fond of Avast, and that mistake didn't make me lose trust in it - though it made me a little concerned. I hope nothing like that happens again, but there were dozens of ways to minimize and in my case nullify all damages (a little thinking doesn't hurt!).
All those who call for vengeance upon loosing many crucial programs or even OS - it is partly your fault as well. Anti-virus and anti-spyware programs are only of help for securing your computers against destruction, the most important thing is having common sense - why didn't you find it weird that suddenly all your files has the same infection all over the disk soon after av update? Do you think that there is a chance of you having one of the newest viruses all over the disk? Well, that could happen if you were to install/download/run programs that you don't know or trust(or visit certain dangerous sites), and if you run programs from unknown sources, that's your fault for having viruses. Of course I don't say that Alvil is not guilty, but a letter of apology and help with restoring lost files is sufficient enough, so refrain from hanging them by the necks for your lack of sense.