Filed under: Security
Avast has a freak out, goes on a false positive spree
Earlier this morning, we received a tip from a developer that his office encountered a rather serious issue: Avast started detecting all binaries created with Delphi as malware - a gigantic problem if you happen to be developing Delphi apps in-house.
At first it looked like an isolated incident, but it now appears to be anything but. Avast's user forums [update] have been getting hammered for several hours by users experiencing the same thing - a rash of false positives following a recent definition update.
It's the same sort of SNAFU that went down a few months back with AVG -- which blackballed iTunes after an update. A second update quickly fixed the problem, and that will likely be the case with Avast as well.
If you use Avast and are experiencing this problem, it's wouldn't hurt to do a few manual update checks this morning to see if new bits have been made available.
update: a new .vps has been pushed, so manually update Avast if you're still having problems.
At first it looked like an isolated incident, but it now appears to be anything but. Avast's user forums [update] have been getting hammered for several hours by users experiencing the same thing - a rash of false positives following a recent definition update.
It's the same sort of SNAFU that went down a few months back with AVG -- which blackballed iTunes after an update. A second update quickly fixed the problem, and that will likely be the case with Avast as well.
If you use Avast and are experiencing this problem, it's wouldn't hurt to do a few manual update checks this morning to see if new bits have been made available.
update: a new .vps has been pushed, so manually update Avast if you're still having problems.
The Illusionist's Dream is a simple platformer; you play as a magician who needs to get through each level by transforming into any number of animals that you encounter along the way.
Each animal can do different things; the butterfly can obviously fly, but if it encounters a frog, the frog eats it, and you have to start over again. There's also a fox that runs fast and leaps far, but it eats any rabbits that cross its path. That means that, if you may need to be a rabbit later on, you need to take that into account ...
Reader Comments (Page 1 of 2)
Geir said 7:15AM on 12-03-2009
I've dropped both AVG and Avast on all computers I have touched, and switched to Microsoft Security Essentials. Haven't regretted it for a second, although I generally don't favor anything from Redmond....
Reply
MarkyB86 said 7:59AM on 12-03-2009
I install Avast on all of my clients pc's and use it at home on all of mine. It's really the best I've ever used.
Reply
Rocketboy_X said 9:20AM on 12-03-2009
This article seems to indicate otherwise.
MarkyB86 said 9:40AM on 12-03-2009
It has one error. How about symantec which has several. Everytime a client has that, It's usually whats wrong with their computer.
Benjie said 8:29AM on 12-03-2009
i also encountered it this day. My KM Player was also detected by Avast. It updated this afternoon and now, it don't detect it as a malware anymore. Maybe its better if they have put some ignore options whenever there's a false positive. That would have been a big help
Reply
Schwinn said 9:00AM on 12-03-2009
Does this affect the Avast5 beta (as pictured) or the older Avast 4.8 as well?
Reply
Major4Play said 9:40AM on 12-03-2009
Something tells me if you add up all the Delphi developers in the world and subtract the amount who are not using Avast leaves you with a very small amount of people, especially considering your headline "goes on a false positive spree" Thats quite a "spree" none of the 3 machines I own running it have had any problems at all and even if i did Avast fixed this in a couple of hours.
Reply
MarkyB86 said 9:47AM on 12-03-2009
+1 amen brother
C said 11:08AM on 12-03-2009
Just because yours didn't get infected, doesn't mean millions of other people didn't get affected. I would say the author of this article definitely pinned the term correctly as a "spree" because it seriously was calling out all sorts of programs constantly as a trojan. That is a spree if it is calling out tons of false positives for no reason. Also, if you read the forums that was posted OUTSIDE of Avast's forum and on Avast's forums, there were many cases of users not knowing what to do because their computer was detecting so many false positives.
hazard said 6:07PM on 12-03-2009
FYI Delphi is a popular dev tool in financial sector, then there's Skype on Windows and there's probably one or two apps in this list that many people have used ..
http://delphi.wikia.com/wiki/Good_Quality_Applications_Built_With_Delphi
This ended up not being a problem for most in the US as it was patched around 6am Pacific Time but caused havoc in places like Australia.
chrisaroz said 9:43AM on 12-03-2009
I thought that may be the case when Skype became a virus this morning.
Reply
John said 10:19AM on 12-03-2009
I wasted 2 hours this morning trying to fix a laptop that would only boot as far as showing the wallpaper with icons. Was able to stop the explorer task and restart it to get a 'crippled' desktop up. System restores didn't help. Uninstalling Avast solved the problem. Sad as I've been using Avast for years without issues, but an issue of this magnitude really takes me back to the saying..."You get what you pay for".
Reply
Lee Mathews said 10:20AM on 12-03-2009
MSE is good when your definitions are up to date. It's got no heuristics, though, so its ability to handle unknown malware is pretty limited.
MarkyB86 said 10:49AM on 12-03-2009
how much ram that thing got
er ic said 10:21AM on 12-03-2009
Avast picked up a few things last night on my machine that were not infected, but I figured it was just a bad definition roll out since I knew all of the files it was tagging were old and had remained unchanged for quite some time. I have been toying with the idea of moving to MS Security Essentials when I move to Windows 7, mainly after I read through this:
http://www.lifehacker.com.au/2009/11/stop-paying-for-windows-security-microsofts-security-tools-are-good-enough/
Anyone have any details on how MS stacks up against Avast and AVG on detection/removal?
Reply
Andrew said 10:58AM on 12-03-2009
Yeah I was having trouble with Avast too yesterday, began having a ton of false positives with stuff. It blocked several programs including Steam. Was really annoying me because it does not have an ignore feature so I could not run the programs unless I turned off the residential scanners. Avast really needs an ignore feature.
Reply
erkme73 said 11:20AM on 12-03-2009
After a call from my dad who was chasing this ghost virus issue, I read up at DSLreports... I had the 091203-0 definitions but didn't have any alarms. So, I triggered a manual virus scan. During the memory test, it screamed at me four times. Each time I hit "do nothing" since I knew it was a false positive.
Then, unprompted, my computer shut down. No warning, nothing. It then booted into dos Avast, and started scanning. Without asking it started DELETING files it felt were infected. I quickly escaped out, and upon returning to Windows, I stopped the protection. My settings are all set to "ask what to do".
My dad's system wasn't as lucky. He's getting all sorts of "missing dll" errors. His windows directory is like Swiss cheese. Nothing short of an Acronis restore would help.
Calling this a simple 'mistake' or 'accident' I think is an understatement. If the program intentionally removes files, despite user options being set to prompt first, there seems to be some malice behind it.
Reply
mark said 11:46AM on 12-03-2009
Avast f'ed my machine up 3 years ago, I'll never use it again. AVG is weak. Zone Alarm went downhill..
Avira is the one.
Unless you have the $$ for Sophos or Norton Corporate.
Reply
indigo_dream said 12:31PM on 12-03-2009
Well, I don't program with Delphi, and I'm infected. I didn't think anyone programmed with Delphi anymore either, but after my AceFTP, Adobe Help, Neverwinter Nights and various restores files are came us as infected, there is obviously a large-scale problem,
44 files were tagged in the first 40% of the scan before I aborted. Thankfully, I "move to chest" rather than "delete".
Reply
Mighty Q said 12:48PM on 12-03-2009
I had Win32:Delf-MZG false positive problems last night with Skype, IOBit Advanced System Care, Security 360, and Realtek sound applications. I deleted the 'infected files' as I thought my machine was under serious attack.
After a full drive scan it was picking up false positives in essential system files in C:/XP/SYSTEM32 folder.
Avast has messed up my PC more than a virus ever has!
Reply