Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Avast's update crash Windows with false positive detection of Kryptik-PFA trojan  (Read 802 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday.

Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially malign, crippling software installations in the process. More specifically, legitimate programs were classified as something called the "Kryptik-PFA" trojan, shuffled off to quarantine and blocked.

"We were affected with the removal of DLLs from TeamViewer rendering it useless, Corel, and MS XNA framework," one victim (Dan) told El Reg.

The security software maker confirmed the problem in response to our queries on the snafu, saying in a brief statement that the issue was limited to users running older versions of its security scanning software.

The false positives affected Avast users with older versions of Avast (5,6,7,8). The Avast virus lab quickly released an update which resolved the problem. Avast users affected by the faulty virus signature update should do an Engine & virus definition/Program update.

A thread on the issue on an official Avast support forum can be found here: https://forum.avast.com/index.php?topic=170705.45 and here: https://forum.avast.com/index.php?topic=170709.0 Reg reader Phil added:

"We got out of this relatively unscathed as we hit the forums early and told people not to reboot, seems others not so lucky".

False positives are a well known problem with anti-virus scanners that have affected all vendors from time to time down the years. Even though testing procedures have been improved, mistakes still occur: mostly because the volume of signature definition updates has shot through the roof over the last decade in parallel with the boom in Windows malware.

Anti-virus false alarms cause the greatest problems where system files are falsely flagged as malicious and quarantined. That leaves you with systems that don't boot. The latest anti-virus update snafu from Avast is not as bad as some, but still hugely inconvenient to anyone caught up in the cross fire.

(ElReg)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising