Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
2 Men Arrested After Teen Was Run Over For His iPad
Avast has a freak out, goes on a false positive spree
Earlier this morning, we received a tip from a developer that his office encountered a rather serious issue: Avast started detecting all binaries created with Delphi as malware - a gigantic problem if you happen to be developing Delphi apps in-house.
At first it looked like an isolated incident, but it now appears to be anything but. Avast's user forums [update] have been getting hammered for several hours by users experiencing the same thing - a rash of false positives following a recent definition update.
It's the same sort of SNAFU that went down a few months back with AVG -- which blackballed iTunes after an update. A second update quickly fixed the problem, and that will likely be the case with Avast as well.
If you use Avast and are experiencing this problem, it's wouldn't hurt to do a few manual update checks this morning to see if new bits have been made available.
update: a new .vps has been pushed, so manually update Avast if you're still having problems.
At first it looked like an isolated incident, but it now appears to be anything but. Avast's user forums [update] have been getting hammered for several hours by users experiencing the same thing - a rash of false positives following a recent definition update.
It's the same sort of SNAFU that went down a few months back with AVG -- which blackballed iTunes after an update. A second update quickly fixed the problem, and that will likely be the case with Avast as well.
If you use Avast and are experiencing this problem, it's wouldn't hurt to do a few manual update checks this morning to see if new bits have been made available.
update: a new .vps has been pushed, so manually update Avast if you're still having problems.
Comments
23
Subscribe to commentsGeirDec 3rd 2009 7:15AM
I've dropped both AVG and Avast on all computers I have touched, and switched to Microsoft Security Essentials. Haven't regretted it for a second, although I generally don't favor anything from Redmond....
MarkyB86Dec 3rd 2009 7:59AM
I install Avast on all of my clients pc's and use it at home on all of mine. It's really the best I've ever used.
Rocketboy_XDec 3rd 2009 9:20AM
This article seems to indicate otherwise.
MarkyB86Dec 3rd 2009 9:40AM
It has one error. How about symantec which has several. Everytime a client has that, It's usually whats wrong with their computer.
BenjieDec 3rd 2009 8:29AM
i also encountered it this day. My KM Player was also detected by Avast. It updated this afternoon and now, it don't detect it as a malware anymore. Maybe its better if they have put some ignore options whenever there's a false positive. That would have been a big help
SchwinnDec 3rd 2009 9:00AM
Does this affect the Avast5 beta (as pictured) or the older Avast 4.8 as well?
Major4PlayDec 3rd 2009 9:40AM
Something tells me if you add up all the Delphi developers in the world and subtract the amount who are not using Avast leaves you with a very small amount of people, especially considering your headline "goes on a false positive spree" Thats quite a "spree" none of the 3 machines I own running it have had any problems at all and even if i did Avast fixed this in a couple of hours.
MarkyB86Dec 3rd 2009 9:47AM
+1 amen brother
CDec 3rd 2009 11:08AM
Just because yours didn't get infected, doesn't mean millions of other people didn't get affected. I would say the author of this article definitely pinned the term correctly as a "spree" because it seriously was calling out all sorts of programs constantly as a trojan. That is a spree if it is calling out tons of false positives for no reason. Also, if you read the forums that was posted OUTSIDE of Avast's forum and on Avast's forums, there were many cases of users not knowing what to do because their computer was detecting so many false positives.
hazardDec 3rd 2009 6:07PM
FYI Delphi is a popular dev tool in financial sector, then there's Skype on Windows and there's probably one or two apps in this list that many people have used ..
http://delphi.wikia.com/wiki/Good_Quality_Applications_Built_With_Delphi
This ended up not being a problem for most in the US as it was patched around 6am Pacific Time but caused havoc in places like Australia.
chrisarozDec 3rd 2009 9:43AM
I thought that may be the case when Skype became a virus this morning.
JohnDec 3rd 2009 10:19AM
I wasted 2 hours this morning trying to fix a laptop that would only boot as far as showing the wallpaper with icons. Was able to stop the explorer task and restart it to get a 'crippled' desktop up. System restores didn't help. Uninstalling Avast solved the problem. Sad as I've been using Avast for years without issues, but an issue of this magnitude really takes me back to the saying..."You get what you pay for".
Lee MathewsDec 3rd 2009 10:20AM
MSE is good when your definitions are up to date. It's got no heuristics, though, so its ability to handle unknown malware is pretty limited.
MarkyB86Dec 3rd 2009 10:49AM
how much ram that thing got
er icDec 3rd 2009 10:21AM
Avast picked up a few things last night on my machine that were not infected, but I figured it was just a bad definition roll out since I knew all of the files it was tagging were old and had remained unchanged for quite some time. I have been toying with the idea of moving to MS Security Essentials when I move to Windows 7, mainly after I read through this:
http://www.lifehacker.com.au/2009/11/stop-paying-for-windows-security-microsofts-security-tools-are-good-enough/
Anyone have any details on how MS stacks up against Avast and AVG on detection/removal?
AndrewDec 3rd 2009 10:58AM
Yeah I was having trouble with Avast too yesterday, began having a ton of false positives with stuff. It blocked several programs including Steam. Was really annoying me because it does not have an ignore feature so I could not run the programs unless I turned off the residential scanners. Avast really needs an ignore feature.
erkme73Dec 3rd 2009 11:20AM
After a call from my dad who was chasing this ghost virus issue, I read up at DSLreports... I had the 091203-0 definitions but didn't have any alarms. So, I triggered a manual virus scan. During the memory test, it screamed at me four times. Each time I hit "do nothing" since I knew it was a false positive.
Then, unprompted, my computer shut down. No warning, nothing. It then booted into dos Avast, and started scanning. Without asking it started DELETING files it felt were infected. I quickly escaped out, and upon returning to Windows, I stopped the protection. My settings are all set to "ask what to do".
My dad's system wasn't as lucky. He's getting all sorts of "missing dll" errors. His windows directory is like Swiss cheese. Nothing short of an Acronis restore would help.
Calling this a simple 'mistake' or 'accident' I think is an understatement. If the program intentionally removes files, despite user options being set to prompt first, there seems to be some malice behind it.
markDec 3rd 2009 11:46AM
Avast f'ed my machine up 3 years ago, I'll never use it again. AVG is weak. Zone Alarm went downhill..
Avira is the one.
Unless you have the $$ for Sophos or Norton Corporate.
indigo_dreamDec 3rd 2009 12:31PM
Well, I don't program with Delphi, and I'm infected. I didn't think anyone programmed with Delphi anymore either, but after my AceFTP, Adobe Help, Neverwinter Nights and various restores files are came us as infected, there is obviously a large-scale problem,
44 files were tagged in the first 40% of the scan before I aborted. Thankfully, I "move to chest" rather than "delete".
Mighty QDec 3rd 2009 12:48PM
I had Win32:Delf-MZG false positive problems last night with Skype, IOBit Advanced System Care, Security 360, and Realtek sound applications. I deleted the 'infected files' as I thought my machine was under serious attack.
After a full drive scan it was picking up false positives in essential system files in C:/XP/SYSTEM32 folder.
Avast has messed up my PC more than a virus ever has!