PDA

View Full Version : Avast false positives



Camaro
2009-12-03, 03:46
When I booted up my computer I attempted to do a Spybot S&D scan, when I opened it avast! popped up and said a trojan (Win32:Delf-MZG[trj]) was found in SpybotSD.exe. Ok, so I tried to open a different scanner, a squared free and same thing, a trojan (Win32:Delf-MZG[trj]). Avast recommended I do a boot scan and I noticed that same trojan was coming up in all my scanners and placing them in the quarantine chest. I stopped the avast! scan to prevent everything being placed in the chest and came here for help. :alien:

DavidiBaldwin
2009-12-03, 03:51
Avast is detecting viruses in everything including SpyBot and PSPad editor. The Avast Forum is starting to collect messages about it too.

Camaro
2009-12-03, 03:59
Avast is detecting viruses in everything including SpyBot and PSPad editor. The Avast Forum is starting to collect messages about it too.

^^I see that now, seems the problem is with Avast and not the other programs. I suppose it's just naming tons of false positives. Good thing I stopped the scan before my everything ended up in quarantine!

Selliott
2009-12-03, 04:13
So is it safe to ignore these alerts and report them to Avast as false positives?

AGGROxp
2009-12-03, 09:10
I'm not affiliated with Safer-Networking nor Avast but am a customer of both. However, Avast really screwed the pooch on this one... As of 12/03/09 CST, Avast Antivirus Database Update (VPS: 091203-0, 12/03/2009), is FUBAR. You would think Avast would have been a bit more proactive on rolling out updates.. It seems this update to the virus database for Avast Antivirus, is labeling everything related to Spybot, as a trojan (Win32:Delf-MZG). I've also been seeing threads popping up on other forums, that it's also labeling system files as trojans as well. In turn some users are deleting these files, which in turn are causing there systems to crash, hang and fail. For the meantime I would suggest not deleting any of the files that are legitimate resource files for Spybot or other programs you know to be safe. Safer Networking, you guys need to jump on board and start issuing statements before you start losing customers, as 95% of the alerts, are targeting spybot resource files and executables. CYA, as Avast is not being proactive in publicly adressing this...

tashi
2009-12-03, 09:40
Avast false positives.
http://isc.sans.org/diary.html?n&storyid=7681

AGGROxp
2009-12-03, 09:46
Avast has responded and issued a fix. Immediately update your iAVS from the previous version which has the issue: 091203-0, to the updated fix: 091203-1. Then update the program itself, from version: 4.8.1356, to the updated version: 4.8.1368. Restart your computer.

AGGROxp
2009-12-03, 10:39
Sorry for the multiposts... Just wanted to make sure people did NOT start deleting any files the resident scanner started labeling trojans. A friend of mine who I game with, just called me as he deleted a few dll's he shouldn't have and now has quite an issue on his hands.

Lavitakus
2009-12-03, 11:14
Just happened to me as well. There is a link on the bottom of the alert that allows you to report it to avast. Of course you will have to give the name of the program, maker and version- that being Spybot S&D. Immediatly after you send the report of a false positive, Avast auto repairs the issue. You will notice the update icon display in the notification area assuming that you have it set to do so during Avast update.

spybotsandra
2009-12-03, 11:35
Hello,

With Avast Antivirus Database Update (VPS: 091203-0, 12/03/2009) they detect our software Spybot - Search & Destroy and some of it's files as a trojan (Win32:Delf-MZG).

This is a false positive and it has already been fixed by Avast. Please update your Avast from the previous version which has the issue: 091203-0, to the updated fix: 091203-1. Then update the program itself, from version: 4.8.1356, to the updated version: 4.8.1368. Restart your computer.

That should fix it.

This has also been discussed in our forum (http://forums.spybot.info/showthread.php?p=349888#post349888) and in the Avast Forum (http://forum.avast.com/index.php?topic=51647.msg436938#msg436938).

To get back your Spybot:
Please uninstall Spybot - Search & Destroy according to the following link (http://www.safer-networking.org/en/howto/uninstall.html).
Then make a fresh install of Spybot - Search & Destroy 1.6.2.
You will find links to several download locations (http://www.safer-networking.org/en/mirrors/index.html) on our website.

Or choose the direct installation file (http://www.spybotupdates.com/files/spybotsd162.exe).

Best regards
Sandra
Team Spybot