dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
136972

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

1 edit

La Luna to onDvine

Premium Member

to onDvine

Re: False positive in Avast! or is it real?

OMG, I came home from work last night to numerous Avast warnings about Win32 Delf-MZG!!! I spent the whole evening doing boot scans! I came here briefly but missed this thread. I've been so upset, I thought my PC was borked, but I couldn't figure out how it happened when I wasn't even on the computer all day!!!

I lost sleep over this last night.

I'm going to have to reinstall a bunch of programs, Trojan Hunter, Spybot, Everest, I can't even remember them all. I panicked and told Avast to delete each thing as it popped up.
La Luna

La Luna to lilhurricane

Premium Member

to lilhurricane
said by lilhurricane:
said by pog4:

My recommendation, however, would have been to keep Avast installed with all providers turned off. IOW, no active scanning. This would prevent further damage and maximize the chance of coming out unscathed. Quarantined items can't be restored if the application that put them there is gone, after all.

I did did exactly that.
..then went to bed.

No issues here this morning and the latest update has corrected it.

They did a nice job, AFAIK in getting it resolved quickly.
So I should be able to reinstall my borked programs, right? When I tried to do that last night they kept getting hit with Avast. The new update should stop all that, right?

jabarnut
Light Years Away
Premium Member
join:2005-01-22
Galaxy M31

1 edit

jabarnut to MoniMoni

Premium Member

to MoniMoni
said by MoniMoni :

Would anyone happen to know of the false positives it found yesterday could potentially screw up one's internet connection? I was unaware of the false positives and ended up deleting them off of my computer (foolish mistake) and now it appears that I can't log on to the internet.
Absolutely...from what I've read in this thread, and some of the files that have been deleted, it could not only screw up your internet connection, but pretty much trash the entire OS.

Without specific information as to what files you deleted, I'm not sure what to suggest at the moment (Unless you have a backup of some sort, such as an imaging program...or perhaps try a system restore point?)
You might also check Device Manager and see what the status of you Network Card says.
said by SparkChaser:

I should have checked here when I first saw the worm. I ran it and left the house for a couple of hours. I came back to 600+ in the chest.
That's unbelievable.

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

La Luna to dloe

Premium Member

to dloe
said by dloe :

kmplayer was also flagged lol
That's another one I got.

I think the main problem was that a lot of people assumed they WERE somehow infected, not that it was an FP. Hence, allowing Avast to delete the suppossed baddies.

MoniMoni
@comcast.net

MoniMoni to jabarnut

Anon

to jabarnut
I just did a system restore right now to the day before all this happened and it appears that everything is in working order now. I can get online, get the new update, everything seems good! Thank you for the heads up though, if I make such a rash move again and my internet screws up, I'll definitely check the Netword Card. Didn't even think of that.

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

La Luna to jabarnut

Premium Member

to jabarnut
said by jabarnut:

Absolutely...from what I've read in this thread, and some of the files that have been deleted, it could not only screw up your internet connection, but pretty much trash the entire OS.

Wow. I'm just grateful I only have to reinstall some programs, which I will do over a few days. Some of them I rarely used, so they can wait.

Keizer
I'M Your Huckleberry
MVM
join:2003-01-20

2 recommendations

Keizer to onDvine

MVM

to onDvine
I just restored an image I created two days ago. I then let Avast update its virus data base from today and it's just like it never happened.

Guys, it's that simple to fix a disaster like this. With all the security software that you guys install on your systems, imaging software should be on the top of your list. It' security software for your security software!!

At least use the included imaging software in Vista and Win 7 minimum.

jabarnut
Light Years Away
Premium Member
join:2005-01-22
Galaxy M31

1 recommendation

jabarnut

Premium Member

I agree with Keizer completely...Imaging Software of some sort is something I'd never be without. (It's pretty much the first thing I install on any machine I own...or yes, the built in software in certain versions of Vista and Windows 7).
Get it and use it folks.

This thread is a great example of where "going back in time" can be a real lifesaver.

sbgreen
@verizon.net

sbgreen to onDvine

Anon

to onDvine
I am a pretty savvy Windows user and this false positive did real damage for me.

It puts up such a barrage of messages there is no time to think, just to try to cope with getting rid of the bad files.

As much as possible I tried to move the flagged files to the Chest, but after awhile it claimed the Chest was full and I was forced to start deleting.

Then it finally occurred to me to check with Avast.com to see if there was a problem. Nothing. Just a cheery home page about how great Avast is.

It is now about 12 hours later and there is the same cheery home page with no indication of a problem. Likewise on their Support page.

Yes, I can forgive human errors. But I find it very hard to forgive no acknowledgment of the problem. Worse, no explanation for how to undo the damage.

Has anybody seen a detailed explanation of how to repair the damage? In particular, to track what was deleted and how to restore them?

Doing Restore from the Chest does not seem to work in many or most cases. And the files stay in the Chest after they are supposedly restored.

Any constructive information would be appreciated.

Keizer
I'M Your Huckleberry
MVM
join:2003-01-20

2 edits

1 recommendation

Keizer

MVM

said by sbgreen :

Any constructive information would be appreciated.
Look here next time you need info on Avast.
»forum.avast.com/

I realize their forum was offline for awhile, but usually it's the place to go for immediate attention.

And news from their support center!
»support.avast.com/index. ··· leid=377

Anon name
@ikbcc.com

Anon name to onDvine

Anon

to onDvine
finally they fixed their screwup.

now they should start to send check for all users they screw.
I had to clean the mess for the last 24 hours, and reinstall a lot of things....
I 'd love to be reimbursed for my time, and all the programs they corrupted!

MarkAW
Barry White
Premium Member
join:2001-08-27
Canada

3 edits

1 recommendation

MarkAW

Premium Member

said by Anon name :

finally they fixed their screwup.

now they should start to send check for all users they screw.
I had to clean the mess for the last 24 hours, and reinstall a lot of things....
I 'd love to be reimbursed for my time, and all the programs they corrupted!
Why should they send you a check when it was your fault for letting the program remove something off of your computer that you knew was good. all you people complaining about how avast messed up your computers and removed stuff are the ones who did it to yourselves avast had nothing to do with it. All you guys had to do was click no action and nothing would have been removed from your systems, and another thing anyone who said avast removed stuff from their systems during reboot should blame themselves for that as well this update didn't call for a reboot of the system you are the ones who rebooted your systems on your own. God i wish people would look before they leap when i comes to stuff like this. Avast removes nothing from your systems unless you tell it to do so.

sbgreen
@verizon.net

sbgreen to Keizer

Anon

to Keizer
Thanks for the pointer. To me, in a major crisis like this I should expect to be able to go to the obvious places to see information. If not the home page, at least the Support page.

I was finally able to access the Forum and followed the link to »support.avast.com/index. ··· leid=376 which is about how to restore a False Positive file from the Chest.

This is really quite inadequate under the circumstances:

1) The directions are designed for "normal" false positives, not having to deal with hundreds at once.

2) The directions do not explain why the files remain in the Chest after they are "restored".

3) There is no explanation for why some files won't restore. I had a lot that simply refused to restore.

4) In this case, many people had to deal with deleting files because Avast was refusing to move files to the Chest. There is no explanation of what to do with those cases, or even to find out what was deleted.

Overall, it seems that Avast is not acknowledging how much harm they have done and have no appreciation for how much help is needed to undo the damage.

A single link to a standard procedure seems quite inadequate.

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

1 edit

La Luna to MarkAW

Premium Member

to MarkAW
I DID start out clicking "no action", but more just kept popping up. I then thought I was really infected. That's why a lot of people have to reinstall programs. It also tagged some "volume restore" and Windows .MSI installers.

The only blame here is Avast. They fixed it fairly quick, but the damage was already done. Luckily for me, it only involves reinstalling some programs. I'm just grateful that their screw up didn't trash my OS.

One little FP is one thing, this debacle was something else entirely.

edit: and I also got hit on my D:\ and H:\ storage drives.

MarkAW
Barry White
Premium Member
join:2001-08-27
Canada

1 edit

1 recommendation

MarkAW

Premium Member

said by La Luna:

I DID start out clicking "no action", but more just kept popping up. I then thought I was really infected. That's why a lot of people have to reinstall programs. It also tagged some "volume restore" and Windows .MSI installers.

The only blame here is Avast. They fixed it fairly quick, but the damage was already done. Luckily for me, it only involves reinstalling some programs. I'm just grateful that their screw up didn't trash my OS.

One little FP is one thing, this debacle was something else entirely.
Yesterday after the first update avast flagged every single program i had on my system all i kept doing was hit no action because i knew all the programs it was flagging were not trojans and after it finally stopped giving me pop ups my systems locked up. So i booted into safe mode deleted avast from off of my XP pro and was able to log back onto my system, came here saw the thread, posted, downloaded another AV, installed it onto my XP Pro system ran a scan all was fine and just waited it out with my other computers which still have avast install on them and i did not have to reinstall any thing it had flagged earlier.

Edit: avast is not to blame the user who allowed it to remove programs is to blame in my opinion.

karhu02
@sbcglobal.net

karhu02 to onDvine

Anon

to onDvine
I say "thank you, Avast" for the quick action. Unless you chose to delete files, there was absolutely no harm to yiour computer. all you have to do is "restore " the files in the chest.

Quit griping about a good program.

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

La Luna

Premium Member

said by karhu02 :

I say "thank you, Avast" for the quick action. Unless you chose to delete files, there was absolutely no harm to yiour computer. all you have to do is "restore " the files in the chest.

Quit griping about a good program.
That's not true, some users are reporting major problems, like Avast not allowing quarantined files to be reinstated.
La Luna

La Luna to MarkAW

Premium Member

to MarkAW
And how did you absolutely, without a doubt, know you weren't infected? I wasn't here to see this thread, I was gone all day and Avast warnings on my desktop was what greeted me when I walked in. I had no way of knowing then that this was their screw up.

MarkAW
Barry White
Premium Member
join:2001-08-27
Canada

1 edit

1 recommendation

MarkAW

Premium Member

Because my systems are all clean, i do regular scans i update the OS when it needs to be updated. I haven't had a virus on any of my systems in over 8 years.

Edit: Plus all of my systems have image backups that are created ones a month after update Tuesday and i know they are all clean images.

SparkChaser
Premium Member
join:2000-06-06
Downingtown, PA

2 recommendations

SparkChaser to Anon name

Premium Member

to Anon name
said by Anon name :

I 'd love to be reimbursed for my time, and all the programs they corrupted!
I figure they'll send me the same thing I sent them for the program.
zeppy1
join:2009-12-03
Louisville, KY

zeppy1 to onDvine

Member

to onDvine
HUGE PROBLEM !!!!! Espcially for those who dont know alot and think there is a virus.It started with kmplayer on my machince when tried to view a video I knew had nothing wrong with it. I only let it quarentine files at first but then I thought this is too many files something must be wrong so I tried the restore thing from the vault. Nothing moved from vault . It stayed. I uninstalled avast and reinstalled kmplayer and installed diff antivirus and all seems well now . Unless I run across another program that wont work :|.

Poor people who are totally newbies wont have a clue what to do tho. This is the instance where your antivirus becomes your virus !

SparkChaser
Premium Member
join:2000-06-06
Downingtown, PA

1 recommendation

SparkChaser to MarkAW

Premium Member

to MarkAW
said by MarkAW:

Because my systems are all clean, i do regular scans i update the OS when it needs to be updated. I haven't had a virus on any of my systems in over 8 years.
Your logic escapes me. If you know they are clean why do you do scans?

If you do scans. you suspect that they could be infected. If you don't believe the virus scanner then why do the scan.

MarkAW
Barry White
Premium Member
join:2001-08-27
Canada

1 edit

MarkAW

Premium Member

said by SparkChaser:
said by MarkAW:

Because my systems are all clean, i do regular scans i update the OS when it needs to be updated. I haven't had a virus on any of my systems in over 8 years.
Your logic escapes me. If you know they are clean why do you do scans?

If you do scans. you suspect that they could be infected. If you don't believe the virus scanner then why do the scan.
I do scans to make sure they are clean not because i suspect anything. If that's to hard for you to understand then to bad for you.

Diazruanova
Premium Member
join:2004-08-13
Mexico

2 recommendations

Diazruanova to MarkAW

Premium Member

to MarkAW
said by MarkAW:

Because my systems are all clean, i do regular scans i update the OS when it needs to be updated. I haven't had a virus on any of my systems in over 8 years.

Edit: Plus all of my systems have image backups that are created ones a month after update Tuesday and i know they are all clean images.
Good for you for being so careful, knowledgeable, smart and computer savvy, BUT there are almost 100,000,000 users worldwide who are not like you and many of those users got their PC´s screwed after avast´s HUGE mistake, so please try to look at the other´s point of view and maybe you´ll understand why are they ranting about this issue.

I totally agree that the problems that many users are reporting, about deleting files and loosing programs or even worse: PC´do not booting any more, are exclusively avast´s fault and no one else.

MarkAW
Barry White
Premium Member
join:2001-08-27
Canada

MarkAW

Premium Member

You are entitled to your opinion and so am i and my opinion is that avast didn't cause the problems people are reporting if people would look before they started click wildly then they wouldn't get into trouble.

antonandreas
@ptd.net

antonandreas to karhu02

Anon

to karhu02
said by karhu02 :

I say "thank you, Avast" for the quick action. Unless you chose to delete files, there was absolutely no harm to yiour computer. all you have to do is "restore " the files in the chest.

Quit griping about a good program.
I can say ditto! but...Avast DID, on its' own, stop my Spybot Search & Destroy from functioning real time. Inexcusable...I uninstalled Avast, installed another AV, ran a system scan & all is good. I cannot excuse Avast disabling other security programs on my systems. Good-Bye avast...no gripe intended!

SparkChaser
Premium Member
join:2000-06-06
Downingtown, PA

SparkChaser to MarkAW

Premium Member

to MarkAW
said by MarkAW:

I do scans to make sure they are clean not because i suspect anything. If that's to (too) hard for you to understand then to bad for you.
I won't lose sleep over it.

Santa Fe
BUT.....I Digress!

join:2000-08-22
Freight Yard

1 recommendation

Santa Fe to fatness

to fatness
said by fatness:
said by ironwalker:

335 readers 18 others typing...lol.
I saw it hit 402 readers last night.
Some of them were moved to the chest and we're trying to get them back.
Hehehe....that's it, I'm switching to Notebooksforum.com!
stoogle
join:2009-12-03
Wernersville, PA

stoogle to onDvine

Member

to onDvine
I have the same problem.. 147 files were detected as being the Win32Delf-MZG 091203-0 Trojan type Virus 12-03-09. There would have been more this was what was found when the scan was only at 9%.
»support.avast.com/index. ··· leid=377

Restore and extract does not work when I try to return the files from the chest. I don't know what else to do and I hope my comp. will be ok.
dyanne1020
join:2009-12-03
West Newton, PA

dyanne1020 to onDvine

Member

to onDvine
Ok, this happened to me last night, too.

I have been reading the forums and disabled the 'standard' shield. I tried to restore all of the files from the virus chest, but I'm not sure if it worked or not. Most are from programs that I have. There are 3 that worry me in the system files chest:

kernel32.dll
winsock.dll
wsock32.dll

It says that those can't be restored, because they are being used.

Today I updated again, and ran a scan. None of the Win32:Delf-MZG [Trj] popped up.

I just need to know if it is safe to reboot after updating? Or would it damage my OS because of those dll files?

This is so overwhelming..I am new to all of this.

tia