The Channel logo


By | John Leyden 7th May 2015 11:26

F*cking DLL! Avast false positive trashes Windows code libraries

Avast there indeed, matey, wail admins as rogue guard dog savages their jugular

A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday.

Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially malign, crippling software installations in the process. More specifically, legitimate programs were classified as something called the "Kryptik-PFA" trojan, shuffled off to quarantine and blocked.

"We were affected with the removal of DLLs from TeamViewer rendering it useless, Corel, and MS XNA framework," one victim (Dan) told El Reg.

The security software maker confirmed the problem in response to our queries on the snafu, saying in a brief statement that the issue was limited to users running older versions of its security scanning software.

The false positives affected Avast users with older versions of Avast (5,6,7,8). The Avast virus lab quickly released an update which resolved the problem. Avast users affected by the faulty virus signature update should do an Engine & virus definition/Program update.

A thread on the issue on an official Avast support forum can be found here and here. Reg reader Phil added:

"We got out of this relatively unscathed as we hit the forums early and told people not to reboot, seems others not so lucky".

False positives are a well known problem with anti-virus scanners that have affected all vendors from time to time down the years. Even though testing procedures have been improved, mistakes still occur: mostly because the volume of signature definition updates has shot through the roof over the last decade in parallel with the boom in Windows malware.

Anti-virus false alarms cause the greatest problems where system files are falsely flagged as malicious and quarantined. That leaves you with systems that don't boot. The latest anti-virus update snafu from Avast is not as bad as some, but still hugely inconvenient to anyone caught up in the cross fire. ®

comment icon Read 18 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe