The Channel logo

News

By | John Leyden 7th May 2015 11:26

F*cking DLL! Avast false positive trashes Windows code libraries

Avast there indeed, matey, wail admins as rogue guard dog savages their jugular

A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday.

Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially malign, crippling software installations in the process. More specifically, legitimate programs were classified as something called the "Kryptik-PFA" trojan, shuffled off to quarantine and blocked.

"We were affected with the removal of DLLs from TeamViewer rendering it useless, Corel, and MS XNA framework," one victim (Dan) told El Reg.

The security software maker confirmed the problem in response to our queries on the snafu, saying in a brief statement that the issue was limited to users running older versions of its security scanning software.

The false positives affected Avast users with older versions of Avast (5,6,7,8). The Avast virus lab quickly released an update which resolved the problem. Avast users affected by the faulty virus signature update should do an Engine & virus definition/Program update.

A thread on the issue on an official Avast support forum can be found here and here. Reg reader Phil added:

"We got out of this relatively unscathed as we hit the forums early and told people not to reboot, seems others not so lucky".

False positives are a well known problem with anti-virus scanners that have affected all vendors from time to time down the years. Even though testing procedures have been improved, mistakes still occur: mostly because the volume of signature definition updates has shot through the roof over the last decade in parallel with the boom in Windows malware.

Anti-virus false alarms cause the greatest problems where system files are falsely flagged as malicious and quarantined. That leaves you with systems that don't boot. The latest anti-virus update snafu from Avast is not as bad as some, but still hugely inconvenient to anyone caught up in the cross fire. ®

comment icon Read 18 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

Locker room jocks photo via Shutterstock
Best locker-room strategy: Avoid emulating AWS directly
STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock