A misfiring signature update from anti-virus developer Avast triggered all sorts of problems on Wednesday.
Avast acted promptly by withdrawing the definition update but not before numerous users had fallen foul of the problem. The withdrawn update incorrectly labelled various libraries (dlls) on Windows PCs as potentially malign, crippling software installations in the process. More specifically, legitimate programs were classified as something called the "Kryptik-PFA" trojan, shuffled off to quarantine and blocked.
"We were affected with the removal of DLLs from TeamViewer rendering it useless, Corel, and MS XNA framework," one victim (Dan) told El Reg.
The security software maker confirmed the problem in response to our queries on the snafu, saying in a brief statement that the issue was limited to users running older versions of its security scanning software.
The false positives affected Avast users with older versions of Avast (5,6,7,8). The Avast virus lab quickly released an update which resolved the problem. Avast users affected by the faulty virus signature update should do an Engine & virus definition/Program update.
"We got out of this relatively unscathed as we hit the forums early and told people not to reboot, seems others not so lucky".
False positives are a well known problem with anti-virus scanners that have affected all vendors from time to time down the years. Even though testing procedures have been improved, mistakes still occur: mostly because the volume of signature definition updates has shot through the roof over the last decade in parallel with the boom in Windows malware.
Anti-virus false alarms cause the greatest problems where system files are falsely flagged as malicious and quarantined. That leaves you with systems that don't boot. The latest anti-virus update snafu from Avast is not as bad as some, but still hugely inconvenient to anyone caught up in the cross fire. ®