Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Avast false positives - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Avast false positives

We have received a number of reports of Avast Antivirus false positives (Thanks Ken, Don,  Luca & others).   With a recent update the Avast antivirus product have started identifying legitimate products as containing Win32-Dell-MZG.  The Avast forum is awash with some of the products that have been tagged, many of which are known to be good and have been functioning quite normally. 

The recommendation at the moment is to not reply delete or quarantine files as this may fry the product they belong to (a few readers are currently reinstalling applications).  As far as we know the files are consistently identified as Win32-Dell-MZG so if others pop up there is a fair chance that these are legit.

Mark 

Update

A new update was released fixing the issue.  091203-1.  If you haven't used your computer between 12:00am UTC and 5.50 am UTC, then you will receive the new update and you should be fine.  For those that were affected I recommend you keep an eye on the Avast blog http://forum.avast.com/index.php?topic=51647 as they are working on some how to's to help fix any issues. 

 

Mark

391 Posts
ISC Handler
Win32:Delf-MZG is the actual detection. It seems to be flagging files made with Delphi.
Anonymous
Glad to see you post this. ;-)

I experienced this and did some digging around. Word is that they have now released (another) update to correct these 'false positives'.

Problem VPS file database version was 091203.

So far it appears to be corrected with 091203-1 which is now available by auto-update which can be manually started by 'RIGHT CLICK' avast icon, go to 'Program Settings', 'Update (Basic)', click on 'Update Now...'
Anonymous

Sign Up for Free or Log In to start participating in the conversation!