False positive with Win32:Delf-MZG[Trj] for Spysweeper and Mamutu

Just a heads up…

Within seconds of the VPS completing a database update Avast immediately identified:

c:\program files\webroot\webrootsecurity\spysweeperui.exe
c:\program files\mamutu\a2handler.dll

as being the Win32:Delf-MZG[Trj] trojan…

Bearing in mind these are both programs that have been working just fine for quite some time, I feel pretty confident this is one of those rogue VPS updates that wasn’t quite as thorough as it might have been.

I just got the same by trying to update CA Yahoo Anti-Spy

I go the same with older “special” version of The Bat!. Few minutes after that I got the same alert about some html editor and PSpad text editor ???

Add to the Win32:Delf-MZG[Trj] False Positive List…

A-Squared Free

SpyBot Search and Destroy

SpywareDoctor.

Seriously, what’s up with this? ???

add e/pop professional (WiredRed) to the list.

I got the same thing with it updating the avast prog to the latest just a few minutes ago. All of a sudden pspad, skype-pm, wordweb, hardware audio program realtekhd and quite a few others.
ran mbab and sas and they didn’t report anything. When I was running mbab avast kept reporting errors and mbab said nothing was wrong.

the same critical FP in many programs and extensions. In my computer detect PowerArchiver as Delf:mzg

SpyBotSD, Realtek audio driver, MailWasher Pro, some Adobe components which I’ve been using for some years now. After all that long now detected as trojan even for the paid licensed ones ?!?
What da hell is going on ??? ??? ??? This is insane !!!

Add WeatherEye.dll from The Weather Network. Somethings messed up with the latest update me thinks. ???

Also add JingProject_nat.dll from Techsmith’s Jing Project screen capture program…

This is getting ugly fast…

Also add Cobian Backup 9.5.1.212 from CobianSoft and AutoExit For
Windows HomeServer(SengCore.dll) from ASoft.

The same here as well. After the update I got the warnings, and thinking it was legit I clicked on the option to put the virus in the chest. First it said access denied then it said it needed to scan after a re-boot. So I allowed it to re-boot. It scanned and scanned and scanned my system making it seem like a virus had run amok. When it finally finished I ended up with over 40 so-called infected files in the chest.

Webroots SpySweeper and IObit 360 Security are now toast. A scan with Malwarebyte’s, which was already installed, showed no problem. I figure MBAM wasn’t affected because it doesn’t update automatically or run in real time as SpySweeper and IObit do.

When I realized this had to be a false positive I tried restoring the files from the virus chest, but Avast would not cooperate. I highlighted each file one at a time and clicked restore but nothing happened. Judging from the postings in other forums this issue with Avast is wide-spread. I hope Avast will be able to post a solution on how to restore things back to they were. I for one cannot afford to take my PC in for repairs.

I have just experienced the same problem, but it looks as if a fix is out for this already. I just updated my iAVS and Program, and now it is not reporting any occurrances of DELF-MZG :smiley:

A new VPS update (091203-1) has been publihed. The false poitive detections seems to be gone now.

Add MediaMonkey (http://www.mediamonkey.com/) and USBSafelyRemove (http://safelyremove.com/) to that list.

I still have the standard shield paused cuz I just switched on my PC and it killed Spybot. I just tried to update and it says already up to date.

Guess I’ll wait…

I came online just before Midnight and my automatic AVAST update came up normally. There were no alerts. Did my normal work until I visited a forum where to find word about this trojan.

The poster reported this on Dec. 2, 8:17pm (MST) to anyone using AVAST there. After reading the warning, I disabled my AVAST (to be safe) until I knew a “repair” was made and came here. Sooooo, my update included the repair and missed being struck if I had gone online a few hours earlier.

Whew! Thanks to the AVAST team for working so quickly and getting the “fix” out.

It took me a few hours to get to this point, because Avast (or maybe I thought the virus) really slowed my system drastically when I tried to start “Edit Pad Lite”. So I let it scan and remove to chest…
…I made sure none of the files were critical. Some were installers for MySQL, Realtek drivers, even similar executables hidden in my System Restore points! Also a couple programs like EditPadLite, ImgBurn, and DevC++. (Also, I don’t have it, but people are reporting Avast thinks Spybot S&D is infected, too.)

Now I see it’s a false positive, but people on Yahoo! Answers are saying Avast will keep finding stuff over and over again, so go ahead and move reported files to chest, then restore them after the bug is fixed. Avast updated just before I logged in here, so all should be fine, I hope!

ShellyCat, just make sure that you re-scan each quarantined file, and restore it when it scans clean.
Do this earlier rather than later.

Yea, I got hit hard on this (well my wifes laptop did anyway) thought crap was hittin the fan. i couldnt even get her icons, start menu etc to load up when the computer was restarted. Had to go in safe mode and run anti virus programs there. i ran avast and sure enough, i had the Delf-MZG [Trj] showing up ALL OVER THE PLACE. i allowed it to restart and run a scan as it re-booted and it came up with about 70-some “infected files” once the scan was over the computer turned on and everything seemed to be back to normal except the files that were put into the quarantine needed to be scanned and restored after i performed the update.

everything seems to be okay now. (im assuming the files were restored? i clicked restore and it said it was successful but the files were still showing up in the quarantine.)

By the way, this website saved my life because I normally try to delete the infected files (at first it was in other anti-virus/ anti-malware programs) but then it showed in bigger files that i was not comfortable pressing the delete button… glad i didnt now. after surfing the web trying to find out what this “Delf-MZG [Trj]” is, i found this website and noticed a lot of people were saying to quarantine and re-scan after the update because of the false-positive. Thank you!!

While browsing in the beta board, I came across the threads about the false positives. I also noticed that Prague was midnight. So, I stopped the update of Avast! 5 and went to a family member’s room to do the same only to find the VPS had already been updated to 91203-0. Simply, I turned off Standard Shield. After the release of 91203-1, I turned it on.

Personally, I’m not surprised so many people are tempted to delete suspected files immediately rather than sending to the chest. In fact, that’s why I set Avast! 4.8 to automatically send them to the chest on my family member’s computer. I hope Alwil team will make Avast! 5 more user-friendly…I know I can configure it for the others but, after seeing so many people are not accustomed to how to deal with detection, I guess it would be suitable for them to do something with it…