Follow-up instructions for “False positive issue with virus defs 110411-1″

Dear avast! users,

As you may know, on 11 April 2011, virus definition update 110411-1 contained an error that resulted in a high number of ‘false positives’ – that is, clean websites or files being flagged as ‘infected’.

Our virus lab staff discovered the problem quickly, took precautions to stop more users from getting the wrong update and, about 45 minutes after the initial update, released a fix (update 110411-2).

About 4% of our user base was affected.

Although false positives are a fact of life, we sincerely apologize for any inconvenience caused to our community. If you were among those affected by the bad update, after updating with a current virus definition file (as of this writing, update 110412-0), you should next:

1. Open the avast! program
2. Select “Maintenance”
3. Select “Virus Chest”
4. Sort by time moved to Chest
5. Select files you wish to restore
6. Right-click and select “Restore”

After the file restoral, copies of the files will remain in the Virus Chest.

We hope these steps will alleviate any confusion, but should anyone need further support, please visit avast.com/support

Sincerely,

AVAST Software

PS - You may also find this on an avast! Blog post, which describes the same steps as above: https://blog.avast.com/2011/04/12/follow-up-instructions-for-false-positive-issue-with-virus-defs-110411-1/

PPS - MAJOR THANKS to our avast! Forum Evangelists and other contributors who helped us with tech support, etc.

I think you should be pacifying us with bottles of wine, grrr!

However, you have such a good forum here with people who are otherwise always so helpful so i’ll forgive you!

5. Select files you wish to restore

When you say select files I wish to restore, how do I know which ones these will be or will it be all of them?

You can e.g. sort them by “transfer time” (i.e. by the time they were moved to the Chest) and select all files that got there yesterday.

Ok cheers

Well you don’t want to restore files that were in the chest already and only those which were detected in this incident.

You can order the files in the chest by clicking on the relevant column heading, either the Transfer time or Virus column or Original location, this should make sure that only the correct files would be restored.

One other consideration is, why bother restoring any files back to the temp internet files folder, as temp files that would be absolutely pointless, only files outside of this location should be considered for restoration and then not old files in the chest. So you could order the files in the chest by clicking on the Original location and even delete all those from the temp internet files location directly from the chest.

You can select more than one file, see image example of some file samples I have in the chest and select Restore or Delete depending on what it is you want to do. Select the first file scroll to the last and Press the Shift key and hold, then click the last file in the sort by Transfer time, original location, etc...

That should greatly reduce the numbers you are talking about.

I’m lost David, sorry ??? So do I restore or just leave them?

There are literally thousands, there weren’t any in the chest before so I know they’re all from yesterday.

What’s best to do with them? I don’t like them hanging around in the chest >:(

You only Restore what you need, there is little point in restoring temp internet files as there is no great loss they are just the browser cache and would be replaced if you visited the sites again. So those could be deleted from the chest without problem, but there is nothing stopping you restoring them, that choice is entirely yours.

The ones that aren’t in temporary locations should be restored, but then you are into the filtering game of sorting the files in the chest so you know a) when they were transferred to the chest or b) what the original location was. This may appear complex, but it shouldn’t be that bad.

The main issue is not to restore anything prior to this incident that could be legitimate virus detections. Other than that you should be able to restore them all if that process would be quicker, I can’t decide that for you as I don’t know what you have in the chest.

Ok, makes sense.

The original location for all of them is Documents and settings\administrator\local settings\application data\macromedia\flashMx etc etc

I take it this isn’t a temporary internet file?

When I have tried to restore one of them to see what happens, I get an Overwrite message which says ‘you are trying to restore a file from the chest. The file already exists. Should the program overwrite the existing file?’ Options are overwrite, skips, overwrite all, skip all.

Should I skip if it already exists?

That isn’t a temp location so those should be restored. Personally I would overwrite all.