If you are getting virus alerts please read! (Win32:Delf-MZG (Trj))

The recent avast! VPS update has a serious flaw inside it, various files are being marked as “Win32:Delf-MZG (Trj)”. Some of the common files being marked as this false positive include Skype and Spybot S&D.

Apart from marking various files as this virus, the new update brought a crippling threat to the windows operating system. Accounts are vague but some are reporting that the new update may hinder the windows operating system’s boot.If you have updated avast during the last 48 hours do not restart your computer!This is caused by avast scanning the starting files, during this process it will mark a file as hazardous and will not allow you proceed without aknowledgement, being that this is happening during the time in which windows loads there is no possable way to give aknowledgement to the program therefore putting the computer at a standstill.

Possable workarounds

  1. Besure to determine if your avast has been updated by finding your Spybot S&D folder and scaning the updater.

  2. Asuming that it detects it as the false positive, open up msconfig and uncheck avast scripts in the services tab and the startup tab.

2.1 Going to the avast settings (Right click on icon 4th down) then going to the trouble shooting tab.Finally check the second box"Delay of loading of avast" may also work

Or as I had to since it completely crippled my Email, Uninstall and now that I know, I’ll just have to sandbox EVERYTHING and wait for an update.

Really, this is bad… I am glad I was not inclined to reboot before I read this, now I’m glad I did uninstall as I know Pocomail is clean, avast would not even let me install it from a fresh download from the official site.

And can someone please make it so that when the “Hey I’ve just done something!” alert pipes up, there is a way to CLOSE it rather than wait 5 hours for it do drop back down, or open up a new window; gaming sucks with it, movies suck with it, intrusive “LOOK AT ME!” things just suck.

Ugh, I’m wearing no clothes without a AV at the moment, I feel naked.

Win32:Delf-MZG [Trj] on hundreds of files throughout my system!!!

This is an incredibly egregious error, Avast. I have suggested wholeheartedly and without hesitation that my friends and family convert to Avast and I am now red-faced in light of this immense screw-up. I am willing to stick with Avast as I have had many positive experiences with it in the past, but I MUST receive an e-mail acknowledging of the problem, that includes what specifically caused the problem, and how the issue will NOT BE REPEATED in the future. I need to assure all of my friends and family using Avast that the Avast is indeed safe, and frankly at this point my confidence is severely shaken.

Please explain what the heck happened and how this error will not be repeated in the future!!!

This is worst than a virus!
Avast just managed to delete most of my exe and dll before I could stop it. Now I have to reinstall everything…

Folks, before taking any radical action, update to the latest VPS version, then re-scan and restore any files in the chest.
Hopefully that will make the need to re-install programs unnecessary.

It’s indeed a big glitch. News of it is all over the web. I was mainly unable to use the forum, due to server load, and I bet I wasn’t the only one. Unfortunately what that meant is that a lot of the helpers with a bit above average knowledge might not have been available to help.

Some people have lost their OS. (Especially those who hit “delete” instead of "quarantine’'.) But some have computers that won’t boot, now. :-[
Let’s wait and see what the Avast folk have to say about it first, rather than starting a rant thread.

What could they possibly say that would make a rant unjustified?

Here is the official statement: http://forum.avast.com/index.php?topic=51647

Okay. Rant justified. One of the largest software f-ups I have ever seen.

Sure. Rant justified. If it makes you feel better. Can’t say I really blame you.
I think the largest one I ever saw was when Symantec issued an update that pretty much made all Chinese language versions of Windows unbootable.
Since a fair percentage of those installations were likely pirated, the jury is still out as to whether it was a good or a bad thing, IMO.

When I had all those false positives with the VPS update, Avast said I should restart and do a boot-time scan to stop other viruses. So when I rebooted, everything that was flagged I put in the chest. This included
System Volume Information_restore files and files with the original location as C:\WINDOWS\System32 and C:\WINDOWS\CREATOR. I’m afraid to reboot again and then have problems booting correctly. Besides restoring all the files that were put in the chest, is there something else I should do?

I’m not sure I’d say “Rant justified”, Everyone makes mistakes, It’s called being Human.

Please try restoring the files from the chest first.
Details here: http://forum.avast.com/index.php?topic=51643.msg436955#msg436955

I’d be inclined to hit f8 repeatedly during the bootup, and select “last known good” configuration. It’s a bit of a guess on my part, frankly, or use a system restore point for a time before Avast did that boot scan.

I did this and some files said “cannot be restored because the original location is not defined”

It’s just a mistake?

Sorry I just crushed your kid with my SUV. It was a mistake. It’s called being human.

A mistake is dropping a glass of milk. Destroying operating systems all over the world qualifies as something more than a mistake.

Rangersfan527, can you list the files "unable to be restored, if there aren’t too many?

The "System volume information " ones relate to system restore ponts. If they cannot be restored, you have (basically) lost system restore, until a new restore point is created. No great loss, if you can get Windows to boot OK.
Regarding “C:\WINDOWS\CREATOR”, how many of these files are there, and do they have names like “remind_XP.exe”? If so, it looks to me like that might not matter too much; appears to be a reminder to purchase software from the manufacturer of the computer. Which is probably HP?

I agree, rant justified! It should have been tested before release. I am one of the lucky ones, only a few programs broken. I’d be cursing avast to hell if I had to do a full restore from backup - its always nerve racking.

There really should be an offcial info on the main website in all of the supported languages - how do you think, how many people do know English well enough to find this forum, or even were enough computer-literate to not destroy their system accidentally? It is just too big thing to hide under the carpet. A lot of people have their PC almost 24/24h on, with auto updates, so they got hitted. Folks even are not sure if it is safe to reboot the system…
Personally I just feel sorry for all those people who took these alarms seriously and simply trusted Avast. I’ve recomended your software to tens of people, as a reliable substitute of paid ones (in at least two cases this converted to a paid version in small companies). You see, people do make mistakes, but in case of an organization, when troubles come it is important to watch how a crisis is handled. Am I angry? No, just think I will have to change antivir after trusting Avastfor 4-5years, unless Avast will not be afraid to take the responsibility, and just face all these angry people… You can post an info about millions of clients, or contest in a window while updating - why not push an information about this mistake there? So EVERYONE could see it.
Guys, I do have some experience in marketing/PR, you are doing business in a senstitive area, where trust is the basic factor (even more important than in case of financial institutions), so please do not mess it up. Take the blame, takethe hit, but save the reputation.

Hey guys, yeah the rant may be justified, but what’s the point sounding off right now?
Alwil aren’t going to try and sweep this under the carpet.
As has been said, it’s too big. People have lost their OS’s. Maybe thousands.

I’m confident there will be a full apology/report of what happened/audit etc published when they know it themselves.
How about holding off, at least til then?
I’ll bet they are being as hard on themselves as anyone else will be. And I’ll bet they know exactly how serious it is. At the moment, they are working on help guide/fixes for those affected, and no doubt analyzing the mistake/failure/what-ever-it-was. (No-one, at least outside the company, knows, yet.)
That would appear to be the correct priority to me.

When a plane crashes, months or even years elapse before the accident report is released.
But always there are those that are ready to blame the dead pilot even before the preliminary report is out, which usually takes 2-6 weeks.

Yes my computer is an HP.

The files unable to be restored shown by avast are:

C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swreg.exe
C:\Documents and Settings\All Users\Documents\network share\SmitfraudFix\swxcacls.exe
C:\hp\recovery\wizard\SWR_Wizard.exe
C:\WINDOWS\system32\swreg.exe
C:\WINDOWS\system32\swxcacls.exe
Also 3 System restore points.

The C:\WINDOWS\CREATOR file wasn’t listed as an error in restoring, so avast says it’s restored but the original file name was C:\WINDOWS\CREATOR\WNASPINT.DLL

As for the other files that avast said were restored, I don’t know if they really were. Would doing a system restore to say Tuesday be the best move?