Numerous Trojan warnings since last update.

Avast updated itself about 15 minutes ago and within two minutes began reporting many, many instances of Win32:Delf-MZG in many of my files, including those that had been on my computer for a very long time. I did a boot scan with instructions to move malware to the chest and before I knew it almost twenty files had been moved before I stopped the boot scan. Something seems very wrong here–can these all be false positives?

Latest VPS file (4091203-0) is detecting the following files as having Win32:Delf-MZG.
TUGZip\TzShell.dll
TUGZip\TzUpdate.exe
TUGZip\TzSFX.exe
TUGZip\TzScript.exe
TUGZip\TUGZip.exe
ACER eSettings\awcomm.dll
Spybot\SDHelper.dll
Spybot\UninsSrv.dll
Skype\Plugin Manager\skypePM.exe
… More?

Definitely looks like false positives. Needs to be fixed.

The same thing happened to me. Apparently Skype decided to turn bad on us.

Okay. Looks like this isn;t my computer. Too bad I moved that supposed trojan to the chest. It disabled my anti-spyware programs. Is there some way to reverse that? Worse comes to worse, I can just re-install them.

Lots of folks on DSLreports.com stating same thing. I had it claim speedfan, Anydvd and Alcohol120 all had exact same Malware (Win32:Delf-MZG[Trj])

Hopefully this will get fixed soon…

C:\Program Files\Skype\Plugin Manager\skypePM.exe

So I am not the only one with this problem, I suppose :stuck_out_tongue:

Many PCs in our office are also picking this up. We are actually a software development house and circumstantial evidence is pointing to some Delphi code being flagged as a virus.

All of the software we write is now being flagged as being infected by the Win32:Delp-MZG Trojan - this is obviously a BIG problem for us - I’ve advised our Tech Support team to be ready for an influx of calls.

Lee.

This problem has occurred before. It sucks. I know.

Spyware Doctor for me, but thats it.

Taking no action seems to be alright.

i have updated my avast home antivirus just few minutes ago on both my desktop and laptop computer running win xp pro and media version and after booting up avast have detected several scr and exe files (so many , including trusted files cybersitter,skype pm,speedmypc, renamemaster,searchandrecover files) having been infected by 2 trojans?? . :frowning:
win32.delf.mzg (trj)
win32.zbot.mkk (trj)
, i think this is false positive error from avast update dec 03, 2009.
please fix.:cry:
thanks

Hi there,

This happened with me too, after up to date this early morning and then avast detected some file at my windows and avast library file was infected by this variant trojan :

avast! [User]: File “C:\Program Files\Alwil Software\Avast5\redemption.dll” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “C:\Windows\Installer\6976fe.msi|>Product.CAB|>PluginManagerExe” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “C:\Windows\Installer\6976fe.msi|>Product.CAB|>PluginManagerUtils” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “C:\Windows\Installer\6976fe.msi|>Product.CAB|>PluginManagerExe” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “C:\Program Files\Skype\Plugin Manager\skypePM.exe” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

Some file has been quarantined by avast, but some file deleted by avast. ??? ???

Is it FP or real infected?
For quarantined files, i submit it already to avast with avast 5 features.

Avast detected KMplayer as a virus… come on!!! KM player is just a ovie player… i clicked on teh “not do anything” button, but it blocked the KMPLAYEr so i unninstalled it and when i tried to install it again i got like 10 virus alerts, and i didnt even clicked on anything i just closed them, but it is still blocked can’t seem to make it work. It also said that a screensaver was a trojan, come on it’s .SCR it’s not a trojan! can someone fix this?

Same issue here guys. It flagged files from Skype, Online Armor so far…I’ve been choosing 'Take no Action since it’s obvious they’re F/P’s. Just be sure and read the file name carefully before choosing ‘Take no action’.

Well it’s almost 10 PM Eastern time and Avast is still going crazy on programs I’ve used for years. Plus, getting this forum to appear on my screen as very difficult - takes forever to show up if it does at all.

Is a change in virus database being worked on?

Hi Vlk, Igor, Pavel,

Please do something, before everyone faced the same problem like me. All of my tools and even my system also application detected as Win32:Delf-MZG [Trj].

And mostly deleted by avast.

avast! [User]: File “D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\helper.dll” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\Update.exe|>[Armadillo]” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\Update.exe|>[Armadillo]” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\PCToolsAntiVirusExtension.dll” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\PCTAVHook.dll” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\avinstall.exe|>{app}\Upgrade.exe” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\hideipng.exe|>{app}\hideipng.exe” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\ophcrack-win32-installer-3.3.1.exe|>$INSTDIR\pwdump\servpw64.exe” is infected by “Win32:PUP-gen [PUP]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\SmitfraudFix.exe|>SmitfraudFix\dumphive.exe” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\SmitfraudFix.exe|>SmitfraudFix\swreg.exe|>[UPX]” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\SmitfraudFix.exe|>SmitfraudFix\swxcacls.exe|>[UPX]” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\X-Lite3_29712.exe|>{app}\eyeLook.dll” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\TrojanKiller\trojankiller-setup.exe|>{app}\trojankiller.exe” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\TrojanKiller\trojankiller-setup.exe|>{app}\checkfile.exe” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

avast! [User]: File “D:\Yanto\Utilities\Aplications\Trojan Remover\trjsetup681.exe|>{app}\Rmvtrjan.exe|>[Armadillo]” is infected by “Win32:Delf-MZG [Trj]” virus.
“%3” task used
Version of current VPS file is 091203-0, 12/03/2009

And many more…what is going wrong guys…i need to unstinstall avast here…

Same here with SpySweeper running VPS version “091203-0, 12/03/2009”.

The following files were flagged under the following 4 Webroot sub-folders:

[b]C:\Program Files\Webroot\Spy Sweeper[/b]
ClientHelper.dll
Core.msi
language.dll
lockbox.dll
SafeSweeper.exe
SpySweeperUI.exe
SSCtxMnu.dll
VersionInfo.dll
ziptv06.dll

[b]C:\Program Files\Webroot\Spy Sweeper\Cleanup[/b]
CtxCleanup.exe
WashEngine.exe
WcCtxMnu.dll

[b]C:\Program Files\Webroot\Spy Sweeper\Core.msi\Data1.cab[/b]
lockbox.dll
ziptv06.dll
wrlzma.dll

[b]C:\Program Files\Webroot\Spy Sweeper\Core.msi[/b]
ISSetupFile.SetupFile2

My current workaround is to stop then disable (at startup) the following 2 Webroot services via Run … services.msc:

Webroot Client Service
Webroot Spy Sweeper Engine

as well as disable the SpySweeperUI.exe file to load at Windows startup.

I will keep them this way until ALWIL re-issues the VPS to no longer flag these false positives.

Hi Guys,

My customer in indonesia, has been screaming about this…anybody please concern about this…please…if you don’t want to lose those customer.

We have aware our customer to not download the VPS update first.

I just got a warning concerning IOBit360’s file as follows: 12/2/2009 9:32:00 PM SYSTEM 1620 Sign of “Win32:Delf-MZG [Trj]” has been found in “C:\Program Files\IObit\IObit Security 360\is360mon.dll” file.

Took no action after browsing this Forum - good response so far, folks, appreciate the effort here :slight_smile: I did see that avast ‘updated’ just moments prior to this alert, so I was a bit leery of believing its actuality. I bet it will be fixed soon (fingers crossed!!)

And I just started using avast two days ago, LOL… seeing how slow the Forum is atm I bet there’s LOTS of traffic on this :wink:
Alex

:frowning: :o please fix this problem asap. It is a huge issue having yoy guys giving us a stuffed up virus definition. A program is now rendered useless because of you. Thanks heaps

OMG…I thought I was the only one. I have had 19 warnings (all trojan) since I have updated my Avast today. I am freaking out and I could only delete them because I scanned in safe mode. Please let me know what is going on.

God Bless

Karmel

Same here, only so far the only warning I received was from Avant itself, and my Avast moved it to chest, disabled it, and then removed it from my list. I tried a reinstall, virus warning, on an earlier version of Avant, Avast again tossed it into hiding. I haven’t gotten the warning on any other program yet, haven’t tried for fear now that it will disable everything. My computer has been offline all day, and then tonight soon as I turned it on, this happened, and it was fine last night. I lost all my favorites, important links I had bookmarked for easy access due to owning an online scrap store, and now I can’t access anything without first looking it up, and I don’t like chrome or IE…I want my Avant back…with no virus warnings!