I can confirm this. Avast just locked me out of my audio production tools which were coded in Delphi. it also locked me out of all of the Delphi coded VST instruments I have. Im pissed. I hit the “do nothing” button, but dissabled avast, because I cant take this bullshit. tempted to go back to AVG now.
Hi, my avast! program updated its virus database around 3 hours ago. Not long after that, avast! warned that it had detected a trojan horse in the Spybot application extension file SDHelper.dll. After that, Spybot reported 3 registry changes, 2 of which I denied:
• 3/12/2009 2:10:27 PM Allowed (based on authenticode whitelist) value “{53707962-6F74-2D53-2644-206D7942484F}” (new data: “”) deleted in Browser Helper Object!
• 3/12/2009 2:10:35 PM Denied (based on user decision) value “BootExecute” (new data: "autocheck autochk *
aswBoot.exe /M:110b04264564
") changed in Session manager!
• 3/12/2009 2:10:38 PM Denied (based on user decision) value “ExcludeFromKnownDlls” (new data: “”) deleted in Session manager!
The last two logs above (the ones I denied), have repeated over and over again in the Spybot log file for the last 3 hours, as you can see here:
• 3/12/2009 2:10:39 PM Denied (based on user blacklist) value “BootExecute” (new data: "autocheck autochk *
aswBoot.exe /M:110b04264564
") changed in Session manager!
• 3/12/2009 2:10:39 PM Denied (based on user blacklist) value “ExcludeFromKnownDlls” (new data: “”) deleted in Session manager!
Something is obviously keen to change registry values…
Anyway, I tried moving the SDHelper.dll file to the chest, but that didn’t work. I was also unable to delete the file. What should I do?
P.S. Man, there’s a lot of traffic on this website!
The latest definitions are online since 45 minutes: 091203-1
I have been working on a local server (Wamp) for over two years now. With a big system update for my site that (I am a week late and now) GONE. It and many of my prgs got kicked tonight. I hope you people here at Avast have some way of getting them back, because from what I have been reading, I’m not the only one pissed! Pure bullshit!
VPS update 091203-1 fixed this issue. go update ur avast
Download the new definitions, go to the chest and restore all the files that have been moved there today, problem fixed.
Rescan to make sure.
Of course, if you chose “delete” instead of “move to chest”, then tough luck.
The new update “discovered” win32 zbot-mkk in 2 trusted programs on my PC. Irfan View and Damn Nfo Viewer were both disabled. I had to turn Avast off as it was continuing to found other viruses. How about a fix for this one?
Hi ALWIl Team,
Just advice,
Next time if you guys would like to launch or release a new signature, please try it first at your inside labs.
So some people, which have critical application not screw up just because 1 AV definition.
Good job
avast!, don’t let this happen again. I lost several program files to deletion, since the ‘move to chest’ function stopped working. I’ve spent ages repairing all of the damaged programs. I will seriously reconsider using this antivirus software.
ya , i already have many software deleted cannot work
Official statement here: http://forum.avast.com/index.php?topic=51647
Thank you for the official statement although, personally taking 5 hours to release the patch is too long. With 100 million users I would think there would be at least 1 person keeping an eye on things whilst you sleep. I mean seriously, you don’t release an update of any kind without first testing it. Please never let this happen again. I have strongly considered changing anti virus programs because of this. I may still so have fun with that. You’re very lucky it happened whilst the US was sleeping. If it had happened whilst they were awake you would have had mayhem. I mean the forums hardly loaded when the US was sleeping and there was a problem, let alone if they had been awake.
I hope these how to’s come out quickly and that they will solve issues of where files were moved to the chest
Not everyone sleeps at night in the USA. My “day” is “Night” and came on just before Midnight MST to work online. My automatic AVAST updated as normal without any alerts showing.
Then I visited a forum where a poster reported the trojan about 8 pm MST (Dec. 2). I disabled my AVAST…just in case… and came here. Apparently my update included the repair. If I came online several hours earlier, I would have been “hit” as well.
I have to give “kudos” to the AVAST team who made the repair within this five hours. However inconveinent it may be waiting to long…better a thorough hunting down than a “quick, stopgap fix”.
Hi Sparky13,
I agreed with you too,
Your country is lucky not screw up with this problem, but in my country indonesia for user avast they are screw up with this problem.
And back to us to asked about this problem.
Please in the future, before release a new signature update just make sure it internally.
well, that sucked.
Boot scan “caught” more than a dozen instances of “Win32:Delf-MZG [Trj],” mostly from lightweight appz. When it started flagging stuff like my soundcard drivers I canceled the scan and decided to look here for more info . Glad that I did.
Luckily, I have only a few minor appz to reinstall.
glad to see that the problem’s been fixed.
Oh man…tell me about it. :-\
Luckily, I too only had to reinstall a few things. (Even reinstalled my sound card drivers straight from disc) I about freaked out. :o
I did uninstall Avast and reinstalled it, so fortunately, it updated to the correct defs. But boy oh boy, there for a while I was like “what the heck?”
Anyway, thanks Avast for fixing this monster ASAP.
hmmm - I’ve got the last update (091203-1) and STILL getting the warnings??
I also had problems with the update and followed Avast’s recommendations and moved the files to the chest.
I them did the later update and restored each file in the chest.
The problem is that when I do an update now, Avast has to submit and download certain files in order to complete the update and it takes a really long time. Very frustrating.
I don’t know if Avast itself is now corrupted.
Any advice. Should I uninstall Avast and then reinstall?
Think that would fix the problem?
Thanks for any help.
First problem since having Avast but a big hassle.
kenf
You may have real virus but please send it to the chest.
Avast! should be O.K. Simply, Avast! is working as it is supposed to be: Avast! tries to upload these files while updating. At least, it won’t harm your system. However, in this circumstance, it must be tough to the servers. And yet, Vlk recommended to keep them…
You mean that Win32:Delf-MZG was a false positive before but now its real? AVG time