Win32:Kryptik-PFA [Trj] - False Positive ?

Hi,

My File System Shield as started moving files to my chest this afternoon.
Most notably my Lightshot.exe program that allows me to do screenshots.

When I scan with Avast I get 256 infected files.
MBAM does not find anything.
SAS does not find anything.

They cannot be repaired.

When trying to reinstall Lightshot, it blocks it.
Here is the screenshot :

http://prntscr.com/72a5q1 - Popup
http://prntscr.com/72a5yp - Virus Chest

I am having this same issue as of 1330 CST, Brand new computer reporting this Trojan in the Gobi wireless software on an Lenovo X1 Carbon. Definitely a false positive, need it fixed too.

I am having this same issue as of 1330 CST, Brand new copmuter reporting this trojan in the Gobi wireless software on an Lenovo X1 Carbon. Definitely a false positive, need it fixed too.
if you think so, right click file(s) in chest and report to avast lab as FP

I have two computers that just started showing this same issue with the business edition. I have submitted a file from TortoiseGit that was showing as being infected.

I also have several stations reporting the same, running the business edition also.

Tons of false positive at the college I work for. I mean hundreds.

We also are having a wide spread report of this happening on our college campus. It seems like it started at the same time the latest definition came out. Thinking a bad set of updates are the cause.

Same is happening to us. First report was at 11:49am PDT. I’m getting multiple notifications reporting various files as infected by Kryptik-PFA. Most of the reports are saying that it’s our KACE KDeploy.exe agent that is infected.

Definitely looks like a bad definition update.

Same here. First started around 2:43 EST when people started getting VPS file 150506-3

We even called Avast and we were told they can’t help us and we need to submit a ticket. We said we think it is due to the update and its a false positive and they said then you can write a exclude statement for it. Since it is flagging tons of files, that would be a endless battle. If you guys have not created a ticket yet, I would suggest putting one in so we can have extra pressure for them to fix the latest batch of updates.

That is the same version as I have.

Same version here also: 150506-3 Anyone come up with anything besides adding exclusions, which as was posted is an endless battle because its different files on each machine.

Same Version Here

Oh good, it’s not just us :stuck_out_tongue:

We’re getting it on dozens of machines and hundreds of files as well, so excluding or reporting the files will do no good. I have a feeling that cleaning up after this false positive will be more work than cleaning up an actual trojan…

Having the same issue here. Dozens of files are flagged. Happened soon after today’s update.

:frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning: :frowning:

Getting tons of these on ALL of our Avast protected systems and started with Def Upd 150506-3 and is causing a nightmare and mass panic all across our University. Even showing up on PCs that were imaged clean just now. As soon as Avast is installed on a new clean image it starts alerting that it is infected by “Win32:Kryptik-PFA [Trj]” virus.


Hurry up Avast. Need a fix. Our PCs are unresponsive during this. So, we are out of business until it is fixed!!!

We are getting this false positive as well. Anybody know how to roll back today’s update?

Hurry up Avast!

We sure could use a way to rollback too, since avast isn’t putting out a timely fix.

Also seeing this behavior with Avast! Endpoint Protection and definition update 150506-3. Several Windows 7/8 laptops so far.

MANY system files, application files, dlls, executables are being detected as Kryptik-PFA [Trj].

I uploaded many of these files to VirusTotal and none of them have been detected as a virus by any vendor.

I contacted support but they said it was necessary to open a ticket. Please do the same if you are impacted.
https://support.avast.com/Tickets/Submit

Same thing here at my company… Three computers started showing they were infected with this same bug a little over an hour ago… After seeing these posts about it being an FP, I forced another computer to download the definition update and sure enough, it started having the same issues as the other computers…