Can a system restore bring back files removed during an Avast boot scan?
Before I knew about this false positive I thought my whole computer had somehow been infected. Now I’m worried I deleted essential files. I didn’t send them to the chest like I should have. :-[
I’ve been doing it manually as well. What a nightmare. I just had 200 computers blow up yesterday. It cost my client a LOT of money to have everyone go down like that. It ate everything from email to database software. Really really really bad. I was able to get the update pushed out to the bulk of them last night, but there were still a handful that required manually restoring files from the vault on the local machine to work properly. I can’t believe how bad this is. I haven’t even gotten a generic emergency support email or a “sorry” email or anything either, disappointed that there’s basically been radio silence from Avast. I had to go online & dig to find this thread to figure out what was going on.
Will I change antivirus vendors for the future? Not sure. Mistakes happen. The software has been very good up until this point, and they did roll out the fix-it patch same-day. I’ve had this happen with Windows Updates as well, so no company is immune to problems of this magnitude. The Avast fix hasn’t been 100% effective for every machine, but as of this morning I have 95% of my users back up & running. I understand that mistakes happen. Just a bit upset that they didn’t even send out an email notice or anything for a status update.
Hi kaidomac,
Lucky for those that skipped that update. When some things go wrong, they often go wrong big scale.
All vendors suffer from these mishaps some day or other, “someone pushing a wrong handle there”.
Prepare for it in the future with a pre-update emergency back-up scheme, but that is wisdom in hindsight.
polonus
I’ve had zero luck running the restore task as well. I temporarily disabled Windows Firewall on both my AEA server and the client I was trying to run the restore task to. It still didn’t work with both firewalls turned off.
I also discovered that I was unable to use the Remote Virus Chest feature (I’ve never had a need before now). For those that don’t know, you need to open port 135 and 16108 for the Remote Virus Chest to work. This can be configured in Group Policy. Computer Configuration → Policies → Administrative Templates → Network → Network Connections → Windows Firewall → Domain Profile → Windows Firewall: Define inbound port exceptions. At least now I don’t have to go office to office or use VNC to manually restore.
This is just great. i called support and they are saying i need to submit a support ticket. which i did yesterday I have over 100 pc down and they don’t even want to talk to you. what a POS customer service.
The difficulty is two-fold:
As much as I hate not having time to test A/V updates on a test group beforehand, it’s important to have the updates come in as fast as possible because I’ve run into issues not doing that - as soon as a virus fix is identified by Avast, added to the database, and rolled out to users, they are protected. So to me, it’s worth the risk for the occasional hiccup like this to have the most up-to-date protection possible, because it has bitten me before in bad ways with zero-day exploits. Plus, I support several companies & several branches as well, so it’s not really feasible to babysit everything 24/7 due to workforce budgets being what they are.
The second issue is quantity of users. Even with backups, reverting 200 users who have physical machines & are not on a Terminal Server is a logistics nightmare. I spent all last night trying to fix things remotely & have had to go on-site to patch up all the little bits & pieces remaining. Reverting to a prior backup is possible, but then the users lose all of their work for the day (times however many users you have), versus just restoring from the vault. Although restoring from the vault hasn’t fixed 100% of the issues I’ve run into, so I’ve had to do some further work, like re-installations of certain software.
Very frustrating all around.
I have not had great CS from Avast in general, which is probably my only real complaint. The pricing & feature set is great, it does a great job of detections (other than this snafu), and it doesn’t slog down your PC. I use different A/V packages depending on the client, but aside from the mediocre customer service, I’ve grown to really like the product & service because it runs well & runs reliably. So again, not sure if I will dump them after this, but their response to this issue has been rather dismal, which is very annoying when I’m stuck explaining to a paying customer why all of their computers are down & why their $100-an-hour engineers can’t work. I think they have a great product & I understand that occasionally things go wrong, but Avast needs to step it up with their customer service responses. What I’m hearing today is "Why didn’t we just stick with Norton? 
has this junk been resolved yet? I have not seen a thread indicating that it has. Quite frankly I am quite astounded that the product in itself with that update acted as a Trojan by definition.
So what is the final statement? Is this problem fixed yet??
see post #67 also here https://forum.avast.com/index.php?topic=170730.0
This is what has worked for me:
As of 10am this morning, I am back to 100%. That was a long night 
I agree that “mistakes happen” , especially with this type of software.
However, Avast owes it to their users to explain why this happened, and what they are doing to prevent it in the future. This was not some minor problem… but was a very serious issue that had a large impact for many paying customers. If Avast expects us to STAY as their customers, they need to respond and help us understand what they are doing internally to prevent this from happening again.
Further, considering how obviously broken that definition update was, it is clear that Avast does not do any testing of their updates prior to pushing them to production release. That’s not great.
Well, my laptop is “working fine”, running like nothing happened, but still my intel/nvidia drivers aren’t running, or at least when I try to open them it gives me an error, like there are missing files and stuff, my cousin which happens to be a tech with this stuff is going to help me, but for sure I’m changing my AV, avast worked well for me, but this is just a no, even though my laptop is “fine”, it isnt. I’m one of the people that had to reboot and had files deleted thinking it would help.
BTW - this happened before. December 2009:
“On Thursday 12.3.2009 avast! had a bad false positive issue. At around 12:15 AM GMT (4:15 PM PST) we released VPS update 091203-0 which started flagging hundreds of innocent files as a ‘Win32:Delf-MZG’ Trojan (or, in less common cases, as 'Win32:Zbot-MKK). Among the files affected were high-profile programs produced by Adobe, Realtek, sound card drivers, various media players etc.” - A VPS update 5 hours later solved it.
On April 2011, a VPS update was causing WebShield to report widespread viruses on random websites. Was fixed 5 hours later with a new VPS update.
Again in March 2013 - Avast accidentally flagged Adobe Acrobat as a virus and killed the software for many users - fortunately a repair of the Acrobat software resolved it after a VPS update (3 hour response time).
This is a disgrace and not something I expect from my anti virus software. This has created me untold work because I trusted Avast and means I have totally wasted my week trying to fix this rubbish. I truly find it unbelievable and it beggars belief how it got through your release management processes. Yours, a very disgruntled customer. If you put as much effort into ensuring this sort of thing doesn’t happen as you have into scrambling the verification this would not happen, I am sure.
This doesn’t happen often but unfortunately I don’t know an AV that it hasn’t happened to.
Panda had a big one some weeks ago
www.404techsupport.com/2015/03/panda-cloud-and-antivirus-false-positive-hits-hard/
www.theregister.co.uk/2015/03/11/panda_antivirus_update_self_pwn/
I don’t think we need to rehash the occurrences.
It’s bad enough when it happens and, as I said it’s happened to all of them.
Has ANYBODY received a reply on any of their support tickets on this issue? That is not settling well with me.
Edit: My bad, I did receive a “we are working on it” response but not a “we have fixed our screwup” response.
It’s not just one “bad” update. The last version of Avast 8.x family was stable, fast, had a good UI, wasn’t filled with upsells and ads.
That’s the version I used on mine, my father’s and mother’s computers.
Several weeks ago it flagged WS_FTP’s DRM module on father’s computer as a virus.
Then, more recently, it quarantined Opera browser and some other executables on mother’s computer.
At about the same time, it flagged random NVidia driver DLLs on my computer as well.
I restored all files from quarantine and immediately got rid of Avast on all machines. This is planned obsolescence, a move to force us to upgrade to 9.x.
At first, I gave it a shot. Then I loaded the latest 9.x version and saw that it not only kept the messy and yet somehow function-reduced UI from earlier 9.x releases, but it’s full of upsells and then an ad pulled out of system tray asking me to buy Avast…
And of course, on my sister’s PC, which had “automatic program update” enabled, despite having an initially minimalistic install of 8.x, 9.x came along and installed “grime fighter” and all the other garbage.
That’s not how upgrades are supposed to work.
Goodbye Avast, you were good while you were good. Now you joined the ranks of pretty much every other “free” antivirus which are, at best, “potentially unwanted programs” themselves.
So far I’ve lost my lightspeed mobile filter and user agent as well as chrome.dll now. It’s taking out computers 1 by 1 now. Originally thought this was the 150506-3 update, but now even 150511-0 update is killing stuff.