Win32:Kryptik-PFA

I am all of a sudden receiving reports from several computers with the following message regarding Win32:Kryptik-PFA:

File “C:\Windows\System32\ZenLgn.dll” is infected by “Win32:Kryptik-PFA [Trj]” virus.
“File System Shield” task used
Version of current VPS file is 150506-3, 05/06/2015

How do I know if Avast truly resolved the issue, quarantined it or just left it untouched?

If you check the Avast End-Point forum this is apparently widespread. Sounds like a bad Avast Virus Definition update. Hopefully Avast is working on the issue.

I believe we have a problem with virus definition updates.
I received an identical quarantine notice for three DLL files, one from my email program and two from my video driver.
The email DLL has a file date of 14 November-2014. The other two files are dated 2-July-2014.
I disabled Avast via the shields control and restored the files from quarantine.

I hope this gets fixed quickly. I don’t relish the thought of our IT staff having to go through the same issue with all 400 members of our organization.

Submit it to avast as a possible false positive:
https://blog.avast.com/tag/false-positive/

I will submit it as a false-positive but it is running ramped on many files. Do I need to submit it as a false positive for each file reported?

Same problem at our institution… Not good… :frowning:

So when we can have a solution to this false positive problem?

We are also experiencing the same issue – since about 10:30AM Pacific.

Same here, we have thousands of messages with files being moved to chest and its even flagging the Chrome executable.
the Virus page at avast shows that
https://www.avast.com/en-us/virus-update-history shows …

6.5.2015 - 150506-3
This VPS update contains only fixes to existing definitions or removal of false alarms.

but we are still getting thousands of notifications.

There’s some discussion here, too: https://forum.avast.com/index.php?topic=170705.0

Based on the discussion here I’m changed the “Action” on my “File System Shield” to “Do Nothing” across the board (at the root of my “Computer Catalog”). This stopped the files from being put into the “Virus Chest” but I’m still receiving notifications.