Avast falsely alerts safe software as Trojans

Many users are raging about a recent update to their Avast anti-virus software that is giving off false positives on their system, alerting them of Trojan's might be on their PC. Avast is alerting users of freshly downloaded files that they might be at risk, even when the file is safe.

Avast is reporting safe applications such as Spybot – Search and Destroy, Skype and other applications incorrectly that they may contain the Win32:Delf-MZG Trojan.

The support forums for Avast are currently down due to a huge increase in user traffic, trying to figure out why their once safe applications are being detected as infected.

Avast recently passed their 100 millionth user, being one of the top anti-virus software available; even winning a recommendation from CNet Security Starter Kit 2010 protection.

Users receiving the false positives on their systems should disable the security shield by Avast, until the problem is resolved.

Update: It appears that Avast has quickly reacted to the false alarm claims and released another definition update "3.12.2009 - 91203-1", described as, "This VPS update contains only fixes to existing definitions or removal of false alarms."

Report a problem with article
Previous Story

Google launches site performance tool for website owners

Next Story

YouTube may start streaming TV shows, for a fee

68 Comments

Commenting is disabled on this article.

I dumped AVG because of too many false positives and it would allow you to complete a download while warning you. Avast programmers show no common sense in this area. If a download is flagged as having a trojan, no matter what you do or choose within the warning window (IGNORE) it will ruin the download by stopping it short of completion or eliminating the part is sees as dangerous.
I really appreciate being warned when a security app see's something, but I want the last word. Downloading a rar file that scans as having a trojan is not in itself dangerous unless I open it and run the file, so there is no need to break the file to protect me from a false positive. If I can get the whole file (I have to turn Avast off) I can scan it with other apps or online scanners to double check. Its not so bad if its a 5mb freeware application, but when its a 100mb application that took 30min to download, only to be destroyed at the end because Avast doesn't like it, it ticks me off to no end. I have bitched to them personally about this issue but they ignored it. Until they fix this issue so YOU decide whats OK with reasonable care, then they are a second rate app in my opinion just as AVG has become no matter how high their ratings.

it's funny people bitch about it and all they needed to do was choose action to place stuff into virus chest, recheck bit later after updated / fixed definitions are out and move them back from chest ...

jeez false positives happens to ANY security 'scanning' software be it client, server (cloud) side etc.

IMHO this sounds like someone decided to make big halo of the competetior problem (as i remember not so long ago Symantec, Nod or even Kaspersky were erasing happily system files ... this yet not happened to Avast

I really don't see how a few people here actually managed to have apps 'deleted' or 'ruined' or what not during this issue. I mean, what? did people just blindly hit 'delete' on safe files in a panic without even thinking or something?

Xilo said,
I don't even use AV software anymore.

Ever since dumping IE and WMP I haven't had the need to either. I scan suspicious files I download, that's about it.

EVERY AV program does this.

AVG is the biggest culprit; it's also the biggest heap of **** and wins the #1 award for ****-poorly coded program ever award but they're other matters.

I've used Avast for years and despite a lot of checking around, I've never found anything better. I even upgraded from the personal to the professional version because I believe that people should pay for good software to keep those companies in business.

Anyway, Avast showed one of the components of my Tune Up Utilities as a trojan and, even though I knew that was very unlikely, I moved it to the virus chest. The result was that One Click didn't work until I re-installed. Big deal -- it took me a whole two minutes.

And, as the story said, they reacted very quickly to correct the problem. I'm sticking with Avast because it works.

Another issue is that not all users are tech-saavy enough to realize that this might be a false-positive, heck many don't even know\beleive that there can be such a thing! When they see a virus alert, they freak out (avast!'s alert is perticularly enraging) and delete/quarantine the file without thinking.

I only have virus issues with portable media (the university labs are a hot storehouse) but rarely otherwise. So when KMPlayer got detected as a trojan, I knew it had to be a false positive. I;ve been using that for a while now. And the KMPlayer didn't update, the VPS did. Safe browsing and common sense.

Nevertheless, its definitely NOT recommended to pause/stop the resident scanner ('standard shield'), since there still exist true-positives out there! And while you're at it, ALWAYS quarantine, you'll never repent.

yep - per daveymn, i too am nortons antivirus - i use the endpoint solution (small business w 5 user pack for my home of sep11).

i have not had an issue that i couldnt quickly fix (within 5 min) to date - and ive been using symatec av in my house since 97, version 5

tested avg thru mcafee, trend thru avast.... overall, best has been symantec.... and im in it/mis for my job.

and yes you pay. free is free - i believe that you cant complain about it if its free, as you havent paid to develop it.

and all av companies from kaspersky (4 times last year) to mcafee (once in 08)have definitions that either corrupt the install, or damage the computer - as long as it doesnt hit system files and brick your pc, you reload a few programs, and are back in business...

Norton Anti Virus all the way. Not had one problem with it, and detected viruses where necessary.

OK, it costs £50 a year... but it does the trick.

Besides for the resources it eats up, the problems it has with updating, how difficult it is to remove it from your system, how slow it is, and it is expensive . . . but besides all that it's great.

AVAST is crap, imo....tried it once for a month and it allowed things to get through...luckily it was on a test system.

techbeck said,
AVAST is crap, imo....tried it once for a month and it allowed things to get through...luckily it was on a test system.

Any AV is better than No AV, No AV is better than any another AV 100% of the time; so whatever it is you're selling, I'm not buying.

Fulcrum said,
Any AV is better than No AV, No AV is better than any another AV 100% of the time; so whatever it is you're selling, I'm not buying.

What you said made no sense...

What is worst? Deleting files when falsely detecting virus or deleting file for no reason when logging out of guest account?

This has nothing to do with OS defects. It's was a heuristic glitch in Avast. The "guest account" issue has been fixed.

It ruined a bunch of my applications. I had to remove avast! and reinstall my applications. I can't be bothered to install avast! again. Microsoft Security Essentials will have to do for now.

As long as the Antivirus doesn't flag a core Windows system file as a virus and brick the machines, I don't care. So it nukes an application and you have to reinstall it. I'd much rather have that then trying to repair a windows installation. Due to the nature of how virus definition files work, every antivirus will have a false positive(s) at once point or another. The only question is will the false positive kill windows.

Almsot evey antivirus software has had this kind of problem... but they fixed it at the end, it was just temporary.

avast is a bad antiviral software for sure. still, most of antiviruses have a heuristic analysis to detect potentially dangerous software. rate of false alarms depends on depth of analysis. deep analysis gives very high rate of false alarms.

coth said,
avast is a bad antiviral software for sure. still, most of antiviruses have a heuristic analysis to detect potentially dangerous software. rate of false alarms depends on depth of analysis. deep analysis gives very high rate of false alarms.

Nonsense, Avast is still a great anti-virus software. a lot replies here are recommending MSE over Avast over this, unbelievable. all anti-virus software has these's kind of problems, no anti-virus software is perfect, avast quickly address it and fixed the problem. i still wouldn't use MSE over Avast, I'm sticking with Avast, im not going switch to another anti-virus software over this problem. a lot of MSE users think it's not going to happen to MSE [Microsoft], think again if it happens to avast and other anti-virus softwares, it will happen to MSE.

ah, which is why i always change the automatic actions and turn off resident scanner but at least change your automatic actions, its common sense really

You made a good point, but many users that aren't computer-savvy won't know what to do with when it flags something and the most common choice would be to delete the flagged item.

As of late, I've seen different AV applications to start flagging more and more applications/files as dangerous. They should be focusing on better heuristic scanners or other methods instead of making their software more "sensitive".

How dare Avast do this! Especially when most of us use the "Free Home Edition" and this program runs better than Norton which can be expensive. Still, how dare Avast do this and then release a fix within a few days! I was hoping they would ignore it and not fix it for many days.

How is this news? Windows Defender once labled Internet Explorer 7 malware. ;)

This happens with almost any AV at some point or time.

It's news because it just happened and people didn't know about it. Not every news item has to be explosions and train wrecks.

At least Avast fixed the problem and have apologised, and are working on a fix guide for anyone who was affected. By the sounds of it, it's only if your avast updated between 12 and 5 this morning that it may have been a problem.#

While MSE is good for a home PC, it's no good inside a corporate environment - certainly not here, we can't use it inside the company network because we have RealVNC installed on all machines internally across all our sites for remote support... and flags it as a medium risk and kills the server element (which is kinda the crucial bit).

Adaytay said,
While MSE is good for a home PC, it's no good inside a corporate environment - certainly not here, we can't use it inside the company network because we have RealVNC installed on all machines internally across all our sites for remote support... and flags it as a medium risk and kills the server element (which is kinda the crucial bit).

Strange because I also run RealVNC server on all the machines on our network and MSE hasn't complained about it at all.

I was a Avast user for about 1.5 year until it fail to identify a Confliker.AE worm and other worms which I was having at home. Being with MSE and Nod32 since then.

MSE is finicky so it may be good on one but not another but avast can be the same unless you remove all the excess shields and keep just the web,standard,network shields and ditch the rest.

lol, lame AVs... MSE is the best, no problems from day I installed it till now :D
Hope Microsoft keep MSE quality as is

first avg, now avast...

seems like they got sloppy with virus definitions after a few years....

which one will be next?

This was pretty bad (I was wondering why AIMP2 files got flagged), but to be fair this is the first time I've seen Avast screw up terribly with a false positive.

That's why I use Avira AntiVir. =)
Few years ago, I used Avast and similar thing had happened and destroyed my XP (and 2K), and while I was using, it was a resource hog. After the mishap, I reinstalled XP and my friend who is IT recommended me to use Avira - I thought about using AVG, but then my friend told me to avoid AVG and stick with Avira.

Since that day, I have not had a single issue with my anti-virus program.
Perhaps you should try Avira. =)

i agree with the Avira comments. i think Avira is THE BEST for FREE AV programs.

it's much better on resources vs Avast etc is.

Avira is light, but I don't really care too much for their popup advertisement when updating. Despite the annoyance, their updater moving at extremely slow speeds and/or hanging altogether at times just doesn't sit well with me.

As of recently though, watching MSE pickup on what Avira failed to just puts me off from even bothering to give it a chance. I used to overlook AVG's resource usage as well, until Avast and MSE started cleaning up what AVG couldn't.

ThaCrip said,
i agree with the Avira comments. i think Avira is THE BEST for FREE AV programs.

it's much better on resources vs Avast etc is.

actually the best free antivirus is Microsoft Security Essiantials

MSE managed to max out my CPU when downloading using Firefox. Shame, as I quite liked the minimalist approach.

bod said,
MSE managed to max out my CPU when downloading using Firefox. Shame, as I quite liked the minimalist approach.

That's a problem on your behalf... nothing wrong with MSE... never did it to me.

dead.cell said,
Avira is light, but I don't really care too much for their popup advertisement


Set a execute deny permission in the Security properties page. If the free version still has preupd.exe, use that to update with the Windows task scheduler instead (that used to work when I used the free version).

Glendi said,
That's a problem on your behalf... nothing wrong with MSE... never did it to me.

Thank you for your expert diagnosis. Yes I agree that it's a problem somewhere on my PC, but as it was a brand new, clean install of Windows 7 and only the second app I installed on there after Firefox, I chose to install something more reliable that didn't grind it to a halt. A quick google search identified many other people with the same problem and little in the way of a fix...

Glendi said,
That's a problem on your behalf... nothing wrong with MSE... never did it to me.

I've noticed this behaviour on three computers, all of them more than capable of running Windows 7. So... no.

Soldiers33 said,
it's much better on resources vs Avast etc is.
actually the best free antivirus is Microsoft Security Essiantials

No it's not.

you all may want to think about
setting the auto actions to Prompt for Action, at which point one clues in and says to themselves, wait a minute, i has no malware...
wait, why are all my files infected all of a sudden? ;P

artfuldodga said,
you all may want to think about
setting the auto actions to Prompt for Action, at which point one clues in and says to themselves, wait a minute, i has no malware...
wait, why are all my files infected all of a sudden? ;P


Doesn't this go against what most people like about Avast? No prompts.

one shouldn't receive many prompts, if any
you could hardly consider it an annoyance, more annoying than losing system files? ;P

You can quarantine them, but only if you click on the right button. Most people may erratically click "Delete" at the first sight of the word "infection."

Yikes!
I just removed Avast for another customer last night. Lucky NOD32 hasn't flagged anything wrong! And their system performed better too!

Raa said,
Yikes!
I just removed Avast for another customer last night. Lucky NOD32 hasn't flagged anything wrong! And their system performed better too! :)


i removed avast when it flagged both of my usenet apps as trojans
switched to the new MS one, i think ill leave it how it is for now

Jugalator said,
Actually, NOD32 has fallen into this trap before. I recall when we dealt with it at work once. It could have been this one, but I don't remember exactly now: http://kb.eset.com/esetkb/index?page=conte...ctp=LIST_RECENT

Symantec also does this quite regularly and it was hugely annoying, for it to be quarantining all my useful network monitoring and variuos other tools declaring them trojans & virus's when I know they are NOT.

I suspect they think all these alerts popping up will reassure their users, that the software is "saving" them and they should keep paying for it, when in fact it is exactly the opposite.

not to worry, Symantec/AVG etc anre now history on my machines, Microsoft's Security essentials works beautifully thanks