Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

April 11th, 2011

False positive issue with virus defs 110411-1

Virus definition update 110411-1 contained an error that resulted in a good number of innocent sites being flagged as infected. Generally, all sites with a script in a specific format were affected.

Our virus lab staff discovered the problem quickly after releasing the bad update and immediately started working on a fix. The fix was released about 45 minutes after the problematic update and has version number 110411-2. Anyone who still has this problem is kindly asked to manually update the definitions to the latest version, e.g. by right-clicking the avast taskbar icon (the orange (a) ball), and selecting Update -> Engine and Virus Definitions.

 

We sincerely apologize for the inconvenience. As this typically only affected remote sites (and not local files), simply updating to the latest definitions should completely solve the issue (no local files have been quarantined).

Categories: General, lab, Technology, Virus Lab Tags:
  1. NM
    April 11th, 2011 at 23:08 | #1

    I am pretty angry. Why wasn’t the definition at least rolled back until the fix was ready or any sort of communication prior to this? I just wasted 2-3 hours of my busy Monday trying to deal with this. AND, this is not the first time. Avast has been uninstalled on all systems and we have switched to AVG. I’m not the only one; you may want to check out the #avastfail twitter tag.

  2. logos
    April 11th, 2011 at 23:15 | #2

    okay, that solved the issue here ;)

  3. logos
    April 11th, 2011 at 23:18 | #3

    but why are the forums down ?

  4. Saad Durrani
    April 11th, 2011 at 23:21 | #4

    It was not 45 minutes though. It was more than 1.5 hours. We were telling people to fix their internet on Twitter all that while. Still, Avast ROX!

  5. oleschri
    April 11th, 2011 at 23:29 | #5

    First: Thank you for the quick fix :)
    Second: I suggest using your Twitter account @avast_antivirus for immediate notification about a known failed update next time.

  6. kuangeleven
    April 11th, 2011 at 23:33 | #6

    “As this typically only affected remote sites (and not local files”

    Not for me, I ran a bootup test and it pickled out several local html files.

  7. kuangeleven
    April 11th, 2011 at 23:36 | #7

    I’d also like about the update server being unreachable.
    Very bad idea, since it is common that viruses block AV sites.
    This really raises the need to work on protocols to handle FP-s.

  8. hayc59
    April 11th, 2011 at 23:37 | #8

    Thanks VLK..what a dya eh!!

  9. April 11th, 2011 at 23:39 | #9

    logos :
    but why are the forums down ?

    Choked by too many users seeking advice I’m afraid… but it’s better now (accessible albeit very slow).

  10. April 11th, 2011 at 23:39 | #10

    Saad Durrani :
    It was not 45 minutes though. It was more than 1.5 hours. We were telling people to fix their internet on Twitter all that while. Still, Avast ROX!

    I admit it took some additional time to push the update to all our updating servers…

  11. Henry
    April 11th, 2011 at 23:40 | #11

    Listen you … because of your fault I wiped clean my router’s server site 192.168.1.1 and now my router is kapot.

  12. jimmycerf
    April 11th, 2011 at 23:41 | #12

    It gave me goosebumps!
    *

  13. April 11th, 2011 at 23:41 | #13

    kuangeleven :
    “As this typically only affected remote sites (and not local files”
    Not for me, I ran a bootup test and it pickled out several local html files.

    Assuming you had avast move these files to the “Chest”, I’d recommend restoring them by going to the avast UI -> Maintenance -> Virus Chest, selecting the files in question, right-clicking them and using the Restore command from the context menu.

  14. April 11th, 2011 at 23:41 | #14

    Hi,

    I have this problem. I had analize my computer and Avast! detected more that 30.000 malware, and I removed. Are there some problem? :S

    Thank you!

  15. Henry
    April 11th, 2011 at 23:42 | #15

    SUE F* AVAST!

  16. April 11th, 2011 at 23:44 | #16

    kuangeleven :
    I’d also like about the update server being unreachable.
    Very bad idea, since it is common that viruses block AV sites.
    This really raises the need to work on protocols to handle FP-s.

    Shortly after the problem was identified, we disconnected the updating servers from the Internet to prevent more people from getting the faulty update. The servers were restarted just after uploading the fix.

  17. Henry
    April 11th, 2011 at 23:44 | #17

    Israel Sue Avast!

  18. TJ
    April 11th, 2011 at 23:46 | #18

    As soon as I was having this problem, I called Avast support and an India sounding man insisted it was MY computer having a virus attack. I asked more than once if maybe this was a bug with the latest update and this Avast support person said ‘no’. Next thing you know, the man wants me to go to this website whereby it would allow him to have control over my computer, supposedly to see where the problem was coming from. I promptly hung up on him because I didn’t like the sound of that and again, this was someone from Avast support! Turns out is WAS a bug with the latest Avast virus definition update and this jerk wanted to get into my PC! WTF?

  19. Henry
    April 11th, 2011 at 23:49 | #19

    OH MY GOD they censored my comment! I really hope your company burns to the ground for producing such junk crap, I am writing a letter to cnn, times and Of course pcworld right now to tell them of this BLUNDER, you literally caused me LOSS, U r going down the urinal now!

  20. Fix
    April 11th, 2011 at 23:51 | #20

    I’d started a scann before boot (as I thought I was infected by a malware)… and I deleted more than 4500 html file from my computer… some were important..

  21. Filipe
    April 11th, 2011 at 23:52 | #21

    Changing my anti-virus now… ( Tip: Mcafee free for 6 months on Facebook )

  22. Mike Cope
    April 11th, 2011 at 23:53 | #22

    This has really screwed with my network and created a whole bunch of problems. Not a happy camper.

  23. oleschri
    April 11th, 2011 at 23:53 | #23

    @Henry
    ;) Maybe calm down a little bit, you’re getting a heart attack …

  24. werecougar
    April 11th, 2011 at 23:55 | #24

    Thanks for the quick fix. We *all* make mistakes.

    I second the notion of updating @avast_antivirus on Twitter the instant an issue is discovered (and not just after it’s fixed).

    Also, for those of us that are on the free personal edition (like myself), we forfeit the right to complain when a free product messes up. ;)

  25. Lujay
    April 11th, 2011 at 23:57 | #25

    I did a full and boot scan when the problem occured and I moved a lot of the flagged files into the chest. Shall I just restore them or send them to you to check? I’m worried in case there are a couple in there that may be real flags, as I haven’t run a full scan for a while.

    Any chance I can copy & send them on email for you to just run your eye over? There’s so many, it would be a nightmare to send them one by one.

  26. Henry
    April 11th, 2011 at 23:58 | #26

    @oleschri Ah well, the thing is i went for FREE stuff but now I will have to buy a new router and pay for the money to get settings on it, I could have spent lesser money buying a proper anti virus from a company like norton, mcafee, etc . So, I am feeling guilty for trying to go cheap and look what it cost me !
    Sadly, these guys even don’t care much but yes I will see to that their reputation will pay!

  27. April 11th, 2011 at 23:58 | #27

    Henry :
    Listen you … because of your fault I wiped clean my router’s server site 192.168.1.1 and now my router is kapot.

    Henry, I understand your frustration but wouldn’t it be more constructive to try to work on resolving the problem as opposed to flooding the blog with comments? If you told us a bit more about the problem (and what and how exactly did you wipe the data), maybe we would be able to help. In many cases, data can be restored even after deletion.

    Thanks.

  28. oleschri
    April 11th, 2011 at 23:58 | #28

    werecougar :
    Also, for those of us that are on the free personal edition (like myself), we forfeit the right to complain when a free product messes up.

    Yup. Exactly. And most people are *gg*

  29. David H
    April 11th, 2011 at 23:59 | #29

    At least this was not as bad as McAfee’s false positive on April 21, 2010, where McAfee quarantined SVCHOST.EXE which prevented Windows XP from booting, where you had to go into safe mode about 3 times and do a bunch of other thing to get it working.
    At least with this Avast bug, all you need to do is wait for the new definitions to come out, then have Avast update itself.

  30. April 12th, 2011 at 00:02 | #30

    Lujay :
    I did a full and boot scan when the problem occured and I moved a lot of the flagged files into the chest. Shall I just restore them or send them to you to check? I’m worried in case there are a couple in there that may be real flags, as I haven’t run a full scan for a while.
    Any chance I can copy & send them on email for you to just run your eye over? There’s so many, it would be a nightmare to send them one by one.

    If you have already updated to the fixed definitions (110411-2), just navigate to the Virus Chest (avast -> Maintenance -> Virus Chest), select the files in question, right-click them and select the “Scan” command. If avast says -no virus- for each of them, you can just restore them to their original location by (again) right-clicking and using the “Restore” command.

  31. April 12th, 2011 at 00:02 | #31

    I WANT TO RESTORED MY DELETED FILES!!!!! How can I do it? :S

  32. Graham
    April 12th, 2011 at 00:03 | #32

    I agree this was very frustrating. And my organization is a paying customer of Avast, this brought us down about 2 hours today. We weren’t able to conduct buissness as our central database and customer service application are web apps.

    Why isn’t there an option in the distibuted Network manager for us to roll back definitions or even perform an auto-update? Does Avast post their definition files somewhere for manual install? (since that’s the only option in the Management console.)

    Also your communication on the issue was really lack luster, most of the net was screaming on Twitter and Facebook. And you didn’t say anything till it was over, no one knew if you were even aware of the issue.

    I’m very disapointed, and the irony of us all of this… I was telling my boss how great you were morning. Thanks for making me eat my words.

  33. Ben
    April 12th, 2011 at 00:03 | #33

    Very disappointed in Avast that this caused so much headache today. There needs to be a better way to get this information out directly.

    This caused a sales person’s laptop to crash because it moved critical system files to the virus chest.

  34. oleschri
    April 12th, 2011 at 00:04 | #34

    Henry :
    @oleschri Ah well, the thing is i went for FREE stuff but now I will have to buy a new router and pay for the money to get settings on it, I could have spent lesser money buying a proper anti virus from a company like norton, mcafee, etc . So, I am feeling guilty for trying to go cheap and look what it cost me !
    Sadly, these guys even don’t care much but yes I will see to that their reputation will pay!

    I think it’s always your decision what you’re doing. And – well – you should know what you’re doing, right? ;)
    - you’re using a free virus scanner
    - you know that virus definition updates can sometimes contain errors
    - you choose to not have current backups of your servers
    - you blindly follow a free virus scanner’s suggestion to delete files

    hmmm, what does that give, in your opinion?

  35. April 12th, 2011 at 00:04 | #35

    DELETED FILES, NOT CHEST (or TRUNK, I don’t know the exact word) @Israel Diéguez

  36. Henry
    April 12th, 2011 at 00:05 | #36

    @David H ah well I can’t connect using my dsl connection either now because somehow avast decided that my router was carrying the same set of false viruses!

    @vlk Forgive me for saying this but HOW COULD you have missed this humungus error/flaw, I don’t know what to say anymore because I know my router is kapot and I also don’t see any gains from getting angry but I hope that for your own sake, for your reputation’s sake You guys DO BETTER!

  37. April 12th, 2011 at 00:05 | #37

    Israel Diéguez :
    I WANT TO RESTORED MY DELETED FILES!!!!! How can I do it? :S

    Israel, please kindly proceed to the forum http://forum.avast.com/ and ask the question there. I’m sure we will be able to find a solution. (The comments section of the blog isn’t a practical place for this kind of communication though).

    Thanks.

  38. damien
    April 12th, 2011 at 00:06 | #38

    Forums were down to limit the number of angry posts that will flood in because of this definition update error…but honestly..will they say that or not…WHY WASN’T it rolled back…

    “Typically ONLY affected remote sites my as_…” my html files got borked!

  39. Floyd
    April 12th, 2011 at 00:06 | #39

    my pc will not update. still shows 110411-1
    when ok button is clicked

  40. Ssscrudddy
    April 12th, 2011 at 00:07 | #40

    Damn it! I just spent all day removing an earlier version of windows (dual boot), increasing the remaining (2nd) partition & installing a couple of bits of new hardware, tested everything, then started getting this html:Script-inf…

    So I did a thourough scan of all drives, took forever, then did a boottime scan…

    The trouble is, I have it set to delete the files (not move to chest) so it looks like I’ll be reinstalling my OS tomorrow. grrr.

    At least nmy laptop is ok!

  41. April 12th, 2011 at 00:07 | #41

    Thank you! :) @vlk

  42. Lujay
    April 12th, 2011 at 00:09 | #42

    Cheers for that vlk. Will do! :)

  43. logos
    April 12th, 2011 at 00:09 | #43

    @vlk

    okay, didn’t realize that so many people would rush to the forums as in my case, the correcting update came very quickly after the first FP and yeah, I had the bad update pretty late, while the forums were down already before that.

  44. April 12th, 2011 at 00:10 | #44

    Ben :
    Very disappointed in Avast that this caused so much headache today. There needs to be a better way to get this information out directly.
    This caused a sales person’s laptop to crash because it moved critical system files to the virus chest.

    A critical system file? Which exactly?
    The problem I’m talking about only affected scripts and/or html content (i.e. not binary/executable files).

  45. oleschri
    April 12th, 2011 at 00:11 | #45

    damien :
    Forums were down to limit the number of angry posts that will flood in because of this definition update error…but honestly..will they say that or not…WHY WASN’T it rolled back…

    I don’t have the impression that this is the case here. But it’s totally plausible that the forums went down under the unexpected traffic pressure building up in a few minutes.

  46. hm
    April 12th, 2011 at 00:11 | #46

    @NM
    lol, yeah, go ahead and njoy AVG… well you should know that from time to time everyone screws something a little. On December 2010 AVG screwed their update in a way that you would not even turn your PC on and all you could do was to use the recovery CD, sooo, in the end… maybe you will be “angrily” switching to next product in few years…

  47. Richard
    April 12th, 2011 at 00:11 | #47

    Yep, fixed here too. Thanks!

  48. Faust
    April 12th, 2011 at 00:11 | #48

    You’re wrong about the bug not effecting local files. It flagged my sessionstore.js file for Firefox, and blew away my session.

    Btw, when you referred to the bad update as “bogus”, I assume that you mistyped and are not actually saying that the update was a *fake* update.

    This whole fiasco is really disappointing and cost me a lot of time today. I’m no longer going to be rcmding Avast to my clients.

  49. Mike W
    April 12th, 2011 at 00:13 | #49

    I have an environment where we are running 4.8 clients, managed by a 4.x ADNM. I cannot get the server to update the definitions, so that I can push out the new version.

  50. April 12th, 2011 at 00:15 | #50

    Thanks for fixing it promptly, and for not borking up anything too badly. This could’ve been worse…

Comment pages
1 2 3 6 2207
Comments are closed.