Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

April 11th, 2011

False positive issue with virus defs 110411-1

Virus definition update 110411-1 contained an error that resulted in a good number of innocent sites being flagged as infected. Generally, all sites with a script in a specific format were affected.

Our virus lab staff discovered the problem quickly after releasing the bad update and immediately started working on a fix. The fix was released about 45 minutes after the problematic update and has version number 110411-2. Anyone who still has this problem is kindly asked to manually update the definitions to the latest version, e.g. by right-clicking the avast taskbar icon (the orange (a) ball), and selecting Update -> Engine and Virus Definitions.

 

We sincerely apologize for the inconvenience. As this typically only affected remote sites (and not local files), simply updating to the latest definitions should completely solve the issue (no local files have been quarantined).

Categories: General, lab, Technology, Virus Lab Tags:
  1. Mike
    April 12th, 2011 at 05:29 | #1

    interesting – i never had any of your experiences – even before my definitions were updated to the next version! nothing was classified as a \virus\

  2. Avast_Hater
    April 12th, 2011 at 05:32 | #2

    Avast, you are a virus. I am through. I have never had a virus do as much damage as you did to me today.

  3. nig
    April 12th, 2011 at 05:52 | #3

    @SlyCooperFan1
    all I can say to that is people make mistakes its called life.
    and there is no need for the (fuck you) abuse.

  4. Xmas
    April 12th, 2011 at 06:06 | #4

    I’m very sad :(
    When Avast sign, I ran a full check. It’s found many “viruses” in compressed files that contain htm. I tried to quaranteen but Avast not able for it. So I delete it.

    I lost my files… -.-

  5. Lucia76
    April 12th, 2011 at 06:26 | #5

    Thanks for fixing this… although I have to say, this bug cost me 3 hours of my morning. Not only did Avast detect hundred of supposedly-infected files, but after the boot scan my computer refused to restart. I had to go through “start in safe mode” and restore to a previous point… and even so, Avast would start and crash. Updating Avast did not solve the issue. I had to manually uninstall Avast and reinstall the new version, and only then did my computer stop misbehaving.

    Fortunately, it seems no crucial files were deleted… because had they been, I would have been unable to recover them, as I had to completely uninstall.

    However, I have to say this is the first ever time I have trouble with Avast after more than 3 years of use for free. It would be hypocritical of me to be too harsh with the Avast team, as I have been benefiting from a mostly wonderful, simple and effective antivirus and it hasn’t cost me a penny.

    Regards, and relax guys… I still remember when there was no internet, and no one died of it ;)

  6. N. Beeman
    April 12th, 2011 at 06:53 | #6

    Same here. I immediately suspected a bad update, but manual update locked up (due to shut down servers)and wouldn’t fix the problem. Agree with others that a notice somewhere would have made this much less of a problem, and saved a couple hours’ frustration. I searched website and forums and found nothing until an email response to a support ticket 10 hrs later. Generally love Avast, and hope a lesson is learned here. @RealNeil

  7. Donna W.
    April 12th, 2011 at 07:13 | #7

    Just want to thank them for doing a great job and issuing the remedies so quickly. This is the best AV system available and would hate to see it go away or start to cause problems. This was really resolved in a very timely manner.

  8. Sven
    April 12th, 2011 at 07:15 | #8

    What’s with all the anger? Wasn’t it quite obvious that they’d made a mistake and highly likely that the mistake would be fixed shortly? Relax a little. Read a book if you don’t dare surfing without anti-virus.

    Read a book anyway, btw.

  9. Chris
    April 12th, 2011 at 07:31 | #9

    Just wanted to second that there is no need for abuse. Avast is a good product, far more stable and reliable than a lot of software I have used over the years. One little slip up isn’t the end of the world, and I imagine for most of us it didn’t cost very much time.

  10. Salem_Oregon
    April 12th, 2011 at 07:42 | #10

    Why isn’t there a link to this info on Avast’s MAIN page? Why do users have to search for this? There’s a lot of people who have no idea how to find this stuff!
    I LOVE Avast, but ruck up. You screwed up, make the info TRULY available to ALL.

  11. clint anderson
    April 12th, 2011 at 07:47 | #11

    Well, for myself this false positive meant that myself and another co-worker had to spend over an hour on hold with Avast support, got disconnected 3 times, never actually got through to anyone, so we just resolved to keep downloading new defs and running the update task. We couldn’t get to the Avast forum to get any instructions because it was obviously being hammered by other people having similar issues.
    Two weeks ago we had an identical issue with Avast flagging Script-Inf in every other web page, legitimate web pages, our users were opening.
    This also used up a few hours of time to determine that it was in fact a false positive.
    What is frustrating is that the problematic definition was immediately obvious to us, we installed it, and within an hour had users complaining of inaccessible sites.
    So we are frustrated that a company whom we entrust to thoroughly test these definitions would release, twice in a month, definitions which caused lost man-hours to resolve. Our antivirus is meant to save us man-hours.
    It has happened to almost every major anti-virus company there is, I understand, I’m not going to switch, I’ll stick with the product– but I expect that this kind of thing will be resolved and won’t keep happening!

  12. Sean
    April 12th, 2011 at 08:47 | #12

    You know thats really not good enough Avast! after receiving your dodgy update and being told every site I accessed had malware I did a scan, came up with 5000 infections, deleted all of what I thought were infected files, some of which were work related PHP files. Thanks to you guys I’m missing JS & PHP files over multiple web projects. Seriously considering changing back to AVG, at least they never had this happen.

  13. maz
    April 12th, 2011 at 08:47 | #13

    If your on board computer in your car suddenly started telling you that every part of your car was failing, even though you were using it fine a few hours before, would you start ripping parts off your car or wait till you had spoken to the manufacturer?

    I can understand home users being spooked by this but I can’t believe the IT rep on another page who said he scanned and quarantined his server ffs. Common sense people.

  14. doktornotor
    April 12th, 2011 at 08:54 | #14

    @Sean: ” changing back to AVG, at least they never had this happen.” OH RLY? https://msmvps.com/blogs/donna/archive/2009/08/28/avg-false-positive-on-legitimate-applications-causes-trouble.aspx

    So:

    - *everyone* has had (and will have) this happen.
    - there is the frickin’ chest (quarantine) feature, use it. Why on earth are you deleting things blindly, especially those ones you have no secure backup for?

  15. April 12th, 2011 at 08:57 | #15

    My readers say that I have an infected site! :-( THX

  16. Sean
    April 12th, 2011 at 09:07 | #16

    doktornotor :
    @Sean: ” changing back to AVG, at least they never had this happen.” OH RLY? https://msmvps.com/blogs/donna/archive/2009/08/28/avg-false-positive-on-legitimate-applications-causes-trouble.aspx
    So:
    - *everyone* has had (and will have) this happen.
    - there is the frickin’ chest (quarantine) feature, use it. Why on earth are you deleting things blindly, especially those ones you have no secure backup for?

    I was obviously with Avast! during that fiasco :P [my apologies]
    I am aware there is a quarantine feature, I tried to use it on my files however it wouldn’t allow me, it requested I do that boot scan, still wouldn’t allow me to quarantine or repair so I was forced to delete the files.

    I just don’t understand how an update isn’t tested on a few computers at Avast before it rolls out?

    I’ll probably stick with Avast, I do like the talking with the updates ;) , but seriously guys test things before you release them! My day today now consists of replacing those JS and PHP files from my backups which are old [but at least I have them].. Frustrating!! :(

  17. Adam K
    April 12th, 2011 at 09:08 | #17

    Hey,

    I was in panic yesterday night and quarantined over 8000 files which I am restoring just now. I am absolutely certain AVAST is the best av sys and a great job to those developers who sorted the malicious update so quickly!

    I do believe though that avast should let their user know of this incident by sending them an email or something, so that the panic would not affect the firm’s great reputation.

  18. Troy
    April 12th, 2011 at 09:20 | #18

    It’s good that the fix was quick. However, my Avast is reporting as being out of date in that the current version is 110411-1 and it says 110411-2 is available. But…when
    dot he update ‘engine and definition’ it says, after a short progress bar runs, that it’s already up to date at 110411-2. Change screens e.g. go to Summary, then switch back to Update and it shows as being out of date again (i.e. 110411-1).
    :(
    Any ideas? Re-install?

  19. April 12th, 2011 at 09:25 | #19

    I am confused :/

  20. zedug
    April 12th, 2011 at 09:32 | #20

    Hi,

    I launched a boot check following the “infection” and as it started to signal temporary internet files as infected, I asked him to suppress all: 18000 files html suppressed later, I wondered how a so huge infection could occurred.
    Now I will have to restore windows, office. And pray that I will never need the HTML Help of the other program’s.
    It’s for a part my fault, I should have quarantined them… And so we learn.

  21. Merz
    April 12th, 2011 at 09:45 | #21

    It’s all resolved. Thanks for the prompt fix. Glad I didn’t have to wait a week or two for the patch (as happened with a corrupting Microsoft update a few years back)! After analyzing the situation a bit, I realized it was a problem with the latest Avast update because the malware pop-up only came on when I was surfing online news sites and other web pages with certain types of embedded ads (but for sites that were legitimate just an hour before).

    I uninstalled Avast, rebooted the machine, waited a bit until I found out that the fix was already out, re-installed Avast and the new definitions 110411-2 were automatically loaded.

    Avast is a great app and the responses on this blog and forum show that the folks there are top-notch. I’m sure they’re getting a bunch of hate mail now but I know even the best companies out there can’t manage to make 100% of the customers happy.

  22. Ed
    April 12th, 2011 at 10:00 | #22

    Im not sure what was going on, but what ever they did with that BS update they claimed it was fixed 45 mins later I know to not be correct. I was wake to 5am this morning, 3 hrs after the update popped out trying to figure out what was going on. My Avast was saying everything was a trojan or Malware, and my spyware was saying Avast was a threat, and avast telling me I had over 5000 virus hits in my system. Its now 1458 hrs and I have been sitting here since 7am scanning the HD I ripped out of my desktop because I did not trust the AV installed, nor the bloody spyware. How about testing this *Censored* before releasing it. Im not pleased at all.

  23. Henk
    April 12th, 2011 at 10:00 | #23

    Aren’t the updates tested first? Shit happens. However this really affects users, certainly when they aren’t that skilled. Obviously the communication can be improved. Not to mention, my first reaction was to do a manual update, but Avast even terminated its own update request A notification to all users would have been in place.

  24. Italiano
    April 12th, 2011 at 10:10 | #24

    Again?.Im sorry for my moneys.

  25. timmon
    April 12th, 2011 at 10:12 | #25

    Too late. It has started yesterday evening, i couldn’t retrive update of virus database so i have made full system scan with deleting all “infected” files. I’m a webmaster and now i lost almost all my websites. It’s second time that Avast! made such a mistake. About 2 years ago Avast! was “finding” viruses in .exe files :/

  26. Gavin Burke
    April 12th, 2011 at 10:13 | #26

    I just wanted to correct you avast, it DID affect local files, anyone who ran a virus scan with this definition installed (i.e. ME!) got told thousands of files (all .htm) on my PC were infected…!

  27. Gavin Burke
    April 12th, 2011 at 10:14 | #27

    Oh and P.S. my virus update fails now so can’t get the 110411-2, instead I will go to AVG FREE – http://free.avg.com/gb-en/homepage

  28. Rob
    April 12th, 2011 at 10:25 | #28

    I wish this information had been splashed on the Avast home page – would have saved a lot of heart ache and frustration with repeated boot scans and the like. I’m pretty computer savvy but you put your trust in the product…

    Anyway this hasn’t put me off using avast, just wished they’d made this information more easily visible, not hidden away in some blog. Maybe next time they will.

  29. Warrior
    April 12th, 2011 at 10:28 | #29

    Use Linux instead.

  30. thedude
    April 12th, 2011 at 10:32 | #30

    i got a massive “infection”, uploaded one of those files to one of those multiple antivirus engine websites, only avast got it so it was an obvious false positive
    Did not move anything to the vault, but 4 .js files moved themselves there, strange
    Anyway, next time check the suspected falsepositive file in virustotal or any other similar place and dont delete stuff so quick

  31. Momster
    April 12th, 2011 at 10:45 | #31

    I agree with Henk. What about testing? How in the world did this even get by? I’ve changed update settings and will wait a bit before updating ever again. Lost loads of time (I work at home) and am now behind schedule. I had to reinstall Dreamweaver because it messed up js/scripting. Could NOT get it back from boot scan. I can’t afford to be a beta tester. I don’t do Windows updates immediately because of this kind of thing. I love Avast, but this was a very bad thing. Hopefully we (both developers and users) have learned a thing or two.

  32. April 12th, 2011 at 10:46 | #32

    5000 files in chest and lost of an important day, but I will stay with you!
    Take care!!!

  33. April 12th, 2011 at 11:04 | #33

    My AVAST can’t update to new definition? What should I do?

  34. acs
    April 12th, 2011 at 11:05 | #34

    I’m very sad with avast.
    Avast nevermore

  35. April 12th, 2011 at 11:12 | #35

    Avast_Hater :Avast, you are a virus. I am through. I have never had a virus do as much damage as you did to me today.

    Totally correct!!!

  36. James McDermott
    April 12th, 2011 at 11:26 | #36

    Thank you for the fast response, both, to my massage and the hic-cup with the signature update (110411-1). I applied the fix (110441-2) and the problem disappeared. Avast IS 6 is the best product of the many I have tried in the past and will continue to be my top recommendation as a robust AV/Security product to anyone who seeks my advice. Thank you——-

  37. Wildfire
    April 12th, 2011 at 11:34 | #37

    Gavin Burke: well, good luck with AVG. They’ve had even worse issues with faulty updates, like not being able to boot into Windows at all.

    And yet again, to all people who now seem to hate Avast: reality check! *EVERY* Antivirus has had problems like this in the past and *WILL LIKELY HAVE AGAIN* sometime in the future.

  38. Victoria
    April 12th, 2011 at 11:46 | #38

    I have a question that I’m hoping that someone can answer. I did the full scan, and Avast found a lot of infected files. I choose to “do nothing”. Have something happened to my files, or are they exactly as they were before?
    Thanks for your help!

  39. wordbender
    April 12th, 2011 at 11:47 | #39

    As internet banking user I obtained an offer from my bank for free 12-month subscription to McAfee® anti-virus software* some time ago. Unfortunately for Avast its yesterday’s faux pas marked its last moment for it on my computer. Bye bye.

  40. Jonie
    April 12th, 2011 at 11:49 | #40

    My Avast won’t update to 110441-2 — what now????
    I’m stuck with 110411-1 !!!
    Help!!!

  41. Marco
    April 12th, 2011 at 11:57 | #41

    This was bad, 1163 files infected were found on my computer, luckly I was smart enough to not delete them. Because it was too strange, as my computer never ever got a virus.

  42. Emilia
    April 12th, 2011 at 11:58 | #42

    I had the same problem last night,i scanned my computer first and moved to chest all the infected files.Then I made a boot scan,found a lot of files infected with this html virus.Some were moved in chest,but i stopped the scan at 60% because it said the drive is full…now,on the scan log i try to repair or move to chest all of them,but it’s giving me an error to all files(the system cannot find the file specified)…i don’t know what to do now…my computer seems to work ok for now…pls help!!!

  43. ody74gr
    April 12th, 2011 at 12:02 | #43

    My AVAST can’t update to new definition? What should I do?

  44. Bl4ckSh33p
    April 12th, 2011 at 12:06 | #44

    OMG! After visiting a few sites like Twitter or Facebook I got Virus warnings via Chrome.exe the whole time. After a quck scan over 1000 html and js files have been quarantained and I restarted to do a check before win7 launches. After a few hours only 12% of my files (about 500 GB) were scanned and many quarantined. When it found a cab file it could not contine to repair or move it and I shut my computer off. Today after the Update no infection is shown… :(

  45. Emilia
    April 12th, 2011 at 12:13 | #45

    Bl4ckSh33p :
    OMG! After visiting a few sites like Twitter or Facebook I got Virus warnings via Chrome.exe the whole time. After a quck scan over 1000 html and js files have been quarantained and I restarted to do a check before win7 launches. After a few hours only 12% of my files (about 500 GB) were scanned and many quarantined. When it found a cab file it could not contine to repair or move it and I shut my computer off. Today after the Update no infection is shown…

    Aproximately the same thing happened to me,but,like i said,now i have errors in the infected files and i can’t do anything to the…i haven’t tried the do nothing option,i’m afraid i’ll make it worse

  46. April 12th, 2011 at 12:43 | #46

    I can understand the outrage,,Obviously we missed a lot of sleep here, too.
    But one event once, and people say they are going to flee to products like (Haha) McAfee that they have to dispose of by giving away, or the once-great AVG, which has so much code bloat gained over the years that is turns a quad core into a C=64, and then STILL misses malware?

    Now if there is a Next Time, maybe I’ll join the tantrums.
    Yes, it was unpleasant.
    I killed the router instantly, etc. Oh, yes, it was a bad day. The point is Avast never stonewalled it or buried it, and rememedied it within hours.

  47. ody74gr
    April 12th, 2011 at 12:45 | #47

    updated to 110442 i think now all its ok
    -10 to avast (i lost time and files)

  48. Libor
    April 12th, 2011 at 12:45 | #48

    Trochu mě mrzí že o té chybě avast nerozeslal varovné emaily. Má email každého uživatele ve své databázi. Vážně jsem zvažoval přechod ke konkurenci. I proto, že web stránka byla (asi pro přetížení nedostupná.

  49. How to remove a trojan/adware?
    April 12th, 2011 at 12:47 | #49

    Ok, now where should I send e-mail (I don`t want to use my own compouter), because my computer was attacked (10.4) by trojans and other malware and at least one of them, exx.exe got through to my computer, it is created as a process on the disk. I have run many scans and Avast! detects the infected files and website threats, but like I said it does not find exx.exe harmful. How can I delete this file? I found it with the “search” function of my computer. Can I just manually remove it or should I download some other spyware/adware program in addition to Avast!? Please, send e-mail to me!

  50. Jonie
    April 12th, 2011 at 12:54 | #50

    @How to remove a trojan/adware?

    I scanned with Ad Aware – nothing infected.

Comment pages
Comments are closed.