shit happens, et tu, AVG? was Re: [funsec] Kaspersky strikes again

Fri, 21 Dec 2007 13:45:48 -0800 

AVG did something similar a few days ago, but not windows core, at least.

On 12/13/2007, AVG (free v7.5.516) detected a file in MS VS 2003 as 
PSW.Ldpinch.RXL.

c:\%programfiles%\Microsoft Visual Studio .NET 2003\Vc7\bin\rc.exe (resource 
compiler).

c:\%programfiles%\Microsoft Visual Studio .NET 2003\Common7\Tools\bin\rc.exe 
(resource compiler).

They fixed the def's on the next update, but never meantioned it, other than 
other poor souls complaining on the forums. Luckly for most that auto-empty is 
not the default.
  ----- Original Message ----- 
  From: Richard M. Smith 
  To: [email protected] 
  Sent: Friday, December 21, 2007 6:11 AM
  Subject: [funsec] Kaspersky strikes again


  Kaspersky false alarm quarantines Windows Explorer
  Accidents will happen

  By John Leyden 
  20 Dec 2007 17:00
  http://www.channelregister.co.uk/2007/12/20/kaspersky_false_alarm/
  A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows 
Explorer (explorer.exe) as infected with a low-risk virus, Huhk-C. As a result 
the core Windows component was quarantined or worse.

  Kaspersky released a revised update alongside advice on how to recover 
legitimate system and application files from quarantine (the default setting) 
within two hours. But that's not much consolation for users that had set their 
software to auto-delete infected files, who found themselves with hosed systems.

  Among those affected was Reg reader Carl. "A false positive caused the 
deletion of explorer.exe.," he reports. "It would have only caused problems for 
companies performing their network scan during the hours that the dodgy update 
was present - which included me, unfortunately. I was working out of hours to 
fix the previous Kaspersky update problem. I finally finished sorting it all at 
5am.".

  ...



------------------------------------------------------------------------------


  _______________________________________________
  Fun and Misc security discussion for OT posts.
  https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
  Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Reply via email to