Many users of Avast anti-virus software appear to have had problems with their computers on December 2 and 3, not because of undetected viruses, but because an update to the Avast virus database caused Windows programs and system files to be flagged as viruses and quarantined or deleted.
The culprit is virus database update # 091203-0.
The files most frequently targeted appear to be program launch files (my own version of Avast flagged the .exe files for Homesite, Tag and Rename, Spybot S&D, Copernic Desktop Search, and Skype). The worst problem likely to befall a user in such cases is a need to reinstall the program. Some users, however, report that essential system files were being flagged, causing more extensive problems.
Internet forums were buzzing with hundreds of users who reported false positive reports by Avast. Some users were able to recover the affected files from the virus vault and disable Avast protection, suffering little harm. Others reported losing, or being unable to recover, a considerable number of files, with some people finding that Windows would not reboot.
The Avast forums slowed to a crawl, and then became completely unresponsive as a deluge of users tried to find out what was going on. One of the most active online discussions of the problem occurred on the DSLReports forums. By about 6 a.m. GMT (1 a.m. US EST), users of this forum were reporting that Avast had apparently fixed the problem with a new update (# 091203-1).
Users who encounter this problem should turn off their Avast protection shields, and update to the latest database before reactivating. If Avast flags a file, and you are sure it’s a false positive (very likely if it’s a program launch file that has previously given you no problems), then tell Avast to take no action. If you allow the file to be sent to the vault, you should theoretically be able to retrieve it, but some users have reported being unable to do so, losing the files permanently.
While the problem seems to have been fixed, as of this writing there appears to be no acknowledgement of the cock-up on the Avast website. Given that this problem was being reported not only by users of Avast’s free anti-virus program, but also by those who forked over their money for the Professional Edition, the company might need to be pretty quick with the apologies.
Update (5 p.m. GMT)
The people at Avast have now released an announcement about the false positive issue on their forums. This announcement doesn’t contain a whole lot of new information, but does offer an apology. They have also posted instructions on how to remove a false positive file from the Virus Chest.
Some sources, like DownloadSquad are reporting that the false positive problem involved flagging all binaries created in the Delphi application development environment. As they observe, this would create “a gigantic problem if you happen to be developing Delphi apps in-house.”