On mySimon: Norelco 6940 Shaver
BNET Business Network:
BNET
TechRepublic
ZDNet

July 9th, 2009

UPDATE: CA antivirus trashing Windows system files

Posted by Adrian Kingsley-Hughes @ 10:50 am

Categories: Security

Tags: Infection, Antivirus, Microsoft Windows, Computer Associates International Inc., File, Security, Adrian Kingsley-Hughes

I tipster just pointed me to the CA support forums where there’s a lot of chatter about CA Anti-Virus misidentifying key Windows system files as malware.

Here are the kinds of messages that people are seeing:

7/8/2009 16:58:31 PM File infection: C:\WINDOWS\system32\net.exe is Win32/AMalum.ZZNPB infection. Quarantined
7/8/2009 16:58:32 PM File infection: C:\WINDOWS\system32\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined
7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\net.exe is Win32/AMalum.ZZNPB infection. Quarantined
7/8/2009 16:58:38 PM File infection: C:\windows\ServicePackFiles\i386\net.exe is Win32/AMalum.ZZNPB infection.
7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined
7/8/2009 16:58:39 PM File infection: C:\windows\ServicePackFiles\i386\netsh.exe is Win32/AMalum.ZZOKH infection.
7/8/2009 16:58:42 PM File infection: C:\WINDOWS\system32\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined
7/8/2009 16:58:47 PM File infection: C:\windows\SERVIC~1\i386\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined
7/8/2009 16:58:47 PM File infection: C:\windows\ServicePackFiles\i386\reg.exe is Win32/AMalum.ZZOAF infection.
7/8/2009 16:58:49 PM File infection: C:\WINDOWS\system32\verclsid.exe is Win32/AMalum.ZZNRA infection. Quarantined

The problem mainly affects Windows XP SP3, but users of other versions of Windows are also claiming to see the problem.

Following the quarantining of the files users will be faced by a dialog box warning them that system files have been changed and that it may make the system unstable.

This problems seems to have started yesterday and some users who called up tech support were told that a fix would be forthcoming. A fix was released but for some this just seemed to bring more misery. If you are affected then try updating the malware signatures and then un-quarantining the files and see if that works for you. What makes it doubly frustrating for users is that there’s been no official word from CA about this issue.

If you accidentally deleted the quarantined files then the instructions here should help you put them back.

This seems like a huge blunder and it’s hard to see how it wasn’t caught out at the testing stage before the update was released to customers. It’s also a fine example of how software that’s supposed to protect you from malware can actually turn out to be very toxic to your system.

[UPDATE: CA apologizes for the blunder.]

Adrian Kingsley-HughesAdrian is a technology journalist and author who has devoted over a decade to helping users get the most from technology. He also runs a popular blog called The PC Doctor. See his full profile and disclosure of his industry affiliations

Want to get in touch? Got a tip? Feel free to drop me a note! I ALWAYS respect anonymity. I'm also on Twitter (@the_pc_doc)

Right to Reply: Should any industry representatives wish to comment on any posts on Hardware 2.0, I will be happy to publish their reply verbatim on this blog.

Subscribe to Hardware 2.0 via Email alerts or RSS.

  • Talkback
  • Most Recent of 106 Talkback(s)
Apologies...
Sorry for not being clear, I originate from the Mid-west where we like to butcher the English language, just because! HA!

I said, "I'm sure I'll get little flame from FOSS fanboys on that sugge... (Read the rest)
Posted by: JCitizen Posted on: 07/22/09  (Edited: 07/22/09 @ 09:55) You are currently: a Guest | | Terms of Use
CA malware problem  gertruded | 07/09/09
I don't need A/V software and I use Windows on the Internet.  ye | 07/09/09
Just pretend they aren't there and everything will be fine. right?  InAction Man | 07/09/09
He is right  NStalnecker | 07/09/09
He would have to be looking for them  InAction Man | 07/09/09
Viruses  compudog | 07/13/09
I believe everything i read  Hate Malware | 07/13/09
@malware hater  JCitizen | 07/21/09
Stick head in sand -  JCitizen | 07/21/09
It's what seems to work for you  rtk | 07/09/09
Me too  voska1 | 07/09/09
Eh... however...  ShadowGIATL | 07/12/09
Me too  JOHN_TUOHY | 07/14/09
Ignorance is bliss  djmik | 07/09/09
You go right on believing that. (nt)  ye | 07/09/09
You too..  JCitizen | 07/21/09
Flame from them why?  AzuMao | 07/21/09
Apologies...  JCitizen | 07/22/09
AVG is weak. PC-Tools is the best  bobp@... | 07/10/09
They all have weaknesses and strengths.  ShadowGIATL | 07/12/09
Pc Tools is the best  Hate Malware | 07/13/09
Just curious  NoThomas | 07/09/09
This post by voska1 pretty much sums it up.  ye | 07/09/09
And when that rootkit fails to appear in the process list you celebrate...  InAction Man | 07/09/09
rootkits  rtk | 07/09/09
What?  ShadowGIATL | 07/12/09
re: What?  rtk | 07/12/09
@rtk  ShadowGIATL | 07/13/09
Your logic is horrible.  AzuMao | 07/14/09
AV Fails  HeavySnarker@... | 07/10/09
Here is mine.  ShadowGIATL | 07/12/09
Sums it up  compudog | 07/13/09
It is possible, but these days kind of futile...  ShadowGIATL | 07/15/09
Really?  eMJayy | 07/10/09
Bravo  cheap_ass_kevin | 07/09/09
You keep living in Unreality then  kaninelupus | 07/10/09
Too many popinjays make THAT claim and watch out  kaninelupus | 07/10/09
I second that...  JCitizen | 07/21/09
Whoops  AzuMao | 07/22/09
True...  JCitizen | 07/22/09
Isn't it ironic?  rahbm | 07/13/09
Had CA, had a similar problem  nucrash | 07/09/09
Antivirus is the worst virus possible  pauliusp | 07/09/09
Must be your A/V software because...  zenotek | 07/09/09
Because it often adds service(s) which start on boot.  ye | 07/09/09
That's best practice  Lerianis10 | 07/09/09
Perhaps, but irrelevant.  ye | 07/09/09
I have plenty of real time protection...  JCitizen | 07/21/09
Yes..  AzuMao | 07/21/09
Maybe you should invest...  ShadowGIATL | 07/12/09
Sunbelt  djmik | 07/09/09
It has to load...  Erroneous | 07/10/09
go corporate level  kaninelupus | 07/10/09
Woot! Single-user corporation  HeavySnarker@... | 07/10/09
Not the first time...  GoodThings2Life | 07/09/09
Abbreviated Instructions  Dietrich T. Schmitz | 07/09/09
Trend Micro has done the same on and off  kd5auq | 07/09/09
the os vendor has something called system restore...  sjaak327 | 07/09/09
System resore is a POS!  InAction Man | 07/09/09
huh ?  sjaak327 | 07/10/09
Except that system restore requires known good files.  kd5auq | 07/09/09
Seems the AV software was the problem.  ShadowGIATL | 07/12/09
Software restore only works for legitimate installs  wolftalamasca | 07/13/09
The place i work for has used CA...  NoThomas | 07/09/09
CA might have it correct.......  deaf_e_kate | 07/09/09
CA shouldnt even be operating  STBA2009 | 07/09/09
CA=Crapware  FL_IT_Guy | 07/09/09
Agreed  HeavySnarker@... | 07/10/09
This is right on the money.  ye | 07/09/09
I highly doubt that  Lerianis10 | 07/09/09
Not likely.  ye | 07/09/09
I'm curious...  joiejoiejoie | 07/09/09
Microsoft has determined  Ole Man | 07/09/09
Because people do not practice safe computing  GuidingLight | 07/10/09
GuidingLight pretty much summed it up.  ye | 07/10/09
Not quite as simple as all that...  kaninelupus | 07/10/09
See this post of mine for an explanation:  ye | 07/10/09
spyware etc.  noormanbel | 07/10/09
It's a hacker's world  BALTHOR | 07/09/09
RE: CA antivirus trashing Windows system files  Jesterace | 07/09/09
Well, I haven't heard about you ...  HeavySnarker@... | 07/10/09
RE: CA antivirus trashing Windows system files  Jesterace | 07/09/09
Thanks Adrian  kcredden2 | 07/09/09
If your running it...  ShadowGIATL | 07/13/09
The Antivirus market has failed again!  directory | 07/10/09
RE: CA antivirus trashing Windows system files  lawrence.bordeaux@... | 07/10/09
RE: CA antivirus trashing Windows system files  pbrady1@... | 07/10/09
Most CA software is malware  nitecourt@... | 07/10/09
Not the first time, might not be the last  jbroche18 | 07/10/09
kinda makes you go "hmmm..."  swampengineering@... | 07/14/09
RE: CA antivirus trashing Windows system files  magraz_r | 07/10/09
Indeed  noormanbel | 07/10/09
This hit me  Spats30 | 07/10/09
RE: CA antivirus trashing Windows system files  tsukrn@... | 07/10/09
RE: CA antivirus trashing Windows system files  deskwalker@... | 07/10/09
RE: CA antivirus trashing Windows system files  Stovies | 07/10/09
smaller HDD's ?  noormanbel | 07/10/09
RE: CA antivirus trashing Windows system files  smithdan@... | 07/10/09
RE: CA antivirus trashing Windows system files  rtddun@... | 07/10/09
RE: CA antivirus trashing Windows system files  mkduffy@... | 07/10/09
Security  Tom6 | 07/11/09
Can't wait for Chrome OS...  Gal Baras | 07/11/09
Do you really think any OS is safe from this  joe620 | 07/11/09
Figures.  AzuMao | 07/13/09
Not the Only One  ksarkies@... | 07/14/09
Usually  AzuMao | 07/14/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

advertisement

Archives

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here