CA Antivirus Can’t Cope With Windows
…and so it is deciding to call many of the system files infected. That has not happened with any product I’m aware of for a good long while, but i certainly am glad i did not install the new CA Suite for 2010. The beta testers were just announced and i got my invitation, but escaped this little problem.
from ZDNet
…the CA support forums where there’s a lot of chatter about CA Anti-Virus misidentifying key Windows system files as malware.
Here are the kinds of messages that people are seeing:
7/8/2009 16:58:31 PM File infection: C:\WINDOWS\system32\net.exe is Win32/AMalum.ZZNPB infection. Quarantined
7/8/2009 16:58:32 PM File infection: C:\WINDOWS\system32\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined
7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\net.exe is Win32/AMalum.ZZNPB infection. Quarantined
7/8/2009 16:58:38 PM File infection: C:\windows\ServicePackFiles\i386\net.exe is Win32/AMalum.ZZNPB infection.
7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined
7/8/2009 16:58:39 PM File infection: C:\windows\ServicePackFiles\i386\netsh.exe is Win32/AMalum.ZZOKH infection.
7/8/2009 16:58:42 PM File infection: C:\WINDOWS\system32\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined
7/8/2009 16:58:47 PM File infection: C:\windows\SERVIC~1\i386\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined
7/8/2009 16:58:47 PM File infection: C:\windows\ServicePackFiles\i386\reg.exe is Win32/AMalum.ZZOAF infection.
7/8/2009 16:58:49 PM File infection: C:\WINDOWS\system32\verclsid.exe is Win32/AMalum.ZZNRA infection. QuarantinedThe problem mainly affects Windows XP SP3, but users of other versions of Windows are also claiming to see the problem.
Following the quarantining of the files users will be faced by a dialog box warning them that system files have been changed and that it may make the system unstable.
This problems seems to have started yesterday and some users who called up tech support were told that a fix would be forthcoming. A fix was released but for some this just seemed to bring more misery. If you are affected then try updating the malware signatures and then un-quarantining the files and see if that works for you. What makes it doubly frustrating for users is that there’s been no official word from CA about this issue.
If you accidentally deleted the quarantined files then the instructions here should help you put them back.
This seems like a huge blunder and it’s hard to see how it wasn’t caught out at the testing stage before the update was released to customers. It’s also a fine example of how software that’s supposed to protect you from malware can actually turn out to be very toxic to your system.
The last time I had problems with a CA product was when they offered a free antivirus and firewall for upgraders to Service Pack 2 of Windows XP. I installed it, and after about 3 days, I couldn’t get onto my PC…it was truly secure – from everyone and everything. It took 3 days of calls to the company to get things taken care of, and they never apologized.
I’m going to wait a while to try the beta, on a non-critical machine. Hope this helps someone avoid trouble!
§
•
One Comment
leftystrat
July 9th, 2009
at 8:50pm
My coworkers will tell you they often hear this phrase:
Windows: it’s not an OS – it’s a VIRUS!
I once spent 42 days with CA’s India-only tech support. I vowed that we would NEVER use another CA product as long as we live.
I’d sooner write my own software (and I can’t write software).