404 Tech Support

Latest Avast! Definitions Contain False Positive Blocking Legitimate Websites, Malware Detected [Updated]

While it’s nowhere near as bad as the McAfee False Positive problem that ended up killing tens of thousands of Windows XP PCs, the latest Avast definitions (4-11-11) seem to be blocking tons of legitimate websites thinking that there are malware scripts embedded in them. Tons of people are reporting the issue on Twitter and the Avast! website is being hit so hard, it has been intermittently down or slow to load. If you visit a site that is detected, you might see this pop up in the bottom right corner of your PC and then the website will go to a “Problem loading page/the connection was reset” error page. This is happening across browsers and operating systems from reports I’m seeing.

These are the definitions that I’m running that are causing the false positives.

The scripts are all running on legitimate sites (not that means they’re malware free) but they don’t seem to have a whole lot in common. It would make a little more sense if a common script like the Twitter Tweet button or the Facebook Like button were flagged as a false positive but the problem seems to be these antivirus definitions are too broad for their definition.

Avast! I still love you but this needs to get fixed. Communication would also be key. I’m not seeing anything on the Avast! website, blog, or Twitter account currently.

I hesitate to recommend it but the only way around this is to get into the Avast User Interface and under Real-time shieldswebshield uncheck the box ‘Scan web (HTTP) traffic’. You could disable all of Avast! or the web shield but this is the best way to get by until Avast! releases updated definitions.

Update: Avast! has released new definitions to correct the issue, version 110411-2 (instead of 110411-1). You can download these definitions by running an update for the engine and virus definitions. Be forewarned, however, that it may take a few attempts to get these latest definitions due to server load (error 403).

Unfortunately, Avast! is yet to publish anything about the fluke that seems to have affected all of its customers. Remember to turn on scanning and all shields for maximum security since the issue has been addressed once you get the updated definitions.

Avast! has published a blog article addressing the false positive-ridden defintions:

Virus definition update 110411-1 contained an error that resulted in a good number of innocent sites being flagged as infected. Generally, all sites with a script in a specific format were affected.

Our virus lab staff discovered the problem quickly after releasing the bogus update and immediately started working on a fix. The fix was released about 45 minutes after the problematic update and has version number 110411-2. Anyone who still has this problem is kindly asked to manually update the definitions to the latest version, e.g. by right-clicking the avast taskbar icon (the orange (a) ball), and selecting Update -> Engine and Virus Definitions.

 

We sincerely apologize for the inconvenience. As this typically only affected remote sites (and not local files), simply updating to the latest definitions should completely solve the issue (no local files have been quarantined).