Avast FP - Win32:Cycbot-K

Discussion in 'other anti-virus software' started by Ianb, Sep 26, 2011.

Thread Status:
Not open for further replies.
  1. Ianb

    Ianb Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    232
    Location:
    UK
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Is this bug still present ?
     
  3. Ianb

    Ianb Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    232
    Location:
    UK
    There's nothing official (that I can find) to say it's fixed, that's why I thought I'd mention it.
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    I'll try to get some info what was going on this time around. The last time there was similar issue they switched to a more strict way of testing definitions before release to avoid similar situations. Apparently something went wrong again. I'll keep you posted if i get any info.
     
  5. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    Thats why a low False Positive rate is important, they are more dangerous than a threat.:mad:
     
  6. Ianb

    Ianb Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    232
    Location:
    UK
    Thanks. It's a big slip up.
     
  7. carat

    carat Guest

    +1 :blink:
     
  8. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    From what i could gather, it only affected users that were running a full system scan. File System Shield or Quick Scan were not affected. At which point it makes me still wonder why ppl run Full System scan on almost daily basis when real time shields are designed for that purpose. Now i'm not going to blame users for doing it but it's just ot necessary. And because of it, the issue affected just users who were running this full scan. As far as i can see the glitch resolved by itself after VPS update, either by itself or was fixed specifically. No statement was given so far about this issue so my guess is that it probably wasn't fixed specifically and was rather a temporar glitch that somehow happened under very specific situation which was maybe not covered by the check before the VPS release.
     
  9. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    Also, it happened only if the system "catalogs" (the catalog files that contain digital signatures of system files) were somehow broken/corrupted. Which is a fairly low number of cases.

    Of course, if we had a "normal" FP on kernel32.dll, it would have been a far, far, far bigger problem than this.

    Thanks
    Vlk
     
  10. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    That was my thought as well. If it was a normal FP entire avast! forums would be flooded with reports. But instead there were just 3 of them as far as i can tell.
     
  11. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Ok, got some more info from one of the devs. It appears the issue was related to the ASLR function in Windows which apparently generated very limited set of false positives for certain users. Sometimes certain security features don't go to well together...
     
Loading...
Thread Status:
Not open for further replies.