Avast FP - Win32:Cycbot-K

http://forum.avast.com/index.php?topic=85464.0

http://answers.yahoo.com/question/index?qid=20110924163655AAvx4kn

http://answers.yahoo.com/question/index?qid=20110924163655AAvx4kn

This happened to me yesterday. I'm assuming it's fixed now but just a heads up in case anybody else gets the warning (or how to fix it if they've been deleted already).

 

Is this bug still present ?

 

There's nothing official (that I can find) to say it's fixed, that's why I thought I'd mention it.

 

I'll try to get some info what was going on this time around. The last time there was similar issue they switched to a more strict way of testing definitions before release to avoid similar situations. Apparently something went wrong again. I'll keep you posted if i get any info.

 

Thats why a low False Positive rate is important, they are more dangerous than a threat.

 

Thanks. It's a big slip up.

 

+1

 

From what i could gather, it only affected users that were running a full system scan. File System Shield or Quick Scan were not affected. At which point it makes me still wonder why ppl run Full System scan on almost daily basis when real time shields are designed for that purpose. Now i'm not going to blame users for doing it but it's just ot necessary. And because of it, the issue affected just users who were running this full scan. As far as i can see the glitch resolved by itself after VPS update, either by itself or was fixed specifically. No statement was given so far about this issue so my guess is that it probably wasn't fixed specifically and was rather a temporar glitch that somehow happened under very specific situation which was maybe not covered by the check before the VPS release.

 

Also, it happened only if the system "catalogs" (the catalog files that contain digital signatures of system files) were somehow broken/corrupted. Which is a fairly low number of cases.

Of course, if we had a "normal" FP on kernel32.dll, it would have been a far, far, far bigger problem than this.

Thanks
Vlk

 

That was my thought as well. If it was a normal FP entire avast! forums would be flooded with reports. But instead there were just 3 of them as far as i can tell.

 

Ok, got some more info from one of the devs. It appears the issue was related to the ASLR function in Windows which apparently generated very limited set of false positives for certain users. Sometimes certain security features don't go to well together...