funsec mailing list archives

shit happens, et tu, AVG? was Re: Kaspersky strikes again

From: "Kitsune" <kitsune () sbcglobal net>
Date: Fri, 21 Dec 2007 07:32:48 -0800

AVG did something similar a few days ago, but not windows core, at least.

On 12/13/2007, AVG (free v7.5.516) detected a file in MS VS 2003 as PSW.Ldpinch.RXL.

c:\%programfiles%\Microsoft Visual Studio .NET 2003\Vc7\bin\rc.exe (resource compiler).

c:\%programfiles%\Microsoft Visual Studio .NET 2003\Common7\Tools\bin\rc.exe (resource compiler).

They fixed the def's on the next update, but never meantioned it, other than other poor souls complaining on the
forums. Luckly for most that auto-empty is not the default.
----- Original Message -----
From: Richard M. Smith
To: funsec () linuxbox org
Sent: Friday, December 21, 2007 6:11 AM
Subject: [funsec] Kaspersky strikes again

Kaspersky false alarm quarantines Windows Explorer
Accidents will happen

By John Leyden
20 Dec 2007 17:00
http://www.channelregister.co.uk/2007/12/20/kaspersky_false_alarm/
A faulty signature update from Kaspersky Lab on Wednesday flagged up Windows Explorer (explorer.exe) as infected with
a low-risk virus, Huhk-C. As a result the core Windows component was quarantined or worse.

Kaspersky released a revised update alongside advice on how to recover legitimate system and application files from
quarantine (the default setting) within two hours. But that's not much consolation for users that had set their
software to auto-delete infected files, who found themselves with hosed systems.

Among those affected was Reg reader Carl. "A false positive caused the deletion of explorer.exe.," he reports. "It
would have only caused problems for companies performing their network scan during the hours that the dodgy update was
present - which included me, unfortunately. I was working out of hours to fix the previous Kaspersky update problem. I
finally finished sorting it all at 5am.".

...

------------------------------------------------------------------------------

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

RE: Kaspersky strikes again, (continued)
- - - RE: Kaspersky strikes again Larry Seltzer (Dec 21)
    - Re: Kaspersky strikes again Dude VanWinkle (Dec 22)
    - Re: Kaspersky strikes again coderman (Dec 21)
    - Re: Kaspersky strikes again silky (Dec 21)
    - Re: Kaspersky strikes again Drsolly (Dec 22)
    - Re: Kaspersky strikes again silky (Dec 22)
    - RE: Kaspersky strikes again Alex Eckelberry (Dec 21)
    - RE: Kaspersky strikes again Peter Kosinar (Dec 21)
- RE: Kaspersky strikes again Young, Keith (Dec 21)
  - RE: Kaspersky strikes again Hubbard, Dan (Dec 21)
- shit happens, et tu, AVG? was Re: Kaspersky strikes again Kitsune (Dec 21)
  - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Alex Eckelberry (Dec 21)
    - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 21)
    - Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again Valdis . Kletnieks (Dec 21)
    - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 22)
    - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again Drsolly (Dec 22)
    - RE: shit happens, et tu, AVG? was Re: Kaspersky strikes again David Harley (Dec 23)
    - Re: shit happens, et tu, AVG? was Re: Kaspersky strikes again Dude VanWinkle (Dec 22)
  - RE: [stuff] happens, et tu, AVG? was Re: Kaspersky strikes again Young, Keith (Dec 21)
- RE: Kaspersky strikes again Daniel H. Renner (Dec 21)
- RE: Kaspersky strikes again Thomas Raef (Dec 23)

(Thread continues...)