Win32:Delf-MZG and Win32:Zbot-MKK false positive issues

Alwil Software released official statement in their Support center about the Win32:Delf-MZG false positive issue:

Win32:Delf-MZG and Win32:Zbot-MKK false positive issues

Issue

On Thursday 3.12. 2009 avast! had a bad false positive issue. At around 12:15 AM GMT we released VPS update 091203-0 which started flagging hundreds of innocent files as a 'Win32:Delf-MZG' Trojan (or, in less common cases, as 'Win32:Zbot-MKK). Among the files affected were high-profile programs produced by Adobe, Realtek, sound card drivers, various media players etc.

Solution

On Thursday 3.12. 2009 at 5:50 AM GMT, another VPS update 091203-1 was released, fixing the issue (for both 'Win32:Delf-MZG and Win32:Zbot-MKK). If you're still using the bad VPS 091203-0 we recommend to invoke a VPS update immediately. To restore false positive files from avast! Virus Chest please follow the instruction in the following article:

How to restore false positive file from Virus Chest?

Those who have not used their computers between 12:15 AM GMT and 5:50 AM GMT will most likely not be affected.

Conditions

avast! Home Edition 4.x
avast! Professional Edition 4.x

avast! Server Edition 4.x
avast! Small Business Server Edition 4.x

Operating systems:

Microsoft Windows NT 4.0 Workstation
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows 2000 Professional
Microsoft Windows XP Home / Professional / Media Center Edition
Microsoft Windows Vista Starter / Home Basic / Home Premium / Business / Enterprise / Ultimate
Microsoft Windows 7 Starter / Home Basic / Home Premium / Professional / Enterprise / Ultimate

Microsoft Windows NT 4.0 Server (Any Server Edition)
Microsoft Windows 2000 Server (Any Server Edition, incl. Small Business Server)
Microsoft Windows Server 2003 (Any Server Edition, incl. Small Business Server)

Microsoft Windows Server 2008 (Any Server Edition, incl. Small Business Server)

Source

Avast Win32:Delf-MZG false positive solution

The folks from Alwil Software pushed out a new update (version: 091203-1) that offers a fix for the issue with the false positive alarm. Currently Avast is not reporting any false positives with the latest version installed.

Manual update of iAVS is highly recommended.

To update the Avast database manually right-click on the Avast icon in your system tray and select "Updating" from the menu and then select "iAVS Update". Click it and it will update to the latest version.

Win32:Delf-MZG

If you have just updated your anti-virus program Avast and now it's detecting viruses and trojans like Win32:Delf-MZG in multiple programs -- probably you don't have to worry. This is happening to everybody who was pushed the new iAVS update for Avast.

The false positive error occurs since Win32:Delf-MZG uses the same script coding as most regular programs such as virus scanners.
In other words Avast is detecting viruses and trojans that are not really there. If you allow it to remove them or move them in the chest, it will make your applications stop working. This is the worst thing you can do because that means you will have to reinstall all of the "infected" programs afterward.

The solution is to wait for another avast! update or just disable Avast (right click on Avast in your system tray and stop it) and download another free anti-virus program until they get this straightened out.

You may try AVG or Avira Antivir. Also make sure that you turn off Avast first, because if you do not, you won't be able to download any new programs.

Important update: a new update (version: 091203-1) that offers a fix has been pushed out. Currently Avast is not reporting any false positives. Manual update of iAVS is highly recommended.

Avast false positives? Win32:Delf-M

Since the last iAVS update Avast is detecting viruses and trojans that are not really there.
The solution is to wait for another Avast! update or just disable Avast (right click on Avast in your system tray and stop it) and download another free anti-virus program until they get this straightened out.

By meantime you can read more information about Win32:Delf-M.

Windows won't boot after Avast update

My Windows installation won't boot after Avast update? What to do?

You have to go in Safe mode (to get into the Windows 2000/XP Safe mode, as the computer is booting press and hold your "F8" key. Use your arrow keys to move to "Safe Mode" and press Enter) , then start msconfig and disable auto-start of Avast.

To start msconfig click Start button and type msconfig in Run option then press Enter for next. Select Startup tab and uncheck Avast. Click on Apply then click OK. Restart your computer in normal mode for changes to take effect.

Programs detected as Win32:Delf-MZG infected

Since the last iAVS update Avast detects the following programs as infected:

• Spybot S&D
• PSPad
• Skype
• FL Studio 
• Mailwasher Pro
• Wimpy FLV
• Spysweeper
• Mamutu
• Realtek Audio Drivers
• KMplayer
• A-squared Anti-malware
• DVDfab
• Nero Photosnap
• Izarc
• Spyware Doctor
• NoteTab
• FastStone Image Viewer
• TuneUp Utilities
• Teamspeak
• Speed Fan
• Online Armor
• CDBurner XP

We hope they fix it soon.

Please comment if your Avast detects another programs as Win32:Delf-MZG infected!

Avast Win32:Delf-MZG Problem

Right now Avast servers are not accessible. It's not possible to access their forums and official blog due to high volume traffic.

The recent avast! VPS update has a serious flaw inside it, various files are being marked as "Win32:Delf-MZG (Trj)". Some of the common files being marked as this false positive include Skype and Spybot S&D.

If you have updated avast during the last 48 hours do not restart your computer!
This is caused by avast scanning the starting files, during this process it will mark a file as hazardous and will not allow you proceed without aknowledgement, being that this is happening during the time in which windows loads there is no possable way to give aknowledgement to the program therefore putting the computer at a standstill.

Possable workarounds

1. Besure to determine if your avast has been updated by finding your Spybot S&D folder and scaning the updater.

2. Asuming that it detects it as the false positive, open up msconfig and uncheck avast scripts in the services tab and the startup tab.

Avast Win32:Delf-MZG false positive discussions

Discussions on the net about the recent Avast Win32:Delf-MZG false positive problem:

• DVD Talk Forum: Avast false positives on Win32:Delf-MZG
• Yahoo Answers:  Win32:Delf-MZG TROJAN? Please help?
• Safer Networking Forums: Spybot S&D infected with Win32:Delf-MZG[trj]
• DSLReports.com: False positive in Avast! or is it real?