Looks like Trend Micro, a leading supplier of Antivirus Software, has gone a step too far with their antivirus detection and decided to declare some components of the Windows Operating System as virii, resulting in the files being quarantined and subsequent system instability.
In an email Trend Micro apologises to those customers who were affected by the mistake that resulted in computers worlwide failing to boot properly or developing the dreaded BSOD (Blue Screen of Death).
Trend Micro discovered Pattern Files (5.521/5) issued on Thursday and Friday inaccurately identified certain files as malicious and quarantined them. Consequently, some users with particular system setups experienced problems with their systems stability.
[ad]
Products Affected:
This issue affects the following Trend Micro products and versions:
-
Trend Micro Internet Security
Trend Micro Internet Security Pro
Trend Micro AntiVirus
Files Affected:
-
C:\Windows\System32\nlasvc.dll
C:\Users\”User Name”\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q2OAE1HE\prototype[1].js
C:\Users\”User Name”\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OLJ5OQZS\prototype[1].js
C:\Windows\system32\wextract.exe
“Upon system restart, users experienced system errors such as BSOD and other instability.”
This latest issue with Trend Micro is yet another embarrassment for the computer security firm adding to an incident earlier in the year when the Trend Micro site itself was compromised and visitors infected with a trojan.
Those affected by the latest issue should check the Trend Micro site, Solution ID: 1038089 on how to restore their computers and how to check that their machines aren’t affected, even if no problems are yet apparent.
The email in its entirety:
Dear Trend Micro Customer,
We wanted to be proactive and advise you of an issue that a small number of users of our consumer solution, Trend Micro Internet Security experienced yesterday. This email is intended to inform you of the issue, the solution and the resources available to those who may experience a similar problem.
Trend Micro discovered Pattern Files (5.521/5) issued on Thursday and Friday inaccurately identified certain files as malicious and quarantined them. Consequently, some users with particular system setups experienced problems with their systems stability. Trend Micro immediately removed the detections in question and a Pattern File (5.527) was released to address this issue.
To assist customers still experiencing issues related to these Pattern Files, we’ve added more staff to our technical support teams and extended support hours throughout the weekend.
We’d like to apologize to those who may have been inconvenienced and would like to reassure you that we’re doing all that we can to make sure a situation like does not occur again.
Further details of the issue, solution and escalation points are described below.
Kind regards,
Anthony O’Mara
Trend MicroDescription:
Trend Micro has become aware of an issue that affects versions of Trend Micro Internet Security and Trend Micro AntiVirus where certain systems with Official Pattern File 5.521.50 or 5.525.50 detected certain operating system (OS) files as a Trojan and caused system instability issues upon restart.
Products Affected:
This issue affects the following Trend Micro products and versions:
Trend Micro Internet Security
Trend Micro Internet Security Pro
Trend Micro AntiVirus
Background:Trend Micro Official Pattern Releases 5.521.50 and 5.525.50 detected and quarantined the following files:
C:\Windows\System32\nlasvc.dll
C:\Users\”User Name”\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q2OAE1HE\prototype[1].js
C:\Users\”User Name”\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OLJ5OQZS\prototype[1].js
C:\Windows\system32\wextract.exe
Upon system restart, users experienced system errors such as BSOD and other instability.Permanent Solution:
An Official Pattern Release update (5.527.50) was released on September 5, 2008, to resolve this issue.
System Recovery:
Trend Micro has created Knowledge Base article 1038089 to provide the latest information regarding the this issue, including instructions on how to recover your system from a system restore point or last known good configuration. Please visit http://esupport.trendmicro.com for more details.
Other information:
Users who believe they may have been affected by this issue can contact their authorised Trend Micro technical support services provider in their region for further assistance.
English Chat-based technical support has been extended throughout the weekend for customers affected by this issue.
Please visit https://trendmicro.ehosts.net/netagent/TrendMicro/en-us/tmchatlogin.asp for more information.By telephone to:
Germany 0900-1-863722 or 0044 1280 826359
France 08 99 65 02 28
Italy 0044 1280 6324
Spain 0044 1280 826 312
UK and rest of Europe, Middle East, Africa 0044 1280 826329Or by email to customer_service@trendmicro.co.uk
[…] Trend Micro’s false positive for Windows – 2008 Response time is crucial in such a situation, so the best thing the vendors can do is go public and provide assistance in fixing the problem. posted by Dancho Danchev November 11, 2008 @ 9:50 am […]