Trend virus update freezes some PCs
Chicken Little pox
Problems with antivirus updates from Trend Micro left some users with unusable computers late last week.
The signature update, pushed out on Friday morning, incorrectly identified key Windows system files as being infected with a Trojan. The security software quarantined these important files leaving users with unstable systems. Trend later fixed the problem by issuing updated signature definition files that avoided the false positive.
For affected users that was far from the end of their worries. They were still left with the hassle of repairing Windows and (perhaps) reinstalling their security software.
Consumers were hardest hit by the glitch, which affected users of Trend Micro Internet Security, Trend Micro Internet Security Pro and Trend Micro AntiVirus. In an advisory to customers forwarded to The Register, Trend Micro said that a small number of consumers were hit by the snag and explained that the faulty update "inaccurately identified certain files as malicious and quarantined them". It admitted that this might cause system instability.
In response to queries from El Reg, prompted by reader emails, Trend Micro issued a statement:
On 5th September 2008 at 02h00 GMT, a false alarm was triggered in Trend Micro Internet Security caused by a new pattern file that had been issued. Specifically the inclusion of pattern Troj_Generic.ADV issued within Official Pattern Release (OPR) version 5.525.50 quarantined several Microsoft Windows DLLs.
In mitigation we removed the detections in question and at 12h15 GMT on 5th September, OPR 5.527.50 was released that resolved this issue. Customers who downloaded OPR 5.525.50 needed only to update to the latest OPR. All other customers who updated thereafter received the latest OPR.
Oh Lordy it's happened again
Anti-virus updates misidentifying legitimate files as suspect are a well known Achilles' Heel of anti-virus scanner software. Issues crop up periodically at roughly the same frequency Premiership football managers and club chairmen fall out.
The results can be just as ugly.
It's hard to think of a security firm that hasn't had problems in this area, and Trend is no exception. The issue gets far more messy, as in the latest Trend Micro case, when system files are incorrectly flagged up as malware.
Reg reader Antonin, based in France, explained the problem in greater depth.
"Trend Micro release a new signature file which decided that explorer.exe and several other system files had a "Troj Gen Adv" and should be quarantine. After the cleanup, a reboot was advised and after the reboot, chaos started," Antonin explained.
"Logon was OK but there was no taskbar, Trend Micro and several other application would not load automatically, Excel and Word and any other application would start but after clicking [I received] several error messages, services menu was corrupted and windows was very unstable. Restore would not work and install/uninstall would not neither," he added.
Antonin was eventually advised by Trend Micro to repair Windows before uninstall and reinstalling Trend Micro.
The net security firm is continuing to investigate the issue. "To date Trend Micro UK have received thirty-five calls to our technical support teams in relation to this issue and TrendLabs is investigating the incident further to determine root cause and remediate," said Rik Ferguson, senior security advisor at Trend Micro. ®
Sick of this
As recalling by the last post from Michael Kean, my computer's non-paged pool memory was all out too.
I am curious whether you use the same spec. of machine as mine. My computer is already upgrade to WinXP SP3 with 2G RAM.
If you can provide me more news, it would help me to decide if I really need to change an AV or not :-P
thanks a lot
A nasty trend...
I had to remove Trend Internet Security from three of my customer's PCs some months ago because a previous update made Trend eat almost all of the non-paged pool memory thereby making the PCs very unstable. Title bars are the first things to go, then not enough quota message come up and the system basically dies.
(Non-paged pool memory is a special type of memory that is relatively limited in Windows - I think around 100MB. From memory, it's memory that's not allowed to be flushed out to a hard drive.)
I got an email about this during the week, the thing was, the images and links were all spam related! I didn't click the links but after reading the 'almost legitimate' looking email and the link location (trend.rsys1.net) I did a quick search for rsys1.net and found it flagged as a spamhaven. Wonder which one of the mails came out first, Trend or the Spammers?