Users upset after CA anti-virus detects Windows system file as virus

Users of Computer Associates anti-virus software were complaining on Thursday after the company's anti-virus software mistakenly identified a Windows XP systems file as a virus.

Some customers were concerned that the Windows Service Pack 3 and files from the commercial Cygwin application files deleted when they couldn't find them. However, CA said the files were intact but quarantined and the file extensions were modified.

CA said it learned on Wednesday that its software had detected the file "Win32/AMalum.ZZQIA" as a false positive and was urging customers to update Signature 6606 to address the situation.

The CA advisory reads:

"CA Internet Security Suite users should restore affected files from quarantine using the GUI. CA Threat Manager customers should search local hard drives for files with the extension .AVB and manually rename to their original file extension by removing the appended text on the original file name."

Through its customer support CA also is offering a tool to search for the affected files and restore them to the original extension.

In the meantime, CA customers were griping on the CA forum. "Shame on CA for not being on top of this," one customer wrote. "Sure things happen, I've seen game patches erase hard drives, stuff happens. But it's what you do after that defines the value of your company."

"This latest nonsense with a false positive detection that causes damage to the operating system is the last straw for me. I have had continuing problems with CA AntiVirus crashing during email downloads with Thunderbirds," wrote another customer. "I am changing to Sophos. So far, it works fine and no false positives. ... I guess CA has gotten too big and forgotten that customer service is an an important part of doing business."