UPDATE: CA antivirus trashing Windows system files

I tipster just pointed me to the CA support forums where there's a lot of chatter about CA Anti-Virus misidentifying key Windows system files as malware.

I tipster just pointed me to the CA support forums where there's a lot of chatter about CA Anti-Virus misidentifying key Windows system files as malware.

Here are the kinds of messages that people are seeing:

7/8/2009 16:58:31 PM File infection: C:\WINDOWS\system32\net.exe is Win32/AMalum.ZZNPB infection. Quarantined 7/8/2009 16:58:32 PM File infection: C:\WINDOWS\system32\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined 7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\net.exe is Win32/AMalum.ZZNPB infection. Quarantined 7/8/2009 16:58:38 PM File infection: C:\windows\ServicePackFiles\i386\net.exe is Win32/AMalum.ZZNPB infection. 7/8/2009 16:58:38 PM File infection: C:\windows\SERVIC~1\i386\netsh.exe is Win32/AMalum.ZZOKH infection. Quarantined 7/8/2009 16:58:39 PM File infection: C:\windows\ServicePackFiles\i386\netsh.exe is Win32/AMalum.ZZOKH infection. 7/8/2009 16:58:42 PM File infection: C:\WINDOWS\system32\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined 7/8/2009 16:58:47 PM File infection: C:\windows\SERVIC~1\i386\reg.exe is Win32/AMalum.ZZOAF infection. Quarantined 7/8/2009 16:58:47 PM File infection: C:\windows\ServicePackFiles\i386\reg.exe is Win32/AMalum.ZZOAF infection. 7/8/2009 16:58:49 PM File infection: C:\WINDOWS\system32\verclsid.exe is Win32/AMalum.ZZNRA infection. Quarantined

The problem mainly affects Windows XP SP3, but users of other versions of Windows are also claiming to see the problem.

Following the quarantining of the files users will be faced by a dialog box warning them that system files have been changed and that it may make the system unstable.

This problems seems to have started yesterday and some users who called up tech support were told that a fix would be forthcoming. A fix was released but for some this just seemed to bring more misery. If you are affected then try updating the malware signatures and then un-quarantining the files and see if that works for you. What makes it doubly frustrating for users is that there's been no official word from CA about this issue.

If you accidentally deleted the quarantined files then the instructions here should help you put them back.

This seems like a huge blunder and it's hard to see how it wasn't caught out at the testing stage before the update was released to customers. It's also a fine example of how software that's supposed to protect you from malware can actually turn out to be very toxic to your system.

[UPDATE: CA apologizes for the blunder.]